···
configure a number of bepasty servers which will be started with
+
type = with types ; attrsOf (submodule ({ config, ... } : {
···
example = "0.0.0.0:8000";
default = "127.0.0.1:8000";
···
server secret for safe session cookies, must be set.
+
Warning: this secret is stored in the WORLD-READABLE Nix store!
+
It's recommended to use <option>secretKeyFile</option>
+
which takes precedence over <option>secretKey</option>.
+
secretKeyFile = mkOption {
+
type = types.nullOr types.str;
+
A file that contains the server secret for safe session cookies, must be set.
+
<option>secretKeyFile</option> takes precedence over <option>secretKey</option>.
+
Warning: when <option>secretKey</option> is non-empty <option>secretKeyFile</option>
+
defaults to a file in the WORLD-READABLE Nix store containing that secret.
···
+
secretKeyFile = mkDefault (
+
if config.secretKey != ""
+
then toString (pkgs.writeTextFile {
+
name = "bepasty-secret-key";
+
text = config.secretKey;
config = mkIf cfg.enable {
environment.systemPackages = [ bepasty ];
# creates gunicorn systemd service for each configured server
···
+
ExecStartPre = assert !isNull server.secretKeyFile; pkgs.writeScript "bepasty-server.${name}-init" ''
mkdir -p "${server.workDir}"
mkdir -p "${server.dataDir}"
···
cat > ${server.workDir}/bepasty-${name}.conf <<EOF
STORAGE_FILESYSTEM_DIRECTORY="${server.dataDir}"
+
SECRET_KEY="$(cat "${server.secretKeyFile}")"
DEFAULT_PERMISSIONS="${server.defaultPermissions}"
pyrox.dev