Commit 2d38d9ed authored by Tom Hubrecht's avatar Tom Hubrecht
Browse files

nixos/garage: Add an environmentFile option 

Since garage 0.8.2, garage accepts environment variables for passing secrets,
e.g. `GARAGE_RPC_SECRET` or `GARAGE_ADMIN_TOKEN`. The added `environmentFile`
allows those secrets to not be present in the nix store.
parent 4d935e48

nixos/modules/services/web-servers/garage.nix

+8 −1
Original line number Diff line number Diff line
@@ -23,6 +23,12 @@ in 
      example = { RUST_BACKTRACE="yes"; };

    };



    environmentFile = mkOption {

      type = types.nullOr types.path;

      description = lib.mdDoc "File containing environment variables to be passed to the Garage server.";

      default = null;

    };



    logLevel = mkOption {

      type = types.enum (["info" "debug" "trace"]);

      default = "info";
@@ -80,7 +86,7 @@ in 
      after = [ "network.target" "network-online.target" ];

      wants = [ "network.target" "network-online.target" ];

      wantedBy = [ "multi-user.target" ];

      restartTriggers = [ configFile ];

      restartTriggers = [ configFile ] ++ (lib.optional (cfg.environmentFile != null) cfg.environmentFile);

      serviceConfig = {

        ExecStart = "${cfg.package}/bin/garage server";
@@ -88,6 +94,7 @@ in 
        DynamicUser = lib.mkDefault true;

        ProtectHome = true;

        NoNewPrivileges = true;

        EnvironmentFile = lib.optional (cfg.environmentFile != null) cfg.environmentFile;

      };

      environment = {

        RUST_LOG = lib.mkDefault "garage=${cfg.logLevel}";