diff options
author | sinavir <sinavir@sinavir.fr> | 2024-02-23 22:27:24 +0100 |
---|---|---|
committer | Weijia Wang <9713184+wegank@users.noreply.github.com> | 2024-04-01 19:16:30 +0200 |
commit | 1bd3ab39c4f6af7a0f73c303873c678066d24f17 (patch) | |
tree | 14e7dbe1516d903aa0c6d172256a94730823b44b /nixos/modules/services/web-apps/castopod.nix | |
parent | 8d3698e8f307890354e4321ee4adb64c8b660993 (diff) |
nixos/castopod: use LoadCredentials
Diffstat (limited to 'nixos/modules/services/web-apps/castopod.nix')
-rw-r--r-- | nixos/modules/services/web-apps/castopod.nix | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/nixos/modules/services/web-apps/castopod.nix b/nixos/modules/services/web-apps/castopod.nix index 23206ad6c3fdb..0ccba217be4dd 100644 --- a/nixos/modules/services/web-apps/castopod.nix +++ b/nixos/modules/services/web-apps/castopod.nix @@ -67,6 +67,8 @@ in description = lib.mdDoc '' A file containing the password corresponding to [](#opt-services.castopod.database.user). + + This file is loaded using systemd LoadCredentials. ''; }; }; @@ -93,6 +95,8 @@ in Environment file to inject e.g. secrets into the configuration. See [](https://code.castopod.org/adaures/castopod/-/blob/main/.env.example) for available environment variables. + + This file is loaded using systemd LoadCredentials. ''; }; configureNginx = lib.mkOption { @@ -207,19 +211,23 @@ in echo "analytics.salt=$(cat ${cfg.dataDir}/salt)" >> ${envFile} ${if (cfg.database.passwordFile != null) then '' - echo "database.default.password=$(cat ${lib.escapeShellArg cfg.database.passwordFile})" >> ${envFile} + echo "database.default.password=$(cat "$CREDENTIALS_DIRECTORY/dbpasswordfile)" >> ${envFile} '' else '' echo "database.default.password=" >> ${envFile} ''} ${lib.optionalString (cfg.environmentFile != null) '' - cat ${lib.escapeShellArg cfg.environmentFile} >> ${envFile} + cat "$CREDENTIALS_DIRECTORY/envfile" >> ${envFile} ''} php ${cfg.package}/share/castopod/spark castopod:database-update ''; serviceConfig = { StateDirectory = "castopod"; + LoadCredential = lib.optional (cfg.environmentFile != null) + "envfile:${cfg.environmentFile}" + ++ (lib.optional (cfg.database.passwordFile != null) + "dbpasswordfile:${cfg.database.passwordFile}"); WorkingDirectory = "${cfg.package}/share/castopod"; Type = "oneshot"; RemainAfterExit = true; |