From e199143f11db153c1b844320295f9a1e1be4ac83 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9o=20Gaspard?= Date: Wed, 25 Apr 2018 00:37:25 +0200 Subject: [PATCH] matterbridge module: add configPath option as a workaround, waiting for nix encryption --- .../services/networking/matterbridge.nix | 82 ++++++++++++------- 1 file changed, 52 insertions(+), 30 deletions(-) diff --git a/nixos/modules/services/networking/matterbridge.nix b/nixos/modules/services/networking/matterbridge.nix index 5526e2ba23a..e2f47840595 100644 --- a/nixos/modules/services/networking/matterbridge.nix +++ b/nixos/modules/services/networking/matterbridge.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: +{ options, config, pkgs, lib, ... }: with lib; @@ -6,7 +6,11 @@ let cfg = config.services.matterbridge; - matterbridgeConfToml = pkgs.writeText "matterbridge.toml" (cfg.configFile); + matterbridgeConfToml = + if cfg.configPath == null then + pkgs.writeText "matterbridge.toml" (cfg.configFile) + else + cfg.configPath; in @@ -15,17 +19,32 @@ in services.matterbridge = { enable = mkEnableOption "Matterbridge chat platform bridge"; + configPath = mkOption { + type = with types; nullOr str; + default = null; + example = "/etc/nixos/matterbridge.toml"; + description = '' + The path to the matterbridge configuration file. + ''; + }; + configFile = mkOption { type = types.str; example = '' - #WARNING: as this file contains credentials, be sure to set correct file permissions [irc] + # WARNING: as this file contains credentials, do not use this option! + # It is kept only for backwards compatibility, and would cause your + # credentials to be in the nix-store, thus with the world-readable + # permission bits. + # Use services.matterbridge.configPath instead. + + [irc] [irc.freenode] Server="irc.freenode.net:6667" Nick="matterbot" [mattermost] [mattermost.work] - #do not prefix it wit http:// or https:// + # Do not prefix it with http:// or https:// Server="yourmattermostserver.domain" Team="yourteam" Login="yourlogin" @@ -44,6 +63,10 @@ in channel="off-topic" ''; description = '' + WARNING: THIS IS INSECURE, as your password will end up in + /nix/store, thus publicly readable. Use + services.matterbridge.configPath instead. + The matterbridge configuration file in the TOML file format. ''; }; @@ -65,32 +88,31 @@ in }; }; - config = mkMerge [ - (mkIf cfg.enable { + config = mkIf cfg.enable { + warnings = optional options.services.matterbridge.configFile.isDefined + "The option services.matterbridge.configFile is insecure and should be replaced with services.matterbridge.configPath"; - users.extraUsers = mkIf (cfg.user == "matterbridge") [ - { name = "matterbridge"; - group = "matterbridge"; - } ]; - - users.extraGroups = mkIf (cfg.group == "matterbridge") [ - { name = "matterbridge"; - } ]; - - systemd.services.matterbridge = { - description = "Matterbridge chat platform bridge"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - - serviceConfig = { - User = cfg.user; - Group = cfg.group; - ExecStart = "${pkgs.matterbridge.bin}/bin/matterbridge -conf ${matterbridgeConfToml}"; - Restart = "always"; - RestartSec = "10"; - }; + users.extraUsers = optional (cfg.user == "matterbridge") + { name = "matterbridge"; + group = "matterbridge"; }; - }) - ]; -} + users.extraGroups = optional (cfg.group == "matterbridge") + { name = "matterbridge"; + }; + + systemd.services.matterbridge = { + description = "Matterbridge chat platform bridge"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + + serviceConfig = { + User = cfg.user; + Group = cfg.group; + ExecStart = "${pkgs.matterbridge.bin}/bin/matterbridge -conf ${matterbridgeConfToml}"; + Restart = "always"; + RestartSec = "10"; + }; + }; + }; +}