gador/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/matrix-conduit: add secretFile option

Browse Source
This commit is contained in:
SchweGELBin
2025-08-08 14:56:20 +02:00
parent b069b7c1e2
commit c106c28858
1 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
nixos/modules/services/matrix/conduit.nix
View File

@@ -26,6 +26,22 @@ in
package = lib.mkPackageOption pkgs "matrix-conduit" { }; package = lib.mkPackageOption pkgs "matrix-conduit" { };
secretFile = lib.mkOption {
type = lib.types.nullOr lib.types.path;
default = null;
example = "/run/secrets/matrix-conduit.env";
description = ''
Path to file containing sensitive environment variables.
Some variables that can be considered secrets are:
- CONDUIT_JWT_SECRET:
The secret used in the JWT to enable JWT login without it a 400 error will be returned
- CONDUIT_TURN_SECRET:
The TURN secret
'';
};
settings = lib.mkOption { settings = lib.mkOption {
type = lib.types.submodule { type = lib.types.submodule {
freeformType = format.type; freeformType = format.type;
@@ -112,6 +128,7 @@ in
<https://docs.conduit.rs/configuration.html> <https://docs.conduit.rs/configuration.html>
for details on supported values. for details on supported values.
Note that database_path can not be edited because the service's reliance on systemd StateDir. Note that database_path can not be edited because the service's reliance on systemd StateDir.
For secrets use secretFile option instead.
''; '';
}; };
}; };
@@ -158,6 +175,9 @@ in
Restart = "on-failure"; Restart = "on-failure";
RestartSec = 10; RestartSec = 10;
UMask = "077"; UMask = "077";
}
// lib.optionalAttrs (cfg.secretFile != null) {
EnvironmentFile = cfg.secretFile;
}; };
unitConfig = { unitConfig = {
StartLimitBurst = 5; StartLimitBurst = 5;