nixos/lemmy: remove `services.lemmy.jwtSecretPath`

lol

Co-authored-by: Ctem <c@ctem.me>
Co-authored-by: Brian Leung <leungbk@posteo.net>
Co-authored-by: Shahar Dawn Or <mightyiampresence@gmail.com>
Co-authored-by: Ilan Joselevich <personal@ilanjoselevich.com>

authored by

a-kenji

Ctem

Brian Leung

Shahar Dawn Or

Ilan Joselevich and committed by

Yt 3 years ago 5519e1b8 fdabbea2

+5 -22

4 changed files

expand all

nixos

modules

services

web-apps

lemmy.md

lemmy.nix

lemmy.xml

tests

lemmy.nix

-3

nixos/modules/services/web-apps/lemmy.md

··· 13 13 hostname = "lemmy.union.rocks"; 14 14 database.createLocally = true; 15 15 }; 16 - jwtSecretPath = "/run/secrets/lemmyJwt"; 17 16 caddy.enable = true; 18 17 } 19 18 ``` 20 - 21 - (note that you can use something like agenix to get your secret jwt to the specified path) 22 19 23 20 this will start the backend on port 8536 and the frontend on port 1234. 24 21 It will expose your instance with a caddy reverse proxy to the hostname you've provided.

+4 -9

nixos/modules/services/web-apps/lemmy.nix

··· 10 10 # `pandoc lemmy.md -t docbook --top-level-division=chapter --extract-media=media -f markdown+smart > lemmy.xml` 11 11 meta.doc = ./lemmy.xml; 12 12 13 + imports = [ 14 + (mkRemovedOptionModule [ "services" "lemmy" "jwtSecretPath" ] "As of v0.13.0, Lemmy auto-generates the JWT secret.") 15 + ]; 16 + 13 17 options.services.lemmy = { 14 18 15 19 enable = mkEnableOption (lib.mdDoc "lemmy a federated alternative to reddit in rust"); 16 - 17 - jwtSecretPath = mkOption { 18 - type = types.path; 19 - description = lib.mdDoc "Path to read the jwt secret from."; 20 - }; 21 20 22 21 ui = { 23 22 port = mkOption { ··· 168 167 169 168 requires = lib.optionals cfg.settings.database.createLocally [ "lemmy-postgresql.service" ]; 170 169 171 - # script is needed here since loadcredential is not accessible on ExecPreStart 172 170 script = '' 173 171 ${pkgs.coreutils}/bin/install -m 600 ${settingsFormat.generate "config.hjson" cfg.settings} /run/lemmy/config.hjson 174 - jwtSecret="$(< $CREDENTIALS_DIRECTORY/jwt_secret )" 175 - ${pkgs.jq}/bin/jq ".jwt_secret = \"$jwtSecret\"" /run/lemmy/config.hjson | ${pkgs.moreutils}/bin/sponge /run/lemmy/config.hjson 176 172 ${pkgs.lemmy-server}/bin/lemmy_server 177 173 ''; 178 174 179 175 serviceConfig = { 180 176 DynamicUser = true; 181 177 RuntimeDirectory = "lemmy"; 182 - LoadCredential = "jwt_secret:${cfg.jwtSecretPath}"; 183 178 }; 184 179 }; 185 180

+1 -6

nixos/modules/services/web-apps/lemmy.xml

··· 8 8 <para> 9 9 the minimum to start lemmy is 10 10 </para> 11 - <programlisting language="bash"> 11 + <programlisting language="nix"> 12 12 services.lemmy = { 13 13 enable = true; 14 14 settings = { 15 15 hostname = "lemmy.union.rocks"; 16 16 database.createLocally = true; 17 17 }; 18 - jwtSecretPath = "/run/secrets/lemmyJwt"; 19 18 caddy.enable = true; 20 19 } 21 20 </programlisting> 22 - <para> 23 - (note that you can use something like agenix to get your secret 24 - jwt to the specified path) 25 - </para> 26 21 <para> 27 22 this will start the backend on port 8536 and the frontend on port 28 23 1234. It will expose your instance with a caddy reverse proxy to

-4

nixos/tests/lemmy.nix

··· 14 14 "${lemmyNodeName}" = { 15 15 services.lemmy = { 16 16 enable = true; 17 - jwtSecretPath = pkgs.writeTextFile { 18 - name = "lemmy-secret"; 19 - text = "very-secret-password123"; 20 - }; 21 17 ui.port = uiPort; 22 18 settings = { 23 19 hostname = "http://${lemmyNodeName}";