public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/mautrix-telegram: substitute secrets in config file at runtime (#112966)

Browse Source 
In the latest release of mautrix-telegram not all secrets can be set
using environment variables (see https://github.com/tulir/mautrix-telegram/issues/584).
This change allows these secret values to be set without ending up in
the Nix store.
This commit is contained in:
Milan 2021-03-13 13:56:17 +01:00 committed by GitHub
parent 51f34b22f2
commit 24133ead28
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
nixos/modules/services/misc/mautrix-telegram.nix
View File

@ -6,8 +6,9 @@ let
dataDir = "/var/lib/mautrix-telegram"; dataDir = "/var/lib/mautrix-telegram";
registrationFile = "${dataDir}/telegram-registration.yaml"; registrationFile = "${dataDir}/telegram-registration.yaml";
cfg = config.services.mautrix-telegram; cfg = config.services.mautrix-telegram;
# TODO: switch to configGen.json once RFC42 is implemented settingsFormat = pkgs.formats.json {};
settingsFile = pkgs.writeText "mautrix-telegram-settings.json" (builtins.toJSON cfg.settings); settingsFileUnsubstituted = settingsFormat.generate "mautrix-telegram-config-unsubstituted.json" cfg.settings;
settingsFile = "${dataDir}/config.json";
in { in {
options = { options = {
@ -15,9 +16,8 @@ in {
enable = mkEnableOption "Mautrix-Telegram, a Matrix-Telegram hybrid puppeting/relaybot bridge"; enable = mkEnableOption "Mautrix-Telegram, a Matrix-Telegram hybrid puppeting/relaybot bridge";
settings = mkOption rec { settings = mkOption rec {
# TODO: switch to types.config.json as prescribed by RFC42 once it's implemented
type = types.attrs;
apply = recursiveUpdate default; apply = recursiveUpdate default;
inherit (settingsFormat) type;
default = { default = {
appservice = rec { appservice = rec {
database = "sqlite:///${dataDir}/mautrix-telegram.db"; database = "sqlite:///${dataDir}/mautrix-telegram.db";
@ -124,6 +124,16 @@ in {
after = [ "network-online.target" ] ++ cfg.serviceDependencies; after = [ "network-online.target" ] ++ cfg.serviceDependencies;
preStart = '' preStart = ''
# Not all secrets can be passed as environment variable (yet)
# https://github.com/tulir/mautrix-telegram/issues/584
[ -f ${settingsFile} ] && rm -f ${settingsFile}
old_umask=$(umask)
umask 0277
${pkgs.envsubst}/bin/envsubst \
-o ${settingsFile} \
-i ${settingsFileUnsubstituted}
umask $old_umask
# generate the appservice's registration file if absent # generate the appservice's registration file if absent
if [ ! -f '${registrationFile}' ]; then if [ ! -f '${registrationFile}' ]; then
${pkgs.mautrix-telegram}/bin/mautrix-telegram \ ${pkgs.mautrix-telegram}/bin/mautrix-telegram \
@ -159,6 +169,8 @@ in {
--config='${settingsFile}' --config='${settingsFile}'
''; '';
}; };
restartTriggers = [ settingsFileUnsubstituted ];
}; };
}; };