mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-09-29 15:43:00 +00:00
mattermost: add environmentFile option to allow declarative secrets
This adds an option `services.mattermost.environmentFile`, intended to be useful especially when `services.mattermost.mutableConfig` is set to `false`. Since all mattermost configuration options can also be set by environment variables, this allows managing secret configuration values in a declarative manner without placing them in the nix store.
This commit is contained in:
parent
a983cc62cc
commit
c29ca6704d
@ -184,6 +184,22 @@ in
|
|||||||
.tar.gz files.
|
.tar.gz files.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
environmentFile = mkOption {
|
||||||
|
type = types.nullOr types.path;
|
||||||
|
default = null;
|
||||||
|
description = lib.mdDoc ''
|
||||||
|
Environment file (see {manpage}`systemd.exec(5)`
|
||||||
|
"EnvironmentFile=" section for the syntax) which sets config options
|
||||||
|
for mattermost (see [the mattermost documentation](https://docs.mattermost.com/configure/configuration-settings.html#environment-variables)).
|
||||||
|
|
||||||
|
Settings defined in the environment file will overwrite settings
|
||||||
|
set via nix or via the {option}`services.mattermost.extraConfig`
|
||||||
|
option.
|
||||||
|
|
||||||
|
Useful for setting config options without their value ending up in the
|
||||||
|
(world-readable) nix store, e.g. for a database password.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
localDatabaseCreate = mkOption {
|
localDatabaseCreate = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
@ -321,6 +337,7 @@ in
|
|||||||
Restart = "always";
|
Restart = "always";
|
||||||
RestartSec = "10";
|
RestartSec = "10";
|
||||||
LimitNOFILE = "49152";
|
LimitNOFILE = "49152";
|
||||||
|
EnvironmentFile = cfg.environmentFile;
|
||||||
};
|
};
|
||||||
unitConfig.JoinsNamespaceOf = mkIf cfg.localDatabaseCreate "postgresql.service";
|
unitConfig.JoinsNamespaceOf = mkIf cfg.localDatabaseCreate "postgresql.service";
|
||||||
};
|
};
|
||||||
|
@ -50,6 +50,13 @@ in
|
|||||||
mutableConfig = false;
|
mutableConfig = false;
|
||||||
extraConfig.SupportSettings.HelpLink = "https://search.nixos.org";
|
extraConfig.SupportSettings.HelpLink = "https://search.nixos.org";
|
||||||
};
|
};
|
||||||
|
environmentFile = makeMattermost {
|
||||||
|
mutableConfig = false;
|
||||||
|
extraConfig.SupportSettings.AboutLink = "https://example.org";
|
||||||
|
environmentFile = pkgs.writeText "mattermost-env" ''
|
||||||
|
MM_SUPPORTSETTINGS_ABOUTLINK=https://nixos.org
|
||||||
|
'';
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
testScript = let
|
testScript = let
|
||||||
@ -69,6 +76,7 @@ in
|
|||||||
rm -f $mattermostConfig
|
rm -f $mattermostConfig
|
||||||
echo "$newConfig" > "$mattermostConfig"
|
echo "$newConfig" > "$mattermostConfig"
|
||||||
'';
|
'';
|
||||||
|
|
||||||
in
|
in
|
||||||
''
|
''
|
||||||
start_all()
|
start_all()
|
||||||
@ -120,5 +128,13 @@ in
|
|||||||
|
|
||||||
# Our edits should be ignored on restart
|
# Our edits should be ignored on restart
|
||||||
immutable.succeed("${expectConfig ''.AboutLink == "https://nixos.org" and .HelpLink == "https://search.nixos.org"''}")
|
immutable.succeed("${expectConfig ''.AboutLink == "https://nixos.org" and .HelpLink == "https://search.nixos.org"''}")
|
||||||
|
|
||||||
|
|
||||||
|
## Environment File node tests ##
|
||||||
|
environmentFile.wait_for_unit("mattermost.service")
|
||||||
|
environmentFile.wait_for_open_port(8065)
|
||||||
|
|
||||||
|
# Settings in the environment file should override settings set otherwise
|
||||||
|
environmentFile.succeed("${expectConfig ''.AboutLink == "https://nixos.org"''}")
|
||||||
'';
|
'';
|
||||||
})
|
})
|
||||||
|
Loading…
Reference in New Issue
Block a user