Unverified Commit c7132173 authored by Riley's avatar Riley Committed by GitHub
Browse files

nixos/k3s: add environmentFile as an option 



* k3s: add environmentFile option

Enabling to include secrets through configuration such as 'sops'

* Update nixos/doc/manual/release-notes/rl-2305.section.md

Co-authored-by: default avatarJairo Llopis <973709+yajo@users.noreply.github.com>
parent c0c598ef

nixos/doc/manual/release-notes/rl-2305.section.md

+2 −0
Original line number Diff line number Diff line
@@ -270,3 +270,5 @@ In addition to numerous new and upgraded packages, this release has the followin 
- The option `services.nomad.extraSettingsPlugins` has been fixed to allow more than one plugin in the path.



- The option `services.prometheus.exporters.pihole.interval` does not exist anymore and has been removed.



- `k3s` can now be configured with an EnvironmentFile for its systemd service, allowing secrets to be provided without ending up in the Nix Store.

nixos/modules/services/cluster/k3s/default.nix

+9 −0
Original line number Diff line number Diff line
@@ -106,6 +106,14 @@ in 
      description = lib.mdDoc "Only run the server. This option only makes sense for a server.";

    };



    environmentFile = mkOption {

      type = types.nullOr types.path;

      description = lib.mdDoc ''

        File path containing environment variables for configuring the k3s service in the format of an EnvironmentFile. See systemd.exec(5).

      '';

      default = null;

    };



    configPath = mkOption {

      type = types.nullOr types.path;

      default = null;
@@ -154,6 +162,7 @@ in 
        LimitNPROC = "infinity";

        LimitCORE = "infinity";

        TasksMax = "infinity";

        EnvironmentFile = cfg.environmentFile;

        ExecStart = concatStringsSep " \\\n " (

          [

            "${cfg.package}/bin/k3s ${cfg.role}"