diff options
author | Jörg Thalheim <Mic92@users.noreply.github.com> | 2021-12-03 17:50:27 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-12-03 17:50:27 +0000 |
commit | 99c916dd8eef8e63a54defe1eab0b821add4392f (patch) | |
tree | f854fa8a97f9aada14cd195deb69b9e386917bf4 | |
parent | 2df15ba83d0510a56f2583fd3481723835acb5a1 (diff) | |
parent | d87d5731d5bcd495d7a4087949b0fbec4841b972 (diff) | |
download | nixpkgs-99c916dd8eef8e63a54defe1eab0b821add4392f.tar nixpkgs-99c916dd8eef8e63a54defe1eab0b821add4392f.tar.gz nixpkgs-99c916dd8eef8e63a54defe1eab0b821add4392f.tar.bz2 nixpkgs-99c916dd8eef8e63a54defe1eab0b821add4392f.tar.lz nixpkgs-99c916dd8eef8e63a54defe1eab0b821add4392f.tar.xz nixpkgs-99c916dd8eef8e63a54defe1eab0b821add4392f.tar.zst nixpkgs-99c916dd8eef8e63a54defe1eab0b821add4392f.zip |
Merge pull request #148201 from Artturin/nixservesecret
nix-serve: fix NIX_SECRET_KEY_FILE
-rw-r--r-- | nixos/modules/services/networking/nix-serve.nix | 14 | ||||
-rw-r--r-- | nixos/tests/all-tests.nix | 4 | ||||
-rw-r--r-- | nixos/tests/nix-serve-ssh.nix (renamed from nixos/tests/nix-ssh-serve.nix) | 2 | ||||
-rw-r--r-- | pkgs/tools/package-management/nix-serve/default.nix | 5 |
4 files changed, 16 insertions, 9 deletions
diff --git a/nixos/modules/services/networking/nix-serve.nix b/nixos/modules/services/networking/nix-serve.nix index 7fc145f2303..390f0ddaee8 100644 --- a/nixos/modules/services/networking/nix-serve.nix +++ b/nixos/modules/services/networking/nix-serve.nix @@ -37,8 +37,6 @@ in nix-store --generate-binary-cache-key key-name secret-key-file public-key-file ``` - Make sure user `nix-serve` has read access to the private key file. - For more details see <citerefentry><refentrytitle>nix-store</refentrytitle><manvolnum>1</manvolnum></citerefentry>. ''; }; @@ -61,16 +59,22 @@ in path = [ config.nix.package.out pkgs.bzip2.bin ]; environment.NIX_REMOTE = "daemon"; - environment.NIX_SECRET_KEY_FILE = cfg.secretKeyFile; + + script = '' + ${lib.optionalString (cfg.secretKeyFile != null) '' + export NIX_SECRET_KEY_FILE="$CREDENTIALS_DIRECTORY/NIX_SECRET_KEY_FILE" + ''} + exec ${pkgs.nix-serve}/bin/nix-serve --listen ${cfg.bindAddress}:${toString cfg.port} ${cfg.extraParams} + ''; serviceConfig = { Restart = "always"; RestartSec = "5s"; - ExecStart = "${pkgs.nix-serve}/bin/nix-serve " + - "--listen ${cfg.bindAddress}:${toString cfg.port} ${cfg.extraParams}"; User = "nix-serve"; Group = "nix-serve"; DynamicUser = true; + LoadCredential = lib.optionalString (cfg.secretKeyFile != null) + "NIX_SECRET_KEY_FILE:${cfg.secretKeyFile}"; }; }; }; diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 6677e9d093b..1ff1b8d5864 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -315,8 +315,8 @@ in nginx-sso = handleTest ./nginx-sso.nix {}; nginx-variants = handleTest ./nginx-variants.nix {}; nitter = handleTest ./nitter.nix {}; - nix-serve = handleTest ./nix-ssh-serve.nix {}; - nix-ssh-serve = handleTest ./nix-ssh-serve.nix {}; + nix-serve = handleTest ./nix-serve.nix {}; + nix-serve-ssh = handleTest ./nix-serve-ssh.nix {}; nixops = handleTest ./nixops/default.nix {}; nixos-generate-config = handleTest ./nixos-generate-config.nix {}; node-red = handleTest ./node-red.nix {}; diff --git a/nixos/tests/nix-ssh-serve.nix b/nixos/tests/nix-serve-ssh.nix index 03f83542c7c..1eb8d5b395b 100644 --- a/nixos/tests/nix-ssh-serve.nix +++ b/nixos/tests/nix-serve-ssh.nix @@ -35,7 +35,7 @@ in client.fail("diff /root/other-store$(cat mach-id-path) /etc/machine-id") # Currently due to shared store this is a noop :( - client.succeed("nix copy --to ssh-ng://nix-ssh@server $(cat mach-id-path)") + client.succeed("nix copy --experimental-features 'nix-command' --to ssh-ng://nix-ssh@server $(cat mach-id-path)") client.succeed( "nix-store --realise $(cat mach-id-path) --store /root/other-store --substituters ssh-ng://nix-ssh@server" ) diff --git a/pkgs/tools/package-management/nix-serve/default.nix b/pkgs/tools/package-management/nix-serve/default.nix index 93e240ad346..d9faea9cea4 100644 --- a/pkgs/tools/package-management/nix-serve/default.nix +++ b/pkgs/tools/package-management/nix-serve/default.nix @@ -37,7 +37,10 @@ stdenv.mkDerivation { --add-flags $out/libexec/nix-serve/nix-serve.psgi ''; - passthru.tests.nix-serve = nixosTests.nix-serve; + passthru.tests = { + nix-serve = nixosTests.nix-serve; + nix-serve-ssh = nixosTests.nix-serve-ssh; + }; meta = { homepage = "https://github.com/edolstra/nix-serve"; |