···
configure a number of bepasty servers which will be started with
24
-
type = with types ; attrsOf (submodule ({
24
+
type = with types ; attrsOf (submodule ({ config, ... } : {
···
example = "0.0.0.0:8000";
default = "127.0.0.1:8000";
···
server secret for safe session cookies, must be set.
76
+
Warning: this secret is stored in the WORLD-READABLE Nix store!
78
+
It's recommended to use <option>secretKeyFile</option>
79
+
which takes precedence over <option>secretKey</option>.
84
+
secretKeyFile = mkOption {
85
+
type = types.nullOr types.str;
88
+
A file that contains the server secret for safe session cookies, must be set.
90
+
<option>secretKeyFile</option> takes precedence over <option>secretKey</option>.
92
+
Warning: when <option>secretKey</option> is non-empty <option>secretKeyFile</option>
93
+
defaults to a file in the WORLD-READABLE Nix store containing that secret.
···
108
+
secretKeyFile = mkDefault (
109
+
if config.secretKey != ""
110
+
then toString (pkgs.writeTextFile {
111
+
name = "bepasty-secret-key";
112
+
text = config.secretKey;
config = mkIf cfg.enable {
environment.systemPackages = [ bepasty ];
# creates gunicorn systemd service for each configured server
···
118
-
ExecStartPre = assert server.secretKey != ""; pkgs.writeScript "bepasty-server.${name}-init" ''
146
+
ExecStartPre = assert !isNull server.secretKeyFile; pkgs.writeScript "bepasty-server.${name}-init" ''
mkdir -p "${server.workDir}"
mkdir -p "${server.dataDir}"
···
cat > ${server.workDir}/bepasty-${name}.conf <<EOF
STORAGE_FILESYSTEM_DIRECTORY="${server.dataDir}"
126
-
SECRET_KEY="${server.secretKey}"
154
+
SECRET_KEY="$(cat "${server.secretKeyFile}")"
DEFAULT_PERMISSIONS="${server.defaultPermissions}"
pyrox.dev