nixos/lemmy: remove services.lemmy.jwtSecretPath
Co-authored-by: Ctem <c@ctem.me> Co-authored-by: Brian Leung <leungbk@posteo.net> Co-authored-by: Shahar Dawn Or <mightyiampresence@gmail.com> Co-authored-by: Ilan Joselevich <personal@ilanjoselevich.com>
This commit is contained in:
parent
fdabbea239
commit
5519e1b89b
@ -13,13 +13,10 @@ services.lemmy = {
|
|||||||
hostname = "lemmy.union.rocks";
|
hostname = "lemmy.union.rocks";
|
||||||
database.createLocally = true;
|
database.createLocally = true;
|
||||||
};
|
};
|
||||||
jwtSecretPath = "/run/secrets/lemmyJwt";
|
|
||||||
caddy.enable = true;
|
caddy.enable = true;
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
(note that you can use something like agenix to get your secret jwt to the specified path)
|
|
||||||
|
|
||||||
this will start the backend on port 8536 and the frontend on port 1234.
|
this will start the backend on port 8536 and the frontend on port 1234.
|
||||||
It will expose your instance with a caddy reverse proxy to the hostname you've provided.
|
It will expose your instance with a caddy reverse proxy to the hostname you've provided.
|
||||||
Postgres will be initialized on that same instance automatically.
|
Postgres will be initialized on that same instance automatically.
|
||||||
|
@ -10,15 +10,14 @@ in
|
|||||||
# `pandoc lemmy.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart > lemmy.xml`
|
# `pandoc lemmy.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart > lemmy.xml`
|
||||||
meta.doc = ./lemmy.xml;
|
meta.doc = ./lemmy.xml;
|
||||||
|
|
||||||
|
imports = [
|
||||||
|
(mkRemovedOptionModule [ "services" "lemmy" "jwtSecretPath" ] "As of v0.13.0, Lemmy auto-generates the JWT secret.")
|
||||||
|
];
|
||||||
|
|
||||||
options.services.lemmy = {
|
options.services.lemmy = {
|
||||||
|
|
||||||
enable = mkEnableOption (lib.mdDoc "lemmy a federated alternative to reddit in rust");
|
enable = mkEnableOption (lib.mdDoc "lemmy a federated alternative to reddit in rust");
|
||||||
|
|
||||||
jwtSecretPath = mkOption {
|
|
||||||
type = types.path;
|
|
||||||
description = lib.mdDoc "Path to read the jwt secret from.";
|
|
||||||
};
|
|
||||||
|
|
||||||
ui = {
|
ui = {
|
||||||
port = mkOption {
|
port = mkOption {
|
||||||
type = types.port;
|
type = types.port;
|
||||||
@ -168,18 +167,14 @@ in
|
|||||||
|
|
||||||
requires = lib.optionals cfg.settings.database.createLocally [ "lemmy-postgresql.service" ];
|
requires = lib.optionals cfg.settings.database.createLocally [ "lemmy-postgresql.service" ];
|
||||||
|
|
||||||
# script is needed here since loadcredential is not accessible on ExecPreStart
|
|
||||||
script = ''
|
script = ''
|
||||||
${pkgs.coreutils}/bin/install -m 600 ${settingsFormat.generate "config.hjson" cfg.settings} /run/lemmy/config.hjson
|
${pkgs.coreutils}/bin/install -m 600 ${settingsFormat.generate "config.hjson" cfg.settings} /run/lemmy/config.hjson
|
||||||
jwtSecret="$(< $CREDENTIALS_DIRECTORY/jwt_secret )"
|
|
||||||
${pkgs.jq}/bin/jq ".jwt_secret = \"$jwtSecret\"" /run/lemmy/config.hjson | ${pkgs.moreutils}/bin/sponge /run/lemmy/config.hjson
|
|
||||||
${pkgs.lemmy-server}/bin/lemmy_server
|
${pkgs.lemmy-server}/bin/lemmy_server
|
||||||
'';
|
'';
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
DynamicUser = true;
|
DynamicUser = true;
|
||||||
RuntimeDirectory = "lemmy";
|
RuntimeDirectory = "lemmy";
|
||||||
LoadCredential = "jwt_secret:${cfg.jwtSecretPath}";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -8,21 +8,16 @@
|
|||||||
<para>
|
<para>
|
||||||
the minimum to start lemmy is
|
the minimum to start lemmy is
|
||||||
</para>
|
</para>
|
||||||
<programlisting language="bash">
|
<programlisting language="nix">
|
||||||
services.lemmy = {
|
services.lemmy = {
|
||||||
enable = true;
|
enable = true;
|
||||||
settings = {
|
settings = {
|
||||||
hostname = "lemmy.union.rocks";
|
hostname = "lemmy.union.rocks";
|
||||||
database.createLocally = true;
|
database.createLocally = true;
|
||||||
};
|
};
|
||||||
jwtSecretPath = "/run/secrets/lemmyJwt";
|
|
||||||
caddy.enable = true;
|
caddy.enable = true;
|
||||||
}
|
}
|
||||||
</programlisting>
|
</programlisting>
|
||||||
<para>
|
|
||||||
(note that you can use something like agenix to get your secret
|
|
||||||
jwt to the specified path)
|
|
||||||
</para>
|
|
||||||
<para>
|
<para>
|
||||||
this will start the backend on port 8536 and the frontend on port
|
this will start the backend on port 8536 and the frontend on port
|
||||||
1234. It will expose your instance with a caddy reverse proxy to
|
1234. It will expose your instance with a caddy reverse proxy to
|
||||||
|
@ -14,10 +14,6 @@ in
|
|||||||
"${lemmyNodeName}" = {
|
"${lemmyNodeName}" = {
|
||||||
services.lemmy = {
|
services.lemmy = {
|
||||||
enable = true;
|
enable = true;
|
||||||
jwtSecretPath = pkgs.writeTextFile {
|
|
||||||
name = "lemmy-secret";
|
|
||||||
text = "very-secret-password123";
|
|
||||||
};
|
|
||||||
ui.port = uiPort;
|
ui.port = uiPort;
|
||||||
settings = {
|
settings = {
|
||||||
hostname = "http://${lemmyNodeName}";
|
hostname = "http://${lemmyNodeName}";
|
||||||
|
Loading…
Reference in New Issue
Block a user