Loading nixos/modules/services/web-apps/healthchecks.nix +36 −9 Original line number Diff line number Diff line { config, lib, pkgs, buildEnv, ... }: { config, lib, options, pkgs, buildEnv, ... }: with lib; let defaultUser = "healthchecks"; cfg = config.services.healthchecks; opt = options.services.healthchecks; pkg = cfg.package; boolToPython = b: if b then "True" else "False"; environment = { PYTHONPATH = pkg.pythonPath; STATIC_ROOT = cfg.dataDir + "/static"; DB_NAME = "${cfg.dataDir}/healthchecks.sqlite"; } // cfg.settings; environmentFile = pkgs.writeText "healthchecks-environment" (lib.generators.toKeyValue { } environment); Loading Loading @@ -98,17 +98,24 @@ in description = lib.mdDoc '' Environment variables which are read by healthchecks `(local)_settings.py`. Settings which are explicitly covered in options bewlow, are type-checked and/or transformed Settings which are explicitly covered in options below, are type-checked and/or transformed before added to the environment, everything else is passed as a string. See <https://healthchecks.io/docs/self_hosted_configuration/> for a full documentation of settings. We add two variables to this list inside the packages `local_settings.py.` - STATIC_ROOT to set a state directory for dynamically generated static files. - SECRET_KEY_FILE to read SECRET_KEY from a file at runtime and keep it out of /nix/store. We add additional variables to this list inside the packages `local_settings.py.` - `STATIC_ROOT` to set a state directory for dynamically generated static files. - `SECRET_KEY_FILE` to read `SECRET_KEY` from a file at runtime and keep it out of /nix/store. - `_FILE` variants for several values that hold sensitive information in [Healthchecks configuration](https://healthchecks.io/docs/self_hosted_configuration/) so that they also can be read from a file and kept out of /nix/store. To see which values have support for a `_FILE` variant, run: - `nix-instantiate --eval --expr '(import <nixpkgs> {}).healthchecks.secrets'` - or `nix eval 'nixpkgs#healthchecks.secrets'` if the flake support has been enabled. ''; type = types.submodule { type = types.submodule (settings: { freeformType = types.attrsOf types.str; options = { ALLOWED_HOSTS = lib.mkOption { Loading Loading @@ -143,8 +150,28 @@ in ''; apply = boolToPython; }; DB = mkOption { type = types.enum [ "sqlite" "postgres" "mysql" ]; default = "sqlite"; description = lib.mdDoc "Database engine to use."; }; DB_NAME = mkOption { type = types.str; default = if settings.config.DB == "sqlite" then "${cfg.dataDir}/healthchecks.sqlite" else "hc"; defaultText = lib.literalExpression '' if config.${settings.options.DB} == "sqlite" then "''${config.${opt.dataDir}}/healthchecks.sqlite" else "hc" ''; description = lib.mdDoc "Database name."; }; }; }); }; }; Loading pkgs/servers/web-apps/healthchecks/default.nix +27 −4 Original line number Diff line number Diff line Loading @@ -39,13 +39,36 @@ py.pkgs.buildPythonApplication rec { whitenoise ]; secrets = [ "DB_PASSWORD" "DISCORD_CLIENT_SECRET" "EMAIL_HOST_PASSWORD" "LINENOTIFY_CLIENT_SECRET" "MATRIX_ACCESS_TOKEN" "PD_APP_ID" "PUSHBULLET_CLIENT_SECRET" "PUSHOVER_API_TOKEN" "S3_SECRET_KEY" "SECRET_KEY" "SLACK_CLIENT_SECRET" "TELEGRAM_TOKEN" "TRELLO_APP_KEY" "TWILIO_AUTH" ]; localSettings = writeText "local_settings.py" '' import os STATIC_ROOT = os.getenv("STATIC_ROOT") SECRET_KEY_FILE = os.getenv("SECRET_KEY_FILE") if SECRET_KEY_FILE: with open(SECRET_KEY_FILE, "r") as file: SECRET_KEY = file.readline() ${lib.concatLines (map (secret: '' ${secret}_FILE = os.getenv("${secret}_FILE") if ${secret}_FILE: with open(${secret}_FILE, "r") as file: ${secret} = file.readline() '') secrets)} ''; installPhase = '' Loading Loading
