diff options
| author | Jörg Thalheim <joerg@thalheim.io> | 2018-09-30 12:06:07 +0100 |
|---|---|---|
| committer | Jörg Thalheim <joerg@thalheim.io> | 2019-02-08 07:08:10 +0000 |
| commit | 367b1e10cb58fb1aaf4a4cd08b7a8edffda807f2 (patch) | |
| tree | f8d01426dd514fa69ca50bda8ac7f862fabb63ff /nixos | |
| parent | 130c76b320ad6da80e20723daf3b8a5bff8e40a0 (diff) | |
| download | nixpkgs-367b1e10cb58fb1aaf4a4cd08b7a8edffda807f2.tar nixpkgs-367b1e10cb58fb1aaf4a4cd08b7a8edffda807f2.tar.gz nixpkgs-367b1e10cb58fb1aaf4a4cd08b7a8edffda807f2.tar.bz2 nixpkgs-367b1e10cb58fb1aaf4a4cd08b7a8edffda807f2.tar.lz nixpkgs-367b1e10cb58fb1aaf4a4cd08b7a8edffda807f2.tar.xz nixpkgs-367b1e10cb58fb1aaf4a4cd08b7a8edffda807f2.tar.zst nixpkgs-367b1e10cb58fb1aaf4a4cd08b7a8edffda807f2.zip | |
tt-rss: add database.passwordFile option
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/services/web-apps/tt-rss.nix | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/nixos/modules/services/web-apps/tt-rss.nix b/nixos/modules/services/web-apps/tt-rss.nix index 90b35d19ea1..52ce17a3045 100644 --- a/nixos/modules/services/web-apps/tt-rss.nix +++ b/nixos/modules/services/web-apps/tt-rss.nix @@ -34,7 +34,14 @@ let define('DB_HOST', '${optionalString (cfg.database.host != null) cfg.database.host}'); define('DB_USER', '${cfg.database.user}'); define('DB_NAME', '${cfg.database.name}'); - define('DB_PASS', '${optionalString (cfg.database.password != null) (escape ["'" "\\"] cfg.database.password)}'); + define('DB_PASS', ${ + if (cfg.database.password != null) then + "'${(escape ["'" "\\"] cfg.database.password)}'" + else if (cfg.database.passwordFile != null) then + "file_get_contents('${cfg.database.passwordFile}')" + else + "" + }); define('DB_PORT', '${toString dbPort}'); define('AUTH_AUTO_CREATE', ${boolToString cfg.auth.autoCreate}); @@ -168,6 +175,14 @@ let ''; }; + passwordFile = mkOption { + type = types.nullOr types.str; + default = null; + description = '' + The database user's password. + ''; + }; + port = mkOption { type = types.nullOr types.int; default = null; @@ -479,6 +494,13 @@ let config = mkIf cfg.enable { + assertions = [ + { + assertion = cfg.database.password != null -> cfg.database.passwordFile == null; + message = "Cannot set both password and passwordFile"; + } + ]; + services.phpfpm.poolConfigs = mkIf (cfg.pool == "${poolName}") { "${poolName}" = '' listen = "${phpfpmSocketName}"; @@ -528,6 +550,7 @@ let callSql = e: if cfg.database.type == "pgsql" then '' ${optionalString (cfg.database.password != null) "PGPASSWORD=${cfg.database.password}"} \ + ${optionalString (cfg.database.passwordFile != null) "PGPASSWORD=$(cat ${cfg.database.passwordFile}"}) \ ${pkgs.sudo}/bin/sudo -u ${cfg.user} ${config.services.postgresql.package}/bin/psql \ -U ${cfg.database.user} \ ${optionalString (cfg.database.host != null) "-h ${cfg.database.host} --port ${toString dbPort}"} \ |