diff options
| author | sternenseemann <0rpkxez4ksa01gb3typccl0i@systemli.org> | 2021-06-16 22:18:01 +0200 |
|---|---|---|
| committer | sterni <sternenseemann@systemli.org> | 2021-06-16 22:28:25 +0200 |
| commit | 1ab016c64d04e572ee2981f54b626e1ab6058b5a (patch) | |
| tree | a163ee162e078411386b1b5071a064013a02f4eb | |
| parent | 412cae8bbb05c2a8497dc7147c4bd30cd2f7b05e (diff) | |
feat(nixos): select derivations via configuration
This doesn't require the user to specify the cumbersome `_module.args`.
| -rw-r--r-- | README.adoc | 28 | ||||
| -rw-r--r-- | nixos/flipdot-gschichtler.nix | 34 |
2 files changed, 43 insertions, 19 deletions
diff --git a/README.adoc b/README.adoc index 6ce53ad..639ddd3 100644 --- a/README.adoc +++ b/README.adoc @@ -283,23 +283,21 @@ it could look like this: --------------- { pkgs, ... }: -let - flipdot-gschichtler = import /path/to/flipdot-gschichtler { - inherit pkgs; - }; - -in { +{ imports = [ /path/to/flipdot-gschichtler/nixos/flipdot-gschichtler.nix ]; - _module.args = { inherit flipdot-gschichtler; }; - services.flipdot-gschichtler = { enable = true; virtualHost = "flipdot.openlab-augsburg.de"; tokensFile = "/var/secrets/flipdot-gschichtler/tokens"; saltFile = "/var/secrets/flipdot-gschichtler/salt"; + # if you want to change the derivations to use + # packages = { + # warteraum = …; + # bahnhofshalle = …; + # }; }; services.nginx.enable = true; @@ -343,13 +341,19 @@ Changelog ** Trim whitespace on input text ** Instead of compiling in salt and tokens, read them from the files specified via the `WARTERAUM_SALT_FILE` and - `WARTERAUM_TOKENS_FILE` environment variables. In the NixOS - service this is reflected by the usage of `saltFile` and + `WARTERAUM_TOKENS_FILE` environment variables. +* NixOS module +** Reflect change to `warteraum` by using `saltFile` and `tokensFile` respectively over the previous `salt` and `tokens`. ** Fix sandboxing in `nixos/flipdot-gschichtler.nix`: Now only - the secret files and the nix store will be readable to the - `warteraum` process. + the secret files and the nix store will be readable to the + `warteraum` process. +** Allow changing `bahnhofshalle` and `warteraum` derivation + to use via `packages`. +** Don't require `flipdot-gschichtler` to be passed as module + argument, instead import directly from file system (unless + a non-default derivation is configured). 2.0.0 ~~~~~ diff --git a/nixos/flipdot-gschichtler.nix b/nixos/flipdot-gschichtler.nix index 35af0b3..bf6797e 100644 --- a/nixos/flipdot-gschichtler.nix +++ b/nixos/flipdot-gschichtler.nix @@ -1,13 +1,14 @@ -{ config, lib, pkgs, flipdot-gschichtler, ... }: +{ config, lib, pkgs, ... }: with lib; let cfg = config.services.flipdot-gschichtler; - inherit (flipdot-gschichtler) - bahnhofshalle - warteraum-static - ; + + flipdot-gschichtler = import ../. { + inherit pkgs; + }; + importClause = "(import ../. { inherit pkgs; })"; userGroupName = "warteraum"; in { @@ -15,6 +16,25 @@ in { services.flipdot-gschichtler = { enable = mkEnableOption "flipdot-gschichtler"; + packages = { + warteraum = mkOption { + type = types.package; + default = flipdot-gschichtler.warteraum; + defaultText = literalExample "${importClause}.warteraum"; + description = '' + <literal>warteraum</literal> derivation to use. + ''; + }; + bahnhofshalle = mkOption { + type = types.package; + default = flipdot-gschichtler.bahnhofshalle; + defaultText = literalExample "${importClause}.bahnhofshalle"; + description = '' + <literal>bahnhofshalle</literal> derivation to use. + ''; + }; + }; + virtualHost = mkOption { type = types.str; default = "localhost"; @@ -59,7 +79,7 @@ in { serviceConfig = { Type = "simple"; - ExecStart = "${warteraum-static}/bin/warteraum"; + ExecStart = "${cfg.packages.warteraum}/bin/warteraum"; # make only /nix/store and the salt and token file accessible TemporaryFileSystem = "/:ro"; @@ -112,7 +132,7 @@ in { services.nginx.virtualHosts."${cfg.virtualHost}" = { enableACME = true; forceSSL = true; - root = bahnhofshalle; + root = cfg.packages.bahnhofshalle; extraConfig = '' location /api { proxy_pass http://127.0.0.1:9000/api; |