nixos/modules/services/web-apps/healthchecks.nix +36 −9 Original line number Diff line number Diff line { config, lib, pkgs, buildEnv, ... }: { config, lib, options, pkgs, buildEnv, ... }: with lib; let defaultUser = "healthchecks"; cfg = config.services.healthchecks; opt = options.services.healthchecks; pkg = cfg.package; boolToPython = b: if b then "True" else "False"; environment = { PYTHONPATH = pkg.pythonPath; STATIC_ROOT = cfg.dataDir + "/static"; DB_NAME = "${cfg.dataDir}/healthchecks.sqlite"; } // cfg.settings; environmentFile = pkgs.writeText "healthchecks-environment" (lib.generators.toKeyValue { } environment); Loading Loading @@ -98,17 +98,24 @@ in description = lib.mdDoc '' Environment variables which are read by healthchecks `(local)_settings.py`. Settings which are explicitly covered in options bewlow, are type-checked and/or transformed Settings which are explicitly covered in options below, are type-checked and/or transformed before added to the environment, everything else is passed as a string. See <https://healthchecks.io/docs/self_hosted_configuration/> for a full documentation of settings. We add two variables to this list inside the packages `local_settings.py.` - STATIC_ROOT to set a state directory for dynamically generated static files. - SECRET_KEY_FILE to read SECRET_KEY from a file at runtime and keep it out of /nix/store. We add additional variables to this list inside the packages `local_settings.py.` - `STATIC_ROOT` to set a state directory for dynamically generated static files. - `SECRET_KEY_FILE` to read `SECRET_KEY` from a file at runtime and keep it out of /nix/store. - `_FILE` variants for several values that hold sensitive information in [Healthchecks configuration](https://healthchecks.io/docs/self_hosted_configuration/) so that they also can be read from a file and kept out of /nix/store. To see which values have support for a `_FILE` variant, run: - `nix-instantiate --eval --expr '(import <nixpkgs> {}).healthchecks.secrets'` - or `nix eval 'nixpkgs#healthchecks.secrets'` if the flake support has been enabled. ''; type = types.submodule { type = types.submodule (settings: { freeformType = types.attrsOf types.str; options = { ALLOWED_HOSTS = lib.mkOption { Loading Loading @@ -143,8 +150,28 @@ in ''; apply = boolToPython; }; DB = mkOption { type = types.enum [ "sqlite" "postgres" "mysql" ]; default = "sqlite"; description = lib.mdDoc "Database engine to use."; }; DB_NAME = mkOption { type = types.str; default = if settings.config.DB == "sqlite" then "${cfg.dataDir}/healthchecks.sqlite" else "hc"; defaultText = lib.literalExpression '' if config.${settings.options.DB} == "sqlite" then "''${config.${opt.dataDir}}/healthchecks.sqlite" else "hc" ''; description = lib.mdDoc "Database name."; }; }; }); }; }; Loading
pkgs/servers/web-apps/healthchecks/default.nix +27 −4 Original line number Diff line number Diff line Loading @@ -39,13 +39,36 @@ py.pkgs.buildPythonApplication rec { whitenoise ]; secrets = [ "DB_PASSWORD" "DISCORD_CLIENT_SECRET" "EMAIL_HOST_PASSWORD" "LINENOTIFY_CLIENT_SECRET" "MATRIX_ACCESS_TOKEN" "PD_APP_ID" "PUSHBULLET_CLIENT_SECRET" "PUSHOVER_API_TOKEN" "S3_SECRET_KEY" "SECRET_KEY" "SLACK_CLIENT_SECRET" "TELEGRAM_TOKEN" "TRELLO_APP_KEY" "TWILIO_AUTH" ]; localSettings = writeText "local_settings.py" '' import os STATIC_ROOT = os.getenv("STATIC_ROOT") SECRET_KEY_FILE = os.getenv("SECRET_KEY_FILE") if SECRET_KEY_FILE: with open(SECRET_KEY_FILE, "r") as file: SECRET_KEY = file.readline() ${lib.concatLines (map (secret: '' ${secret}_FILE = os.getenv("${secret}_FILE") if ${secret}_FILE: with open(${secret}_FILE, "r") as file: ${secret} = file.readline() '') secrets)} ''; installPhase = '' Loading
