JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

matterbridge module: add configPath option as a workaround, waiting for nix encryption

Browse Source
This commit is contained in:
Léo Gaspard 2018-04-25 00:37:25 +02:00
parent 6c064e6b1f
commit e199143f11
No known key found for this signature in database
GPG Key ID: 8A55848B6090F9CF
1 changed files with 52 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
nixos/modules/services/networking/matterbridge.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }: { options, config, pkgs, lib, ... }:
with lib; with lib;
@ -6,7 +6,11 @@ let
cfg = config.services.matterbridge; cfg = config.services.matterbridge;
matterbridgeConfToml = pkgs.writeText "matterbridge.toml" (cfg.configFile); matterbridgeConfToml =
if cfg.configPath == null then
pkgs.writeText "matterbridge.toml" (cfg.configFile)
else
cfg.configPath;
in in
@ -15,17 +19,32 @@ in
services.matterbridge = { services.matterbridge = {
enable = mkEnableOption "Matterbridge chat platform bridge"; enable = mkEnableOption "Matterbridge chat platform bridge";
configPath = mkOption {
type = with types; nullOr str;
default = null;
example = "/etc/nixos/matterbridge.toml";
description = ''
The path to the matterbridge configuration file.
'';
};
configFile = mkOption { configFile = mkOption {
type = types.str; type = types.str;
example = '' example = ''
#WARNING: as this file contains credentials, be sure to set correct file permissions [irc] # WARNING: as this file contains credentials, do not use this option!
# It is kept only for backwards compatibility, and would cause your
# credentials to be in the nix-store, thus with the world-readable
# permission bits.
# Use services.matterbridge.configPath instead.
[irc]
[irc.freenode] [irc.freenode]
Server="irc.freenode.net:6667" Server="irc.freenode.net:6667"
Nick="matterbot" Nick="matterbot"
[mattermost] [mattermost]
[mattermost.work] [mattermost.work]
#do not prefix it wit http:// or https:// # Do not prefix it with http:// or https://
Server="yourmattermostserver.domain" Server="yourmattermostserver.domain"
Team="yourteam" Team="yourteam"
Login="yourlogin" Login="yourlogin"
@ -44,6 +63,10 @@ in
channel="off-topic" channel="off-topic"
''; '';
description = '' description = ''
WARNING: THIS IS INSECURE, as your password will end up in
<filename>/nix/store</filename>, thus publicly readable. Use
<literal>services.matterbridge.configPath</literal> instead.
The matterbridge configuration file in the TOML file format. The matterbridge configuration file in the TOML file format.
''; '';
}; };
@ -65,32 +88,31 @@ in
}; };
}; };
config = mkMerge [ config = mkIf cfg.enable {
(mkIf cfg.enable { warnings = optional options.services.matterbridge.configFile.isDefined
"The option services.matterbridge.configFile is insecure and should be replaced with services.matterbridge.configPath";
users.extraUsers = mkIf (cfg.user == "matterbridge") [ users.extraUsers = optional (cfg.user == "matterbridge")
{ name = "matterbridge"; { name = "matterbridge";
group = "matterbridge"; group = "matterbridge";
} ];
users.extraGroups = mkIf (cfg.group == "matterbridge") [
{ name = "matterbridge";
} ];
systemd.services.matterbridge = {
description = "Matterbridge chat platform bridge";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
User = cfg.user;
Group = cfg.group;
ExecStart = "${pkgs.matterbridge.bin}/bin/matterbridge -conf ${matterbridgeConfToml}";
Restart = "always";
RestartSec = "10";
};
}; };
})
];
}
users.extraGroups = optional (cfg.group == "matterbridge")
{ name = "matterbridge";
};
systemd.services.matterbridge = {
description = "Matterbridge chat platform bridge";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
User = cfg.user;
Group = cfg.group;
ExecStart = "${pkgs.matterbridge.bin}/bin/matterbridge -conf ${matterbridgeConfToml}";
Restart = "always";
RestartSec = "10";
};
};
};
}