dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

nixos/garage: Add an environmentFile option

Browse Source 
Since garage 0.8.2, garage accepts environment variables for passing secrets,
e.g. `GARAGE_RPC_SECRET` or `GARAGE_ADMIN_TOKEN`. The added `environmentFile`
allows those secrets to not be present in the nix store.
This commit is contained in:
Tom Hubrecht 2023-09-24 10:04:24 +02:00
parent 4d935e4864
commit 2d38d9edc0
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
nixos/modules/services/web-servers/garage.nix
View File

@ -23,6 +23,12 @@ in
example = { RUST_BACKTRACE="yes"; };
};
environmentFile = mkOption {
type = types.nullOr types.path;
description = lib.mdDoc "File containing environment variables to be passed to the Garage server.";
default = null;
};
logLevel = mkOption {
type = types.enum (["info" "debug" "trace"]);
default = "info";
@ -80,7 +86,7 @@ in
after = [ "network.target" "network-online.target" ];
wants = [ "network.target" "network-online.target" ];
wantedBy = [ "multi-user.target" ];
restartTriggers = [ configFile ];
restartTriggers = [ configFile ] ++ (lib.optional (cfg.environmentFile != null) cfg.environmentFile);
serviceConfig = {
ExecStart = "${cfg.package}/bin/garage server";
@ -88,6 +94,7 @@ in
DynamicUser = lib.mkDefault true;
ProtectHome = true;
NoNewPrivileges = true;
EnvironmentFile = lib.optional (cfg.environmentFile != null) cfg.environmentFile;
};
environment = {
RUST_LOG = lib.mkDefault "garage=${cfg.logLevel}";