diff options
author | linj <linj.dev@outlook.com> | 2022-03-15 01:10:55 +0800 |
---|---|---|
committer | Robert Schütz <github@dotlambda.de> | 2022-05-29 13:34:14 -0700 |
commit | 37792e5766ced355c8c93140a108950300b67fe1 (patch) | |
tree | e3e21cc71869bfdbf5eff5873823d9942da926c0 /nixos/tests | |
parent | be9bafbf64f2618354ce03fede23da7499ba39c4 (diff) |
nixos/dendrite: add an option loadCredential
systemd-247 provides a mechanism called LoadCredential for secrets and it is better than environment file. See the section of Environment= in the manual of systemd.exec for more information. Some options in config.yaml need values to be strings, which currently can be used with environmentFile but not loadCredential. But it's possible to use loadCredential for those options, e.g. we can substitute their values in ExecStart, but not in ExecStartPre due to [1]. [1]: https://github.com/systemd/systemd/issues/19604
Diffstat (limited to 'nixos/tests')
-rw-r--r-- | nixos/tests/dendrite.nix | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/nixos/tests/dendrite.nix b/nixos/tests/dendrite.nix index d4a5bb1322638..1ff415433b47f 100644 --- a/nixos/tests/dendrite.nix +++ b/nixos/tests/dendrite.nix @@ -17,10 +17,11 @@ import ./make-test-python.nix ( homeserver = { pkgs, ... }: { services.dendrite = { enable = true; + loadCredential = [ "test_private_key:${private_key}" ]; openRegistration = true; settings = { global.server_name = "test-dendrite-server.com"; - global.private_key = private_key; + global.private_key = "$CREDENTIALS_DIRECTORY/test_private_key"; client_api.registration_disabled = false; }; }; |