ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2024-11-10 08:39:08 +03:00
Code Issues Projects Releases Wiki Activity

nixos/peertube: add secretsFile option

Browse Source
This commit is contained in:
Izorkin 2022-12-13 22:07:10 +03:00
parent 32673128e5
commit 9195f02b49
No known key found for this signature in database
GPG Key ID: 1436C1B3F3679F09
2 changed files with 28 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
nixos/modules/services/web-apps/peertube.nix
View File

@ -161,6 +161,18 @@ in {
description = lib.mdDoc "Configure nginx as a reverse proxy for peertube."; description = lib.mdDoc "Configure nginx as a reverse proxy for peertube.";
}; };
secrets = {
secretsFile = lib.mkOption {
type = lib.types.nullOr lib.types.path;
default = null;
example = "/run/secrets/peertube";
description = lib.mdDoc ''
Secrets to run PeerTube.
Generate one using `openssl rand -hex 32`
'';
};
};
database = { database = {
createLocally = lib.mkOption { createLocally = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
@ -282,6 +294,11 @@ in {
prevent this. prevent this.
''; '';
} }
{ assertion = cfg.secrets.secretsFile != null;
message = ''
<option>services.peertube.secrets.secretsFile</option> needs to be set.
'';
}
{ assertion = !(cfg.redis.enableUnixSocket && (cfg.redis.host != null || cfg.redis.port != null)); { assertion = !(cfg.redis.enableUnixSocket && (cfg.redis.host != null || cfg.redis.port != null));
message = '' message = ''
<option>services.peertube.redis.createLocally</option> and redis network connection (<option>services.peertube.redis.host</option> or <option>services.peertube.redis.port</option>) enabled. Disable either of them. <option>services.peertube.redis.createLocally</option> and redis network connection (<option>services.peertube.redis.host</option> or <option>services.peertube.redis.port</option>) enabled. Disable either of them.
@ -418,6 +435,10 @@ in {
#!/bin/sh #!/bin/sh
umask 077 umask 077
cat > /var/lib/peertube/config/local.yaml <<EOF cat > /var/lib/peertube/config/local.yaml <<EOF
${lib.optionalString (cfg.secrets.secretsFile != null) ''
secrets:
peertube: '$(cat ${cfg.secrets.secretsFile})'
''}
${lib.optionalString ((!cfg.database.createLocally) && (cfg.database.passwordFile != null)) '' ${lib.optionalString ((!cfg.database.createLocally) && (cfg.database.passwordFile != null)) ''
database: database:
password: '$(cat ${cfg.database.passwordFile})' password: '$(cat ${cfg.database.passwordFile})'

7
nixos/tests/web-apps/peertube.nix
View File

@ -41,6 +41,9 @@ import ../make-test-python.nix ({pkgs, ...}:
server = { pkgs, ... }: { server = { pkgs, ... }: {
environment = { environment = {
etc = { etc = {
"peertube/secrets-peertube".text = ''
063d9c60d519597acef26003d5ecc32729083965d09181ef3949200cbe5f09ee
'';
"peertube/password-posgressql-db".text = '' "peertube/password-posgressql-db".text = ''
0gUN0C1mgST6czvjZ8T9 0gUN0C1mgST6czvjZ8T9
''; '';
@ -67,6 +70,10 @@ import ../make-test-python.nix ({pkgs, ...}:
localDomain = "peertube.local"; localDomain = "peertube.local";
enableWebHttps = false; enableWebHttps = false;
secrets = {
secretsFile = "/etc/peertube/secrets-peertube";
};
database = { database = {
host = "192.168.2.10"; host = "192.168.2.10";
name = "peertube_local"; name = "peertube_local";