Commit c29ca670 authored by stuebinm's avatar stuebinm
Browse files

mattermost: add environmentFile option to allow declarative secrets 

This adds an option `services.mattermost.environmentFile`, intended to be
useful especially when `services.mattermost.mutableConfig` is set to `false`.
Since all mattermost configuration options can also be set by environment
variables, this allows managing secret configuration values in a declarative
manner without placing them in the nix store.
parent a983cc62

nixos/modules/services/web-apps/mattermost.nix

+17 −0
Original line number Diff line number Diff line
@@ -184,6 +184,22 @@ in 
          .tar.gz files.

        '';

      };

      environmentFile = mkOption {

        type = types.nullOr types.path;

        default = null;

        description = lib.mdDoc ''

          Environment file (see {manpage}`systemd.exec(5)`

          "EnvironmentFile=" section for the syntax) which sets config options

          for mattermost (see [the mattermost documentation](https://docs.mattermost.com/configure/configuration-settings.html#environment-variables)).



          Settings defined in the environment file will overwrite settings

          set via nix or via the {option}`services.mattermost.extraConfig`

          option.



          Useful for setting config options without their value ending up in the

          (world-readable) nix store, e.g. for a database password.

        '';

      };



      localDatabaseCreate = mkOption {

        type = types.bool;
@@ -321,6 +337,7 @@ in 
          Restart = "always";

          RestartSec = "10";

          LimitNOFILE = "49152";

          EnvironmentFile = cfg.environmentFile;

        };

        unitConfig.JoinsNamespaceOf = mkIf cfg.localDatabaseCreate "postgresql.service";

      };

nixos/tests/mattermost.nix

+16 −0
Original line number Diff line number Diff line
@@ -50,6 +50,13 @@ in 
      mutableConfig = false;

      extraConfig.SupportSettings.HelpLink = "https://search.nixos.org";

    };

    environmentFile = makeMattermost {

      mutableConfig = false;

      extraConfig.SupportSettings.AboutLink = "https://example.org";

      environmentFile = pkgs.writeText "mattermost-env" ''

        MM_SUPPORTSETTINGS_ABOUTLINK=https://nixos.org

      '';

    };

  };



  testScript = let
@@ -69,6 +76,7 @@ in 
      rm -f $mattermostConfig

      echo "$newConfig" > "$mattermostConfig"

    '';



  in

  ''

    start_all()
@@ -120,5 +128,13 @@ in 


    # Our edits should be ignored on restart

    immutable.succeed("${expectConfig ''.AboutLink == "https://nixos.org" and .HelpLink == "https://search.nixos.org"''}")





    ## Environment File node tests ##

    environmentFile.wait_for_unit("mattermost.service")

    environmentFile.wait_for_open_port(8065)



    # Settings in the environment file should override settings set otherwise

    environmentFile.succeed("${expectConfig ''.AboutLink == "https://nixos.org"''}")

  '';

})