diff options
author | Tom Hubrecht <tom@hubrecht.ovh> | 2023-09-24 10:04:24 +0200 |
---|---|---|
committer | Tom Hubrecht <tom@hubrecht.ovh> | 2023-09-24 14:47:05 +0200 |
commit | 2d38d9edc09b530b3c10328dd7c722373947fef0 (patch) | |
tree | 99b8463b4194e1cee390f7e8de9cff18bb9ac295 | |
parent | 4d935e48644c14fef19c38201b968b39a3fa542f (diff) | |
download | nixlib-2d38d9edc09b530b3c10328dd7c722373947fef0.tar nixlib-2d38d9edc09b530b3c10328dd7c722373947fef0.tar.gz nixlib-2d38d9edc09b530b3c10328dd7c722373947fef0.tar.bz2 nixlib-2d38d9edc09b530b3c10328dd7c722373947fef0.tar.lz nixlib-2d38d9edc09b530b3c10328dd7c722373947fef0.tar.xz nixlib-2d38d9edc09b530b3c10328dd7c722373947fef0.tar.zst nixlib-2d38d9edc09b530b3c10328dd7c722373947fef0.zip |
nixos/garage: Add an environmentFile option
Since garage 0.8.2, garage accepts environment variables for passing secrets, e.g. `GARAGE_RPC_SECRET` or `GARAGE_ADMIN_TOKEN`. The added `environmentFile` allows those secrets to not be present in the nix store.
-rw-r--r-- | nixos/modules/services/web-servers/garage.nix | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/nixos/modules/services/web-servers/garage.nix b/nixos/modules/services/web-servers/garage.nix index 8b5734b5a2ce..80fb24fe2c5e 100644 --- a/nixos/modules/services/web-servers/garage.nix +++ b/nixos/modules/services/web-servers/garage.nix @@ -23,6 +23,12 @@ in example = { RUST_BACKTRACE="yes"; }; }; + environmentFile = mkOption { + type = types.nullOr types.path; + description = lib.mdDoc "File containing environment variables to be passed to the Garage server."; + default = null; + }; + logLevel = mkOption { type = types.enum (["info" "debug" "trace"]); default = "info"; @@ -80,7 +86,7 @@ in after = [ "network.target" "network-online.target" ]; wants = [ "network.target" "network-online.target" ]; wantedBy = [ "multi-user.target" ]; - restartTriggers = [ configFile ]; + restartTriggers = [ configFile ] ++ (lib.optional (cfg.environmentFile != null) cfg.environmentFile); serviceConfig = { ExecStart = "${cfg.package}/bin/garage server"; @@ -88,6 +94,7 @@ in DynamicUser = lib.mkDefault true; ProtectHome = true; NoNewPrivileges = true; + EnvironmentFile = lib.optional (cfg.environmentFile != null) cfg.environmentFile; }; environment = { RUST_LOG = lib.mkDefault "garage=${cfg.logLevel}"; |