nixos/matrix-synapse: Add module parameter extraConfigFiles (#33276)

This allows to configure additional configuration files for Synapse. This way secrets can be kept in a secure place on the file system without a need to go through the Nix store.
author: Johannes Bornhold <johannes.bornhold@gmail.com> 2018-01-07 21:13:48 +0100
committer: Joachim F <joachifm@users.noreply.github.com> 2018-01-07 20:13:48 +0000
commit: a88b4d4db1d6ca57235d18b60a4d802b46a2f8e7 (patch)
tree: 8516ddaf5f354501a620230769a7345595c6a1cc /nixos/modules
parent: 3d8e5fe74c81a34cc09d492ea33f0e347f84ad96 (diff)
download: nixlib-a88b4d4db1d6ca57235d18b60a4d802b46a2f8e7.tar
nixlib-a88b4d4db1d6ca57235d18b60a4d802b46a2f8e7.tar.gz
nixlib-a88b4d4db1d6ca57235d18b60a4d802b46a2f8e7.tar.bz2
nixlib-a88b4d4db1d6ca57235d18b60a4d802b46a2f8e7.tar.lz
nixlib-a88b4d4db1d6ca57235d18b60a4d802b46a2f8e7.tar.xz
nixlib-a88b4d4db1d6ca57235d18b60a4d802b46a2f8e7.tar.zst
nixlib-a88b4d4db1d6ca57235d18b60a4d802b46a2f8e7.zip
1 files changed, 17 insertions, 1 deletions
diff --git a/nixos/modules/services/misc/matrix-synapse.nix b/nixos/modules/services/misc/matrix-synapse.nix
index 11463cf4500a..80979547d339 100644
--- a/nixos/modules/services/misc/matrix-synapse.nix
+++ b/nixos/modules/services/misc/matrix-synapse.nix
@@ -578,6 +578,18 @@ in {
           Extra config options for matrix-synapse.
         '';
       };
+      extraConfigFiles = mkOption {
+        type = types.listOf types.path;
+        default = [];
+        description = ''
+          Extra config files to include.
+
+          The configuration files will be included based on the command line
+          argument --config-path. This allows to configure secrets without
+          having to go through the Nix store, e.g. based on deployment keys if
+          NixOPS is in use.
+        '';
+      };
       logConfig = mkOption {
         type = types.lines;
         default = readFile ./matrix-synapse-log_config.yaml;
@@ -627,7 +639,11 @@ in {
         Group = "matrix-synapse";
         WorkingDirectory = cfg.dataDir;
         PermissionsStartOnly = true;
-        ExecStart = "${cfg.package}/bin/homeserver --config-path ${configFile} --keys-directory ${cfg.dataDir}";
+        ExecStart = ''
+          ${cfg.package}/bin/homeserver \
+            ${ concatMapStringsSep "\n  " (x: "--config-path ${x} \\") ([ configFile ] ++ cfg.extraConfigFiles) }
+            --keys-directory ${cfg.dataDir}
+        '';
         Restart = "on-failure";
       };
     };
author	Johannes Bornhold <johannes.bornhold@gmail.com>	2018-01-07 21:13:48 +0100
committer	Joachim F <joachifm@users.noreply.github.com>	2018-01-07 20:13:48 +0000
commit	a88b4d4db1d6ca57235d18b60a4d802b46a2f8e7 (patch)
tree	8516ddaf5f354501a620230769a7345595c6a1cc /nixos/modules
parent	3d8e5fe74c81a34cc09d492ea33f0e347f84ad96 (diff)
download	nixlib-a88b4d4db1d6ca57235d18b60a4d802b46a2f8e7.tar nixlib-a88b4d4db1d6ca57235d18b60a4d802b46a2f8e7.tar.gz nixlib-a88b4d4db1d6ca57235d18b60a4d802b46a2f8e7.tar.bz2 nixlib-a88b4d4db1d6ca57235d18b60a4d802b46a2f8e7.tar.lz nixlib-a88b4d4db1d6ca57235d18b60a4d802b46a2f8e7.tar.xz nixlib-a88b4d4db1d6ca57235d18b60a4d802b46a2f8e7.tar.zst nixlib-a88b4d4db1d6ca57235d18b60a4d802b46a2f8e7.zip