nixos/dendrite: add an option loadCredential

systemd-247 provides a mechanism called LoadCredential for secrets and it is better than environment file. See the section of Environment= in the manual of systemd.exec for more information. Some options in config.yaml need values to be strings, which currently can be used with environmentFile but not loadCredential. But it's possible to use loadCredential for those options, e.g. we can substitute their values in ExecStart, but not in ExecStartPre due to [1]. [1]: https://github.com/systemd/systemd/issues/19604
author: linj <linj.dev@outlook.com> 2022-03-15 01:10:55 +0800
committer: Robert Schütz <github@dotlambda.de> 2022-05-29 13:34:14 -0700
commit: 37792e5766ced355c8c93140a108950300b67fe1 (patch)
tree: e3e21cc71869bfdbf5eff5873823d9942da926c0 /nixos/tests
parent: be9bafbf64f2618354ce03fede23da7499ba39c4 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/nixos/tests/dendrite.nix b/nixos/tests/dendrite.nix
index d4a5bb1322638..1ff415433b47f 100644
--- a/nixos/tests/dendrite.nix
+++ b/nixos/tests/dendrite.nix
@@ -17,10 +17,11 @@ import ./make-test-python.nix (
           homeserver = { pkgs, ... }: {
             services.dendrite = {
               enable = true;
+              loadCredential = [ "test_private_key:${private_key}" ];
               openRegistration = true;
               settings = {
                 global.server_name = "test-dendrite-server.com";
-                global.private_key = private_key;
+                global.private_key = "$CREDENTIALS_DIRECTORY/test_private_key";
                 client_api.registration_disabled = false;
               };
             };
author	linj <linj.dev@outlook.com>	2022-03-15 01:10:55 +0800
committer	Robert Schütz <github@dotlambda.de>	2022-05-29 13:34:14 -0700
commit	37792e5766ced355c8c93140a108950300b67fe1 (patch)
tree	e3e21cc71869bfdbf5eff5873823d9942da926c0 /nixos/tests
parent	be9bafbf64f2618354ce03fede23da7499ba39c4 (diff)