Loading nixos/modules/services/web-apps/nextcloud.nix +17 −8 Original line number Diff line number Diff line Loading @@ -116,7 +116,8 @@ let ++ (lib.optional (cfg.config.objectstore.s3.enable) "s3_secret:${cfg.config.objectstore.s3.secretFile}") ++ (lib.optional ( cfg.config.objectstore.s3.sseCKeyFile != null ) "s3_sse_c_key:${cfg.config.objectstore.s3.sseCKeyFile}"); ) "s3_sse_c_key:${cfg.config.objectstore.s3.sseCKeyFile}") ++ (lib.optional (cfg.secretFile != null) "secret_file:${cfg.secretFile}"); requiresRuntimeSystemdCredentials = (lib.length runtimeSystemdCredentials) != 0; Loading Loading @@ -195,7 +196,6 @@ let overrideConfig = let c = cfg.config; requiresReadSecretFunction = c.dbpassFile != null || c.objectstore.s3.enable; objectstoreConfig = let s3 = c.objectstore.s3; Loading Loading @@ -232,7 +232,7 @@ let in pkgs.writeText "nextcloud-config.php" '' <?php ${optionalString requiresReadSecretFunction '' ${optionalString requiresRuntimeSystemdCredentials '' function nix_read_secret($credential_name) { $credentials_directory = getenv("CREDENTIALS_DIRECTORY"); if (!$credentials_directory) { Loading @@ -253,7 +253,19 @@ let } return trim(file_get_contents($credential_path)); }''} } function nix_read_secret_and_decode_json_file($credential_name) { $decoded = json_decode(nix_read_secret($credential_name), true); if (json_last_error() !== JSON_ERROR_NONE) { error_log(sprintf("Cannot decode %s, because: %s", $file, json_last_error_msg())); exit(1); } return $decoded; } ''} function nix_decode_json_file($file, $error) { if (!file_exists($file)) { throw new \RuntimeException(sprintf($error, $file)); Loading Loading @@ -287,10 +299,7 @@ let )); ${optionalString (cfg.secretFile != null) '' $CONFIG = array_replace_recursive($CONFIG, nix_decode_json_file( "${cfg.secretFile}", "Cannot start Nextcloud, secrets file %s set by NixOS doesn't exist!" )); $CONFIG = array_replace_recursive($CONFIG, nix_read_secret_and_decode_json_file('secret_file')); ''} ''; in Loading nixos/tests/nextcloud/with-declarative-redis-and-secrets.nix +6 −7 Original line number Diff line number Diff line Loading @@ -84,13 +84,12 @@ runTest ( # This file is meant to contain secret options which should # not go into the nix store. Here it is just used to set the # redis password. environment.etc."nextcloud-secrets.json".text = '' { "redis": { "password": "secret" } } ''; environment.etc."nextcloud-secrets.json" = { mode = "0600"; text = builtins.toJSON { redis.password = "secret"; }; }; }; }; Loading Loading
nixos/modules/services/web-apps/nextcloud.nix +17 −8 Original line number Diff line number Diff line Loading @@ -116,7 +116,8 @@ let ++ (lib.optional (cfg.config.objectstore.s3.enable) "s3_secret:${cfg.config.objectstore.s3.secretFile}") ++ (lib.optional ( cfg.config.objectstore.s3.sseCKeyFile != null ) "s3_sse_c_key:${cfg.config.objectstore.s3.sseCKeyFile}"); ) "s3_sse_c_key:${cfg.config.objectstore.s3.sseCKeyFile}") ++ (lib.optional (cfg.secretFile != null) "secret_file:${cfg.secretFile}"); requiresRuntimeSystemdCredentials = (lib.length runtimeSystemdCredentials) != 0; Loading Loading @@ -195,7 +196,6 @@ let overrideConfig = let c = cfg.config; requiresReadSecretFunction = c.dbpassFile != null || c.objectstore.s3.enable; objectstoreConfig = let s3 = c.objectstore.s3; Loading Loading @@ -232,7 +232,7 @@ let in pkgs.writeText "nextcloud-config.php" '' <?php ${optionalString requiresReadSecretFunction '' ${optionalString requiresRuntimeSystemdCredentials '' function nix_read_secret($credential_name) { $credentials_directory = getenv("CREDENTIALS_DIRECTORY"); if (!$credentials_directory) { Loading @@ -253,7 +253,19 @@ let } return trim(file_get_contents($credential_path)); }''} } function nix_read_secret_and_decode_json_file($credential_name) { $decoded = json_decode(nix_read_secret($credential_name), true); if (json_last_error() !== JSON_ERROR_NONE) { error_log(sprintf("Cannot decode %s, because: %s", $file, json_last_error_msg())); exit(1); } return $decoded; } ''} function nix_decode_json_file($file, $error) { if (!file_exists($file)) { throw new \RuntimeException(sprintf($error, $file)); Loading Loading @@ -287,10 +299,7 @@ let )); ${optionalString (cfg.secretFile != null) '' $CONFIG = array_replace_recursive($CONFIG, nix_decode_json_file( "${cfg.secretFile}", "Cannot start Nextcloud, secrets file %s set by NixOS doesn't exist!" )); $CONFIG = array_replace_recursive($CONFIG, nix_read_secret_and_decode_json_file('secret_file')); ''} ''; in Loading
nixos/tests/nextcloud/with-declarative-redis-and-secrets.nix +6 −7 Original line number Diff line number Diff line Loading @@ -84,13 +84,12 @@ runTest ( # This file is meant to contain secret options which should # not go into the nix store. Here it is just used to set the # redis password. environment.etc."nextcloud-secrets.json".text = '' { "redis": { "password": "secret" } } ''; environment.etc."nextcloud-secrets.json" = { mode = "0600"; text = builtins.toJSON { redis.password = "secret"; }; }; }; }; Loading
