Merge pull request #162479 from stuebinm/feature/mattermost-secrets

nixos/mattermost: add secretFile option for declarative configs (again)
2024-09-20 20:39:04 +02:00 · 2023-03-27 21:50:18 +03:00 · 2023-03-27 21:50:18 +03:00 · e74d28259d
parent 1ca07856c5 c29ca6704d
commit e74d28259d
2 changed files with 33 additions and 0 deletions
--- a/nixos/modules/services/web-apps/mattermost.nix
+++ b/nixos/modules/services/web-apps/mattermost.nix
@ -184,6 +184,22 @@ in
          .tar.gz files.
        '';
      };
+      environmentFile = mkOption {
+        type = types.nullOr types.path;
+        default = null;
+        description = lib.mdDoc ''
+          Environment file (see {manpage}`systemd.exec(5)`
+          "EnvironmentFile=" section for the syntax) which sets config options
+          for mattermost (see [the mattermost documentation](https://docs.mattermost.com/configure/configuration-settings.html#environment-variables)).
+
+          Settings defined in the environment file will overwrite settings
+          set via nix or via the {option}`services.mattermost.extraConfig`
+          option.
+
+          Useful for setting config options without their value ending up in the
+          (world-readable) nix store, e.g. for a database password.
+        '';
+      };

      localDatabaseCreate = mkOption {
        type = types.bool;
@ -321,6 +337,7 @@ in
          Restart = "always";
          RestartSec = "10";
          LimitNOFILE = "49152";
+          EnvironmentFile = cfg.environmentFile;
        };
        unitConfig.JoinsNamespaceOf = mkIf cfg.localDatabaseCreate "postgresql.service";
      };
--- a/nixos/tests/mattermost.nix
+++ b/nixos/tests/mattermost.nix
@ -50,6 +50,13 @@ in
      mutableConfig = false;
      extraConfig.SupportSettings.HelpLink = "https://search.nixos.org";
    };
+    environmentFile = makeMattermost {
+      mutableConfig = false;
+      extraConfig.SupportSettings.AboutLink = "https://example.org";
+      environmentFile = pkgs.writeText "mattermost-env" ''
+        MM_SUPPORTSETTINGS_ABOUTLINK=https://nixos.org
+      '';
+    };
  };

  testScript = let
@ -69,6 +76,7 @@ in
      rm -f $mattermostConfig
      echo "$newConfig" > "$mattermostConfig"
    '';
+
  in
  ''
    start_all()
@ -120,5 +128,13 @@ in

    # Our edits should be ignored on restart
    immutable.succeed("${expectConfig ''.AboutLink == "https://nixos.org" and .HelpLink == "https://search.nixos.org"''}")
+
+
+    ## Environment File node tests ##
+    environmentFile.wait_for_unit("mattermost.service")
+    environmentFile.wait_for_open_port(8065)
+
+    # Settings in the environment file should override settings set otherwise
+    environmentFile.succeed("${expectConfig ''.AboutLink == "https://nixos.org"''}")
  '';
 })