diff options
| author | Riley <asonix@asonix.dog> | 2023-02-27 05:15:25 -0600 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-02-27 08:15:25 -0300 |
| commit | c7132173806cfc92fa0f2bcbf965a1af3a259dea (patch) | |
| tree | fd6906eda2842bd31a2df31800d4cfafd7fd3a8b /nixos | |
| parent | c0c598ef35335bf02a584dca4f37a897d5ba9a70 (diff) | |
nixos/k3s: add environmentFile as an option
* k3s: add environmentFile option Enabling to include secrets through configuration such as 'sops' * Update nixos/doc/manual/release-notes/rl-2305.section.md Co-authored-by: Jairo Llopis <973709+yajo@users.noreply.github.com>
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-2305.section.md | 2 | ||||
| -rw-r--r-- | nixos/modules/services/cluster/k3s/default.nix | 9 |
2 files changed, 11 insertions, 0 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2305.section.md b/nixos/doc/manual/release-notes/rl-2305.section.md index 276405199ca49..6b9bb06fedc91 100644 --- a/nixos/doc/manual/release-notes/rl-2305.section.md +++ b/nixos/doc/manual/release-notes/rl-2305.section.md @@ -270,3 +270,5 @@ In addition to numerous new and upgraded packages, this release has the followin - The option `services.nomad.extraSettingsPlugins` has been fixed to allow more than one plugin in the path. - The option `services.prometheus.exporters.pihole.interval` does not exist anymore and has been removed. + +- `k3s` can now be configured with an EnvironmentFile for its systemd service, allowing secrets to be provided without ending up in the Nix Store. diff --git a/nixos/modules/services/cluster/k3s/default.nix b/nixos/modules/services/cluster/k3s/default.nix index 693f388de14a6..97c1e57f9b579 100644 --- a/nixos/modules/services/cluster/k3s/default.nix +++ b/nixos/modules/services/cluster/k3s/default.nix @@ -106,6 +106,14 @@ in description = lib.mdDoc "Only run the server. This option only makes sense for a server."; }; + environmentFile = mkOption { + type = types.nullOr types.path; + description = lib.mdDoc '' + File path containing environment variables for configuring the k3s service in the format of an EnvironmentFile. See systemd.exec(5). + ''; + default = null; + }; + configPath = mkOption { type = types.nullOr types.path; default = null; @@ -154,6 +162,7 @@ in LimitNPROC = "infinity"; LimitCORE = "infinity"; TasksMax = "infinity"; + EnvironmentFile = cfg.environmentFile; ExecStart = concatStringsSep " \\\n " ( [ "${cfg.package}/bin/k3s ${cfg.role}" |