commit 1e32d28824ccdaf171f8044478bbb5ad8f042aaa

pyrox.dev / nixpkgs

lol

nixos/dendrite: always substitute environment variables in config

Before this patch, services.dendrite.environmentFile is used for
secrets and environment variable substitution only happens when this
option is used.

systemd-247 provides a mechanism called LoadCredential for secrets and
it is better than environment file. See the section of Environment=
in the manual of systemd.exec for more information.

This patch always substitute environment variables, which enables the
usage of systemd LoadCredential.

authored by

linj and committed by

helbling.dev 3 years ago 1e32d288 31747079

+5 -8

1 changed file

expand all

unified split

nixos

modules

services

misc

dendrite.nix

+5 -8

nixos/modules/services/misc/dendrite.nix

··· 248 RuntimeDirectory = "dendrite"; 249 RuntimeDirectoryMode = "0700"; 250 EnvironmentFile = lib.mkIf (cfg.environmentFile != null) cfg.environmentFile; 251 - ExecStartPre = 252 - if (cfg.environmentFile != null) then '' 253 - ${pkgs.envsubst}/bin/envsubst \ 254 - -i ${configurationYaml} \ 255 - -o /run/dendrite/dendrite.yaml 256 - '' else '' 257 - ${pkgs.coreutils}/bin/cp ${configurationYaml} /run/dendrite/dendrite.yaml 258 - ''; 259 ExecStart = lib.strings.concatStringsSep " " ([ 260 "${pkgs.dendrite}/bin/dendrite-monolith-server" 261 "--config /run/dendrite/dendrite.yaml"

··· 248 RuntimeDirectory = "dendrite"; 249 RuntimeDirectoryMode = "0700"; 250 EnvironmentFile = lib.mkIf (cfg.environmentFile != null) cfg.environmentFile; 251 + ExecStartPre = '' 252 + ${pkgs.envsubst}/bin/envsubst \ 253 + -i ${configurationYaml} \ 254 + -o /run/dendrite/dendrite.yaml 255 + ''; 256 ExecStart = lib.strings.concatStringsSep " " ([ 257 "${pkgs.dendrite}/bin/dendrite-monolith-server" 258 "--config /run/dendrite/dendrite.yaml"