nextcloud: add option for secret configs via a json file
This commit is contained in:
schweby
parent
b458d59693
commit
7a41044210
2 changed files with 39 additions and 11 deletions
|
|
@ -62,15 +62,17 @@
|
||||||
"pm.start_servers" = "2";
|
"pm.start_servers" = "2";
|
||||||
};
|
};
|
||||||
|
|
||||||
extraOptions = ''
|
extraOptions = {
|
||||||
'redis' => array(
|
redis = {
|
||||||
'host' => '/run/redis/redis.sock',
|
host = "/run/redis/redis.sock";
|
||||||
'port' => 0,
|
port = 0;
|
||||||
'dbindex' => 0,
|
dbindex = 0;
|
||||||
'password' => 'secret',
|
password = "secret";
|
||||||
'timeout' => 1.5,
|
timeout = 1.5;
|
||||||
),
|
};
|
||||||
'';
|
};
|
||||||
|
|
||||||
|
secretFile = "/secret/secrets.json";
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -341,12 +341,21 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
extraOptions = mkOption {
|
extraOptions = mkOption {
|
||||||
type = types.str;
|
type = types.attrs;
|
||||||
default = "";
|
default = "";
|
||||||
description = ''
|
description = ''
|
||||||
Extra options which should be appended to nextcloud's config.php file
|
Extra options which should be appended to nextcloud's config.php file
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
secretFile = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
description = ''
|
||||||
|
Secret options which will be appended to nextcloud's config.php file (written in JSON, in the same
|
||||||
|
form as the `extraOptions` option).
|
||||||
|
'';
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable (mkMerge [
|
config = mkIf cfg.enable (mkMerge [
|
||||||
|
|
@ -445,6 +454,19 @@ in {
|
||||||
return trim(file_get_contents($file));
|
return trim(file_get_contents($file));
|
||||||
}
|
}
|
||||||
''}
|
''}
|
||||||
|
${optionalString (cfg.secretFile != null) ''
|
||||||
|
function nix_read_secrets() {
|
||||||
|
$file = "${cfg.secretFile}";
|
||||||
|
if (!file_exists($file)) {
|
||||||
|
throw new \RuntimeException(sprintf(
|
||||||
|
"Cannot start Nextcloud, secrets file %s set by NixOS doesn't exist!",
|
||||||
|
$file
|
||||||
|
));
|
||||||
|
}
|
||||||
|
|
||||||
|
return json_decode(file_get_contents($file));
|
||||||
|
}
|
||||||
|
''}
|
||||||
$CONFIG = [
|
$CONFIG = [
|
||||||
'apps_paths' => [
|
'apps_paths' => [
|
||||||
[ 'path' => '${cfg.home}/apps', 'url' => '/apps', 'writable' => false ],
|
[ 'path' => '${cfg.home}/apps', 'url' => '/apps', 'writable' => false ],
|
||||||
|
|
@ -467,8 +489,12 @@ in {
|
||||||
'trusted_domains' => ${writePhpArrary ([ cfg.hostName ] ++ c.extraTrustedDomains)},
|
'trusted_domains' => ${writePhpArrary ([ cfg.hostName ] ++ c.extraTrustedDomains)},
|
||||||
'trusted_proxies' => ${writePhpArrary (c.trustedProxies)},
|
'trusted_proxies' => ${writePhpArrary (c.trustedProxies)},
|
||||||
${optionalString (c.defaultPhoneRegion != null) "'default_phone_region' => '${c.defaultPhoneRegion}',"}
|
${optionalString (c.defaultPhoneRegion != null) "'default_phone_region' => '${c.defaultPhoneRegion}',"}
|
||||||
${optionalString (cfg.extraOptions != "") cfg.extraOptions}
|
|
||||||
];
|
];
|
||||||
|
|
||||||
|
$EXTRACONFIG = json_decode('${builtins.toJSON cfg.extraOptions}', true);
|
||||||
|
|
||||||
|
array_push($CONFIG, $EXTRACONFIG);
|
||||||
|
${optionalString (cfg.secretFile != null) "array_push($CONFIG, nix_read_secrets());"}
|
||||||
'';
|
'';
|
||||||
occInstallCmd = let
|
occInstallCmd = let
|
||||||
dbpass = if c.dbpassFile != null
|
dbpass = if c.dbpassFile != null
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue