Bruno BELANYI
@@ -190,6 +190,10 @@
|
||||
|
||||
- Linux 5.4 and all its variants have been removed since mainline will reach its end of life within the support-span of 25.11.
|
||||
|
||||
- The `services.nginx.sso` module has switched to generating its configuration
|
||||
file in `/run`. You should manually delete `/var/lib/nginx-sso/config.yaml` to
|
||||
avoid storing secret values to disk.
|
||||
|
||||
- The `services.polipo` module has been removed as `polipo` is unmaintained and archived upstream.
|
||||
|
||||
- `boot.enableContainers` is only turned on when a declarative NixOS container is defined in `containers`.
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
let
|
||||
cfg = config.services.nginx.sso;
|
||||
format = pkgs.formats.yaml { };
|
||||
configPath = "/var/lib/nginx-sso/config.yaml";
|
||||
configPath = "/run/nginx-sso/config.yaml";
|
||||
secretsReplacement = utils.genJqSecretsReplacement {
|
||||
loadCredential = true;
|
||||
} cfg.configuration configPath;
|
||||
@@ -60,14 +60,11 @@ in
|
||||
description = "Nginx SSO Backend";
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
preStart = secretsReplacement.script;
|
||||
serviceConfig = {
|
||||
StateDirectory = "nginx-sso";
|
||||
WorkingDirectory = "/var/lib/nginx-sso";
|
||||
ExecStartPre = pkgs.writeShellScript "merge-nginx-sso-config" ''
|
||||
rm -f '${configPath}'
|
||||
# Relies on YAML being a superset of JSON
|
||||
${secretsReplacement.script}
|
||||
'';
|
||||
RuntimeDirectory = "nginx-sso";
|
||||
ExecStart = ''
|
||||
${lib.getExe cfg.package} \
|
||||
--config ${configPath} \
|
||||
|
||||
Reference in New Issue
Block a user