From 5519e1b89bf02443b056fac9acf5f6d607bb622f Mon Sep 17 00:00:00 2001 From: a-kenji Date: Mon, 12 Sep 2022 10:34:55 +0200 Subject: [PATCH] nixos/lemmy: remove `services.lemmy.jwtSecretPath` Co-authored-by: Ctem Co-authored-by: Brian Leung Co-authored-by: Shahar Dawn Or Co-authored-by: Ilan Joselevich --- nixos/modules/services/web-apps/lemmy.md | 3 --- nixos/modules/services/web-apps/lemmy.nix | 13 ++++--------- nixos/modules/services/web-apps/lemmy.xml | 7 +------ nixos/tests/lemmy.nix | 4 ---- 4 files changed, 5 insertions(+), 22 deletions(-) diff --git a/nixos/modules/services/web-apps/lemmy.md b/nixos/modules/services/web-apps/lemmy.md index e6599cd843e3..faafe096d138 100644 --- a/nixos/modules/services/web-apps/lemmy.md +++ b/nixos/modules/services/web-apps/lemmy.md @@ -13,13 +13,10 @@ services.lemmy = { hostname = "lemmy.union.rocks"; database.createLocally = true; }; - jwtSecretPath = "/run/secrets/lemmyJwt"; caddy.enable = true; } ``` -(note that you can use something like agenix to get your secret jwt to the specified path) - this will start the backend on port 8536 and the frontend on port 1234. It will expose your instance with a caddy reverse proxy to the hostname you've provided. Postgres will be initialized on that same instance automatically. diff --git a/nixos/modules/services/web-apps/lemmy.nix b/nixos/modules/services/web-apps/lemmy.nix index 1f2168b2a4c6..1945c8291433 100644 --- a/nixos/modules/services/web-apps/lemmy.nix +++ b/nixos/modules/services/web-apps/lemmy.nix @@ -10,15 +10,14 @@ in # `pandoc lemmy.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart > lemmy.xml` meta.doc = ./lemmy.xml; + imports = [ + (mkRemovedOptionModule [ "services" "lemmy" "jwtSecretPath" ] "As of v0.13.0, Lemmy auto-generates the JWT secret.") + ]; + options.services.lemmy = { enable = mkEnableOption (lib.mdDoc "lemmy a federated alternative to reddit in rust"); - jwtSecretPath = mkOption { - type = types.path; - description = lib.mdDoc "Path to read the jwt secret from."; - }; - ui = { port = mkOption { type = types.port; @@ -168,18 +167,14 @@ in requires = lib.optionals cfg.settings.database.createLocally [ "lemmy-postgresql.service" ]; - # script is needed here since loadcredential is not accessible on ExecPreStart script = '' ${pkgs.coreutils}/bin/install -m 600 ${settingsFormat.generate "config.hjson" cfg.settings} /run/lemmy/config.hjson - jwtSecret="$(< $CREDENTIALS_DIRECTORY/jwt_secret )" - ${pkgs.jq}/bin/jq ".jwt_secret = \"$jwtSecret\"" /run/lemmy/config.hjson | ${pkgs.moreutils}/bin/sponge /run/lemmy/config.hjson ${pkgs.lemmy-server}/bin/lemmy_server ''; serviceConfig = { DynamicUser = true; RuntimeDirectory = "lemmy"; - LoadCredential = "jwt_secret:${cfg.jwtSecretPath}"; }; }; diff --git a/nixos/modules/services/web-apps/lemmy.xml b/nixos/modules/services/web-apps/lemmy.xml index 0be9fb8aefa9..f04316b3c515 100644 --- a/nixos/modules/services/web-apps/lemmy.xml +++ b/nixos/modules/services/web-apps/lemmy.xml @@ -8,21 +8,16 @@ the minimum to start lemmy is - + services.lemmy = { enable = true; settings = { hostname = "lemmy.union.rocks"; database.createLocally = true; }; - jwtSecretPath = "/run/secrets/lemmyJwt"; caddy.enable = true; } - - (note that you can use something like agenix to get your secret - jwt to the specified path) - this will start the backend on port 8536 and the frontend on port 1234. It will expose your instance with a caddy reverse proxy to diff --git a/nixos/tests/lemmy.nix b/nixos/tests/lemmy.nix index 543bd2ce57a5..a317b4cf15ba 100644 --- a/nixos/tests/lemmy.nix +++ b/nixos/tests/lemmy.nix @@ -14,10 +14,6 @@ in "${lemmyNodeName}" = { services.lemmy = { enable = true; - jwtSecretPath = pkgs.writeTextFile { - name = "lemmy-secret"; - text = "very-secret-password123"; - }; ui.port = uiPort; settings = { hostname = "http://${lemmyNodeName}";