mattermost: add environmentFile option to allow declarative secrets
This adds an option `services.mattermost.environmentFile`, intended to be useful especially when `services.mattermost.mutableConfig` is set to `false`. Since all mattermost configuration options can also be set by environment variables, this allows managing secret configuration values in a declarative manner without placing them in the nix store.
This commit is contained in:
parent
a983cc62cc
commit
c29ca6704d
2 changed files with 33 additions and 0 deletions
|
@ -184,6 +184,22 @@ in
|
|||
.tar.gz files.
|
||||
'';
|
||||
};
|
||||
environmentFile = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
description = lib.mdDoc ''
|
||||
Environment file (see {manpage}`systemd.exec(5)`
|
||||
"EnvironmentFile=" section for the syntax) which sets config options
|
||||
for mattermost (see [the mattermost documentation](https://docs.mattermost.com/configure/configuration-settings.html#environment-variables)).
|
||||
|
||||
Settings defined in the environment file will overwrite settings
|
||||
set via nix or via the {option}`services.mattermost.extraConfig`
|
||||
option.
|
||||
|
||||
Useful for setting config options without their value ending up in the
|
||||
(world-readable) nix store, e.g. for a database password.
|
||||
'';
|
||||
};
|
||||
|
||||
localDatabaseCreate = mkOption {
|
||||
type = types.bool;
|
||||
|
@ -321,6 +337,7 @@ in
|
|||
Restart = "always";
|
||||
RestartSec = "10";
|
||||
LimitNOFILE = "49152";
|
||||
EnvironmentFile = cfg.environmentFile;
|
||||
};
|
||||
unitConfig.JoinsNamespaceOf = mkIf cfg.localDatabaseCreate "postgresql.service";
|
||||
};
|
||||
|
|
|
@ -50,6 +50,13 @@ in
|
|||
mutableConfig = false;
|
||||
extraConfig.SupportSettings.HelpLink = "https://search.nixos.org";
|
||||
};
|
||||
environmentFile = makeMattermost {
|
||||
mutableConfig = false;
|
||||
extraConfig.SupportSettings.AboutLink = "https://example.org";
|
||||
environmentFile = pkgs.writeText "mattermost-env" ''
|
||||
MM_SUPPORTSETTINGS_ABOUTLINK=https://nixos.org
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
testScript = let
|
||||
|
@ -69,6 +76,7 @@ in
|
|||
rm -f $mattermostConfig
|
||||
echo "$newConfig" > "$mattermostConfig"
|
||||
'';
|
||||
|
||||
in
|
||||
''
|
||||
start_all()
|
||||
|
@ -120,5 +128,13 @@ in
|
|||
|
||||
# Our edits should be ignored on restart
|
||||
immutable.succeed("${expectConfig ''.AboutLink == "https://nixos.org" and .HelpLink == "https://search.nixos.org"''}")
|
||||
|
||||
|
||||
## Environment File node tests ##
|
||||
environmentFile.wait_for_unit("mattermost.service")
|
||||
environmentFile.wait_for_open_port(8065)
|
||||
|
||||
# Settings in the environment file should override settings set otherwise
|
||||
environmentFile.succeed("${expectConfig ''.AboutLink == "https://nixos.org"''}")
|
||||
'';
|
||||
})
|
||||
|
|
Loading…
Reference in a new issue