diff options
| author | Milan <me@pbb.lc> | 2021-03-13 13:56:17 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-03-13 13:56:17 +0100 |
| commit | 24133ead28dc4ece7ba016bc8f7624db0478e977 (patch) | |
| tree | c6bee947b2cfedf0cc109d3ce2bad08e89287c85 /nixos | |
| parent | 51f34b22f2a2805659fc959873e922e886c84cdc (diff) | |
nixos/mautrix-telegram: substitute secrets in config file at runtime (#112966)
In the latest release of mautrix-telegram not all secrets can be set
using environment variables (see https://github.com/tulir/mautrix-telegram/issues/584).
This change allows these secret values to be set without ending up in
the Nix store.
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/services/misc/mautrix-telegram.nix | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/nixos/modules/services/misc/mautrix-telegram.nix b/nixos/modules/services/misc/mautrix-telegram.nix index caeb4b04164f..0ae5797fea04 100644 --- a/nixos/modules/services/misc/mautrix-telegram.nix +++ b/nixos/modules/services/misc/mautrix-telegram.nix @@ -6,8 +6,9 @@ let dataDir = "/var/lib/mautrix-telegram"; registrationFile = "${dataDir}/telegram-registration.yaml"; cfg = config.services.mautrix-telegram; - # TODO: switch to configGen.json once RFC42 is implemented - settingsFile = pkgs.writeText "mautrix-telegram-settings.json" (builtins.toJSON cfg.settings); + settingsFormat = pkgs.formats.json {}; + settingsFileUnsubstituted = settingsFormat.generate "mautrix-telegram-config-unsubstituted.json" cfg.settings; + settingsFile = "${dataDir}/config.json"; in { options = { @@ -15,9 +16,8 @@ in { enable = mkEnableOption "Mautrix-Telegram, a Matrix-Telegram hybrid puppeting/relaybot bridge"; settings = mkOption rec { - # TODO: switch to types.config.json as prescribed by RFC42 once it's implemented - type = types.attrs; apply = recursiveUpdate default; + inherit (settingsFormat) type; default = { appservice = rec { database = "sqlite:///${dataDir}/mautrix-telegram.db"; @@ -124,6 +124,16 @@ in { after = [ "network-online.target" ] ++ cfg.serviceDependencies; preStart = '' + # Not all secrets can be passed as environment variable (yet) + # https://github.com/tulir/mautrix-telegram/issues/584 + [ -f ${settingsFile} ] && rm -f ${settingsFile} + old_umask=$(umask) + umask 0277 + ${pkgs.envsubst}/bin/envsubst \ + -o ${settingsFile} \ + -i ${settingsFileUnsubstituted} + umask $old_umask + # generate the appservice's registration file if absent if [ ! -f '${registrationFile}' ]; then ${pkgs.mautrix-telegram}/bin/mautrix-telegram \ @@ -159,6 +169,8 @@ in { --config='${settingsFile}' ''; }; + + restartTriggers = [ settingsFileUnsubstituted ]; }; }; |