matterbridge module: add configPath option as a workaround, waiting for nix encryption

This commit is contained in:
Léo Gaspard 2018-04-25 00:37:25 +02:00
parent 6c064e6b1f
commit e199143f11
No known key found for this signature in database
GPG key ID: 8A55848B6090F9CF

View file

@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }:
{ options, config, pkgs, lib, ... }:
with lib;
@ -6,7 +6,11 @@ let
cfg = config.services.matterbridge;
matterbridgeConfToml = pkgs.writeText "matterbridge.toml" (cfg.configFile);
matterbridgeConfToml =
if cfg.configPath == null then
pkgs.writeText "matterbridge.toml" (cfg.configFile)
else
cfg.configPath;
in
@ -15,17 +19,32 @@ in
services.matterbridge = {
enable = mkEnableOption "Matterbridge chat platform bridge";
configPath = mkOption {
type = with types; nullOr str;
default = null;
example = "/etc/nixos/matterbridge.toml";
description = ''
The path to the matterbridge configuration file.
'';
};
configFile = mkOption {
type = types.str;
example = ''
#WARNING: as this file contains credentials, be sure to set correct file permissions [irc]
# WARNING: as this file contains credentials, do not use this option!
# It is kept only for backwards compatibility, and would cause your
# credentials to be in the nix-store, thus with the world-readable
# permission bits.
# Use services.matterbridge.configPath instead.
[irc]
[irc.freenode]
Server="irc.freenode.net:6667"
Nick="matterbot"
[mattermost]
[mattermost.work]
#do not prefix it wit http:// or https://
# Do not prefix it with http:// or https://
Server="yourmattermostserver.domain"
Team="yourteam"
Login="yourlogin"
@ -44,6 +63,10 @@ in
channel="off-topic"
'';
description = ''
WARNING: THIS IS INSECURE, as your password will end up in
<filename>/nix/store</filename>, thus publicly readable. Use
<literal>services.matterbridge.configPath</literal> instead.
The matterbridge configuration file in the TOML file format.
'';
};
@ -65,32 +88,31 @@ in
};
};
config = mkMerge [
(mkIf cfg.enable {
config = mkIf cfg.enable {
warnings = optional options.services.matterbridge.configFile.isDefined
"The option services.matterbridge.configFile is insecure and should be replaced with services.matterbridge.configPath";
users.extraUsers = mkIf (cfg.user == "matterbridge") [
{ name = "matterbridge";
group = "matterbridge";
} ];
users.extraGroups = mkIf (cfg.group == "matterbridge") [
{ name = "matterbridge";
} ];
systemd.services.matterbridge = {
description = "Matterbridge chat platform bridge";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
User = cfg.user;
Group = cfg.group;
ExecStart = "${pkgs.matterbridge.bin}/bin/matterbridge -conf ${matterbridgeConfToml}";
Restart = "always";
RestartSec = "10";
};
users.extraUsers = optional (cfg.user == "matterbridge")
{ name = "matterbridge";
group = "matterbridge";
};
})
];
}
users.extraGroups = optional (cfg.group == "matterbridge")
{ name = "matterbridge";
};
systemd.services.matterbridge = {
description = "Matterbridge chat platform bridge";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
User = cfg.user;
Group = cfg.group;
ExecStart = "${pkgs.matterbridge.bin}/bin/matterbridge -conf ${matterbridgeConfToml}";
Restart = "always";
RestartSec = "10";
};
};
};
}