diff options
author | Nick Cao <nickcao@nichi.co> | 2023-01-22 08:27:44 +0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-01-22 08:27:44 +0800 |
commit | c2de9858448a32d9cdb1157a9938c9f210496b3b (patch) | |
tree | 6baf1e67e3c65a673529fd9e2fd0b12c9322275c /nixos | |
parent | a9d9ac9827026bfac442b1021c73421e8be9bf8a (diff) | |
parent | 6c46078aadb97028534ce53db10667a5388c98cf (diff) |
Merge pull request #211559 from GTrunSec/nomad-credential
nixos/nomad: add LoadCredential option
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/networking/nomad.nix | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/nixos/modules/services/networking/nomad.nix b/nixos/modules/services/networking/nomad.nix index c6f0624c8ceb0..b1e51195247a5 100644 --- a/nixos/modules/services/networking/nomad.nix +++ b/nixos/modules/services/networking/nomad.nix @@ -71,6 +71,17 @@ in ''; }; + credentials = mkOption { + description = lib.mdDoc '' + Credentials envs used to configure nomad secrets. + ''; + type = types.attrsOf types.str; + default = { }; + + example = { + logs_remote_write_password = "/run/keys/nomad_write_password"; + }; + }; settings = mkOption { type = format.type; @@ -148,7 +159,8 @@ in }; in "${cfg.package}/bin/nomad agent -config=/etc/nomad.json -plugin-dir=${pluginsDir}/bin" + - concatMapStrings (path: " -config=${path}") cfg.extraSettingsPaths; + concatMapStrings (path: " -config=${path}") cfg.extraSettingsPaths + + concatMapStrings (key: " -config=\${CREDENTIALS_DIRECTORY}/${key}") (lib.attrNames cfg.credentials); KillMode = "process"; KillSignal = "SIGINT"; LimitNOFILE = 65536; @@ -157,6 +169,7 @@ in Restart = "on-failure"; RestartSec = 2; TasksMax = "infinity"; + LoadCredential = lib.mapAttrsToList (key: value: "${key}:${value}") cfg.credentials; } (mkIf cfg.enableDocker { SupplementaryGroups = "docker"; # space-separated string |