nixos/nomad: add LoadCredential option · pyrox.dev/nixpkgs@6c46078

pyrox.dev / nixpkgs

fork atom

lol

fork atom

nixos/nomad: add LoadCredential option

guangtao 3 years ago 6c46078a 3836bf02

+14 -1

1 changed file

expand all

nixos

modules

services

networking

nomad.nix

+14 -1

nixos/modules/services/networking/nomad.nix

··· 71 71 ''; 72 72 }; 73 73 74 + credentials = mkOption { 75 + description = lib.mdDoc '' 76 + Credentials envs used to configure nomad secrets. 77 + ''; 78 + type = types.attrsOf types.str; 79 + default = { }; 80 + 81 + example = { 82 + logs_remote_write_password = "/run/keys/nomad_write_password"; 83 + }; 84 + }; 74 85 75 86 settings = mkOption { 76 87 type = format.type; ··· 148 159 }; 149 160 in 150 161 "${cfg.package}/bin/nomad agent -config=/etc/nomad.json -plugin-dir=${pluginsDir}/bin" + 151 - concatMapStrings (path: " -config=${path}") cfg.extraSettingsPaths; 162 + concatMapStrings (path: " -config=${path}") cfg.extraSettingsPaths + 163 + concatMapStrings (key: " -config=\${CREDENTIALS_DIRECTORY}/${key}") (lib.attrNames cfg.credentials); 152 164 KillMode = "process"; 153 165 KillSignal = "SIGINT"; 154 166 LimitNOFILE = 65536; ··· 157 169 Restart = "on-failure"; 158 170 RestartSec = 2; 159 171 TasksMax = "infinity"; 172 + LoadCredential = lib.mapAttrsToList (key: value: "${key}:${value}") cfg.credentials; 160 173 } 161 174 (mkIf cfg.enableDocker { 162 175 SupplementaryGroups = "docker"; # space-separated string