nixos/slurm: fix dbdserver config file handling

Since slurm-20.11.0.1 the dbd server requires slurmdbd.conf to be in mode 600 to protect the database password. This change creates slurmdbd.conf on-the-fly at service startup and thus avoids that the database password ends up in the nix store.
2020-11-29 15:58:58 +01:00
parent f074e879fd
commit 5df0cf7461
3 changed files with 51 additions and 32 deletions
--- a/nixos/tests/slurm.nix
+++ b/nixos/tests/slurm.nix
@@ -86,14 +86,16 @@ in {

    dbd =
      { pkgs, ... } :
-      {
+      let
+        passFile = pkgs.writeText "dbdpassword" "password123";
+      in {
        networking.firewall.enable = false;
        systemd.tmpfiles.rules = [
          "f /etc/munge/munge.key 0400 munge munge - mungeverryweakkeybuteasytointegratoinatest"
        ];
        services.slurm.dbdserver = {
          enable = true;
-          storagePass = "password123";
+          storagePassFile = "${passFile}";
        };
        services.mysql = {
          enable = true;