From e199143f11db153c1b844320295f9a1e1be4ac83 Mon Sep 17 00:00:00 2001 From: Léo Gaspard Date: Wed, 25 Apr 2018 00:37:25 +0200 Subject: matterbridge module: add configPath option as a workaround, waiting for nix encryption --- nixos/modules/services/networking/matterbridge.nix | 84 ++++++++++++++-------- 1 file changed, 53 insertions(+), 31 deletions(-) (limited to 'nixos') diff --git a/nixos/modules/services/networking/matterbridge.nix b/nixos/modules/services/networking/matterbridge.nix index 5526e2ba23ac..e2f478405953 100644 --- a/nixos/modules/services/networking/matterbridge.nix +++ b/nixos/modules/services/networking/matterbridge.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: +{ options, config, pkgs, lib, ... }: with lib; @@ -6,7 +6,11 @@ let cfg = config.services.matterbridge; - matterbridgeConfToml = pkgs.writeText "matterbridge.toml" (cfg.configFile); + matterbridgeConfToml = + if cfg.configPath == null then + pkgs.writeText "matterbridge.toml" (cfg.configFile) + else + cfg.configPath; in @@ -15,17 +19,32 @@ in services.matterbridge = { enable = mkEnableOption "Matterbridge chat platform bridge"; + configPath = mkOption { + type = with types; nullOr str; + default = null; + example = "/etc/nixos/matterbridge.toml"; + description = '' + The path to the matterbridge configuration file. + ''; + }; + configFile = mkOption { type = types.str; example = '' - #WARNING: as this file contains credentials, be sure to set correct file permissions [irc] + # WARNING: as this file contains credentials, do not use this option! + # It is kept only for backwards compatibility, and would cause your + # credentials to be in the nix-store, thus with the world-readable + # permission bits. + # Use services.matterbridge.configPath instead. + + [irc] [irc.freenode] Server="irc.freenode.net:6667" Nick="matterbot" [mattermost] [mattermost.work] - #do not prefix it wit http:// or https:// + # Do not prefix it with http:// or https:// Server="yourmattermostserver.domain" Team="yourteam" Login="yourlogin" @@ -44,6 +63,10 @@ in channel="off-topic" ''; description = '' + WARNING: THIS IS INSECURE, as your password will end up in + /nix/store, thus publicly readable. Use + services.matterbridge.configPath instead. + The matterbridge configuration file in the TOML file format. ''; }; @@ -65,32 +88,31 @@ in }; }; - config = mkMerge [ - (mkIf cfg.enable { - - users.extraUsers = mkIf (cfg.user == "matterbridge") [ - { name = "matterbridge"; - group = "matterbridge"; - } ]; - - users.extraGroups = mkIf (cfg.group == "matterbridge") [ - { name = "matterbridge"; - } ]; - - systemd.services.matterbridge = { - description = "Matterbridge chat platform bridge"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - - serviceConfig = { - User = cfg.user; - Group = cfg.group; - ExecStart = "${pkgs.matterbridge.bin}/bin/matterbridge -conf ${matterbridgeConfToml}"; - Restart = "always"; - RestartSec = "10"; - }; + config = mkIf cfg.enable { + warnings = optional options.services.matterbridge.configFile.isDefined + "The option services.matterbridge.configFile is insecure and should be replaced with services.matterbridge.configPath"; + + users.extraUsers = optional (cfg.user == "matterbridge") + { name = "matterbridge"; + group = "matterbridge"; + }; + + users.extraGroups = optional (cfg.group == "matterbridge") + { name = "matterbridge"; }; - }) - ]; -} + systemd.services.matterbridge = { + description = "Matterbridge chat platform bridge"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + + serviceConfig = { + User = cfg.user; + Group = cfg.group; + ExecStart = "${pkgs.matterbridge.bin}/bin/matterbridge -conf ${matterbridgeConfToml}"; + Restart = "always"; + RestartSec = "10"; + }; + }; + }; +} -- cgit 1.4.1