From a88b4d4db1d6ca57235d18b60a4d802b46a2f8e7 Mon Sep 17 00:00:00 2001 From: Johannes Bornhold Date: Sun, 7 Jan 2018 21:13:48 +0100 Subject: nixos/matrix-synapse: Add module parameter extraConfigFiles (#33276) This allows to configure additional configuration files for Synapse. This way secrets can be kept in a secure place on the file system without a need to go through the Nix store. --- nixos/modules/services/misc/matrix-synapse.nix | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) (limited to 'nixos/modules') diff --git a/nixos/modules/services/misc/matrix-synapse.nix b/nixos/modules/services/misc/matrix-synapse.nix index 11463cf4500a..80979547d339 100644 --- a/nixos/modules/services/misc/matrix-synapse.nix +++ b/nixos/modules/services/misc/matrix-synapse.nix @@ -578,6 +578,18 @@ in { Extra config options for matrix-synapse. ''; }; + extraConfigFiles = mkOption { + type = types.listOf types.path; + default = []; + description = '' + Extra config files to include. + + The configuration files will be included based on the command line + argument --config-path. This allows to configure secrets without + having to go through the Nix store, e.g. based on deployment keys if + NixOPS is in use. + ''; + }; logConfig = mkOption { type = types.lines; default = readFile ./matrix-synapse-log_config.yaml; @@ -627,7 +639,11 @@ in { Group = "matrix-synapse"; WorkingDirectory = cfg.dataDir; PermissionsStartOnly = true; - ExecStart = "${cfg.package}/bin/homeserver --config-path ${configFile} --keys-directory ${cfg.dataDir}"; + ExecStart = '' + ${cfg.package}/bin/homeserver \ + ${ concatMapStringsSep "\n " (x: "--config-path ${x} \\") ([ configFile ] ++ cfg.extraConfigFiles) } + --keys-directory ${cfg.dataDir} + ''; Restart = "on-failure"; }; }; -- cgit 1.4.1