nixos/peertube: add secretsFile option · pyrox.dev/nixpkgs@9195f02

pyrox.dev / nixpkgs

fork atom

lol

fork atom

nixos/peertube: add secretsFile option

Izorkin 3 years ago 9195f02b 32673128

+28

2 changed files

expand all

nixos

modules

services

web-apps

peertube.nix

tests

web-apps

peertube.nix

+21

nixos/modules/services/web-apps/peertube.nix

··· 161 161 description = lib.mdDoc "Configure nginx as a reverse proxy for peertube."; 162 162 }; 163 163 164 + secrets = { 165 + secretsFile = lib.mkOption { 166 + type = lib.types.nullOr lib.types.path; 167 + default = null; 168 + example = "/run/secrets/peertube"; 169 + description = lib.mdDoc '' 170 + Secrets to run PeerTube. 171 + Generate one using `openssl rand -hex 32` 172 + ''; 173 + }; 174 + }; 175 + 164 176 database = { 165 177 createLocally = lib.mkOption { 166 178 type = lib.types.bool; ··· 280 292 <option>services.peertube.serviceEnvironmentFile</option> points to 281 293 a file in the Nix store. You should use a quoted absolute path to 282 294 prevent this. 295 + ''; 296 + } 297 + { assertion = cfg.secrets.secretsFile != null; 298 + message = '' 299 + <option>services.peertube.secrets.secretsFile</option> needs to be set. 283 300 ''; 284 301 } 285 302 { assertion = !(cfg.redis.enableUnixSocket && (cfg.redis.host != null || cfg.redis.port != null)); ··· 418 435 #!/bin/sh 419 436 umask 077 420 437 cat > /var/lib/peertube/config/local.yaml <<EOF 438 + ${lib.optionalString (cfg.secrets.secretsFile != null) '' 439 + secrets: 440 + peertube: '$(cat ${cfg.secrets.secretsFile})' 441 + ''} 421 442 ${lib.optionalString ((!cfg.database.createLocally) && (cfg.database.passwordFile != null)) '' 422 443 database: 423 444 password: '$(cat ${cfg.database.passwordFile})'

nixos/tests/web-apps/peertube.nix

··· 41 41 server = { pkgs, ... }: { 42 42 environment = { 43 43 etc = { 44 + "peertube/secrets-peertube".text = '' 45 + 063d9c60d519597acef26003d5ecc32729083965d09181ef3949200cbe5f09ee 46 + ''; 44 47 "peertube/password-posgressql-db".text = '' 45 48 0gUN0C1mgST6czvjZ8T9 46 49 ''; ··· 66 69 enable = true; 67 70 localDomain = "peertube.local"; 68 71 enableWebHttps = false; 72 + 73 + secrets = { 74 + secretsFile = "/etc/peertube/secrets-peertube"; 75 + }; 69 76 70 77 database = { 71 78 host = "192.168.2.10";