diff options
author | WilliButz <wbutz@cyberfnord.de> | 2020-09-07 16:39:18 +0200 |
---|---|---|
committer | WilliButz <wbutz@cyberfnord.de> | 2020-09-07 17:39:53 +0200 |
commit | 76362dd7eb2622f7809961b400f357f360de537f (patch) | |
tree | 6f7476ac6145f0ab062bbc0c7e344f1fe3a7b83e /nixos/modules/services/security | |
parent | 7bd175ca3bdba9459cbceb0f1ab2359624de6e4b (diff) |
nixos/bitwarden_rs: add environmentFile option
Add the option `environmentFile` to allow passing secrets to the service
without adding them to the Nix store, while keeping the current
configuration via the existing environment file intact.
Diffstat (limited to 'nixos/modules/services/security')
-rw-r--r-- | nixos/modules/services/security/bitwarden_rs/default.nix | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/nixos/modules/services/security/bitwarden_rs/default.nix b/nixos/modules/services/security/bitwarden_rs/default.nix index 903a53270377..a04bc883bf0f 100644 --- a/nixos/modules/services/security/bitwarden_rs/default.nix +++ b/nixos/modules/services/security/bitwarden_rs/default.nix @@ -81,6 +81,23 @@ in { <link xlink:href="https://github.com/dani-garcia/bitwarden_rs/blob/${bitwarden_rs.version}/.env.template">the environment template file</link>. ''; }; + + environmentFile = mkOption { + type = with types; nullOr path; + default = null; + example = "/root/bitwarden_rs.env"; + description = '' + Additional environment file as defined in <citerefentry> + <refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>. + + Secrets like <envar>ADMIN_TOKEN</envar> and <envar>SMTP_PASSWORD</envar> + may be passed to the service without adding them to the world-readable Nix store. + + Note that this file needs to be available on the host on which + <literal>bitwarden_rs</literal> is running. + ''; + }; }; config = mkIf cfg.enable { @@ -101,7 +118,7 @@ in { serviceConfig = { User = user; Group = group; - EnvironmentFile = configFile; + EnvironmentFile = [ configFile ] ++ optional (cfg.environmentFile != null) cfg.environmentFile; ExecStart = "${bitwarden_rs}/bin/bitwarden_rs"; LimitNOFILE = "1048576"; LimitNPROC = "64"; |