matterbridge module: add configPath option as a workaround, waiting for nix encryption
This commit is contained in:
parent
6c064e6b1f
commit
e199143f11
@ -1,4 +1,4 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
{ options, config, pkgs, lib, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
@ -6,7 +6,11 @@ let
|
||||
|
||||
cfg = config.services.matterbridge;
|
||||
|
||||
matterbridgeConfToml = pkgs.writeText "matterbridge.toml" (cfg.configFile);
|
||||
matterbridgeConfToml =
|
||||
if cfg.configPath == null then
|
||||
pkgs.writeText "matterbridge.toml" (cfg.configFile)
|
||||
else
|
||||
cfg.configPath;
|
||||
|
||||
in
|
||||
|
||||
@ -15,17 +19,32 @@ in
|
||||
services.matterbridge = {
|
||||
enable = mkEnableOption "Matterbridge chat platform bridge";
|
||||
|
||||
configPath = mkOption {
|
||||
type = with types; nullOr str;
|
||||
default = null;
|
||||
example = "/etc/nixos/matterbridge.toml";
|
||||
description = ''
|
||||
The path to the matterbridge configuration file.
|
||||
'';
|
||||
};
|
||||
|
||||
configFile = mkOption {
|
||||
type = types.str;
|
||||
example = ''
|
||||
#WARNING: as this file contains credentials, be sure to set correct file permissions [irc]
|
||||
# WARNING: as this file contains credentials, do not use this option!
|
||||
# It is kept only for backwards compatibility, and would cause your
|
||||
# credentials to be in the nix-store, thus with the world-readable
|
||||
# permission bits.
|
||||
# Use services.matterbridge.configPath instead.
|
||||
|
||||
[irc]
|
||||
[irc.freenode]
|
||||
Server="irc.freenode.net:6667"
|
||||
Nick="matterbot"
|
||||
|
||||
[mattermost]
|
||||
[mattermost.work]
|
||||
#do not prefix it wit http:// or https://
|
||||
# Do not prefix it with http:// or https://
|
||||
Server="yourmattermostserver.domain"
|
||||
Team="yourteam"
|
||||
Login="yourlogin"
|
||||
@ -44,6 +63,10 @@ in
|
||||
channel="off-topic"
|
||||
'';
|
||||
description = ''
|
||||
WARNING: THIS IS INSECURE, as your password will end up in
|
||||
<filename>/nix/store</filename>, thus publicly readable. Use
|
||||
<literal>services.matterbridge.configPath</literal> instead.
|
||||
|
||||
The matterbridge configuration file in the TOML file format.
|
||||
'';
|
||||
};
|
||||
@ -65,32 +88,31 @@ in
|
||||
};
|
||||
};
|
||||
|
||||
config = mkMerge [
|
||||
(mkIf cfg.enable {
|
||||
config = mkIf cfg.enable {
|
||||
warnings = optional options.services.matterbridge.configFile.isDefined
|
||||
"The option services.matterbridge.configFile is insecure and should be replaced with services.matterbridge.configPath";
|
||||
|
||||
users.extraUsers = mkIf (cfg.user == "matterbridge") [
|
||||
{ name = "matterbridge";
|
||||
group = "matterbridge";
|
||||
} ];
|
||||
|
||||
users.extraGroups = mkIf (cfg.group == "matterbridge") [
|
||||
{ name = "matterbridge";
|
||||
} ];
|
||||
|
||||
systemd.services.matterbridge = {
|
||||
description = "Matterbridge chat platform bridge";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
|
||||
serviceConfig = {
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
ExecStart = "${pkgs.matterbridge.bin}/bin/matterbridge -conf ${matterbridgeConfToml}";
|
||||
Restart = "always";
|
||||
RestartSec = "10";
|
||||
};
|
||||
users.extraUsers = optional (cfg.user == "matterbridge")
|
||||
{ name = "matterbridge";
|
||||
group = "matterbridge";
|
||||
};
|
||||
})
|
||||
];
|
||||
}
|
||||
|
||||
users.extraGroups = optional (cfg.group == "matterbridge")
|
||||
{ name = "matterbridge";
|
||||
};
|
||||
|
||||
systemd.services.matterbridge = {
|
||||
description = "Matterbridge chat platform bridge";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
|
||||
serviceConfig = {
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
ExecStart = "${pkgs.matterbridge.bin}/bin/matterbridge -conf ${matterbridgeConfToml}";
|
||||
Restart = "always";
|
||||
RestartSec = "10";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user