From 2d38d9edc09b530b3c10328dd7c722373947fef0 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Sun, 24 Sep 2023 10:04:24 +0200 Subject: nixos/garage: Add an environmentFile option Since garage 0.8.2, garage accepts environment variables for passing secrets, e.g. `GARAGE_RPC_SECRET` or `GARAGE_ADMIN_TOKEN`. The added `environmentFile` allows those secrets to not be present in the nix store. --- nixos/modules/services/web-servers/garage.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'nixos') diff --git a/nixos/modules/services/web-servers/garage.nix b/nixos/modules/services/web-servers/garage.nix index 8b5734b5a2ce..80fb24fe2c5e 100644 --- a/nixos/modules/services/web-servers/garage.nix +++ b/nixos/modules/services/web-servers/garage.nix @@ -23,6 +23,12 @@ in example = { RUST_BACKTRACE="yes"; }; }; + environmentFile = mkOption { + type = types.nullOr types.path; + description = lib.mdDoc "File containing environment variables to be passed to the Garage server."; + default = null; + }; + logLevel = mkOption { type = types.enum (["info" "debug" "trace"]); default = "info"; @@ -80,7 +86,7 @@ in after = [ "network.target" "network-online.target" ]; wants = [ "network.target" "network-online.target" ]; wantedBy = [ "multi-user.target" ]; - restartTriggers = [ configFile ]; + restartTriggers = [ configFile ] ++ (lib.optional (cfg.environmentFile != null) cfg.environmentFile); serviceConfig = { ExecStart = "${cfg.package}/bin/garage server"; @@ -88,6 +94,7 @@ in DynamicUser = lib.mkDefault true; ProtectHome = true; NoNewPrivileges = true; + EnvironmentFile = lib.optional (cfg.environmentFile != null) cfg.environmentFile; }; environment = { RUST_LOG = lib.mkDefault "garage=${cfg.logLevel}"; -- cgit 1.4.1