diff options
author | Johannes Bornhold <johannes.bornhold@gmail.com> | 2018-01-07 21:13:48 +0100 |
---|---|---|
committer | Joachim F <joachifm@users.noreply.github.com> | 2018-01-07 20:13:48 +0000 |
commit | a88b4d4db1d6ca57235d18b60a4d802b46a2f8e7 (patch) | |
tree | 8516ddaf5f354501a620230769a7345595c6a1cc /nixos | |
parent | 3d8e5fe74c81a34cc09d492ea33f0e347f84ad96 (diff) |
nixos/matrix-synapse: Add module parameter extraConfigFiles (#33276)
This allows to configure additional configuration files for Synapse. This way secrets can be kept in a secure place on the file system without a need to go through the Nix store.
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/misc/matrix-synapse.nix | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/nixos/modules/services/misc/matrix-synapse.nix b/nixos/modules/services/misc/matrix-synapse.nix index 11463cf4500a9..80979547d3392 100644 --- a/nixos/modules/services/misc/matrix-synapse.nix +++ b/nixos/modules/services/misc/matrix-synapse.nix @@ -578,6 +578,18 @@ in { Extra config options for matrix-synapse. ''; }; + extraConfigFiles = mkOption { + type = types.listOf types.path; + default = []; + description = '' + Extra config files to include. + + The configuration files will be included based on the command line + argument --config-path. This allows to configure secrets without + having to go through the Nix store, e.g. based on deployment keys if + NixOPS is in use. + ''; + }; logConfig = mkOption { type = types.lines; default = readFile ./matrix-synapse-log_config.yaml; @@ -627,7 +639,11 @@ in { Group = "matrix-synapse"; WorkingDirectory = cfg.dataDir; PermissionsStartOnly = true; - ExecStart = "${cfg.package}/bin/homeserver --config-path ${configFile} --keys-directory ${cfg.dataDir}"; + ExecStart = '' + ${cfg.package}/bin/homeserver \ + ${ concatMapStringsSep "\n " (x: "--config-path ${x} \\") ([ configFile ] ++ cfg.extraConfigFiles) } + --keys-directory ${cfg.dataDir} + ''; Restart = "on-failure"; }; }; |