nix: knot: pass config to `knot guard` #700

closed

opened by

boltless.me 1 month ago targeting master from sandboxed-atmosphere

this is a temporary fix. ideal solution would be introducing json file configuration or serving ssh server by our own instead of relying on sshd

Signed-off-by: Seongmin Lee git@boltless.me

options

unified split

Changed files

+13

nix

modules

knot.nix

+13

nix/modules/knot.nix

···

       157
       157
        
               '';

     

       158
       158
        
             };

     

       159
       159
        
       

     

       160
       160
       +
             # TODO: abstract this to share same env table with systemd.services.knot

     

       161
       161
       +
             environment.variables = {

     

       162
       162
       +
               "KNOT_REPO_SCAN_PATH" = cfg.repo.scanPath;

     

       163
       163
       +
               "KNOT_REPO_MAIN_BRANCH" = cfg.repo.mainBranch;

     

       164
       164
       +
               "APPVIEW_ENDPOINT" = cfg.appviewEndpoint;

     

       165
       165
       +
               "KNOT_SERVER_INTERNAL_LISTEN_ADDR" = cfg.server.internalListenAddr;

     

       166
       166
       +
               "KNOT_SERVER_LISTEN_ADDR" = cfg.server.listenAddr;

     

       167
       167
       +
               "KNOT_SERVER_DB_PATH" = cfg.server.dbPath;

     

       168
       168
       +
               "KNOT_SERVER_HOSTNAME" = cfg.server.hostname;

     

       169
       169
       +
               "KNOT_SERVER_PLC_URL" = cfg.server.plcUrl;

     

       170
       170
       +
               "KNOT_SERVER_JETSTREAM_ENDPOINT" = cfg.server.jetstreamEndpoint;

     

       171
       171
       +
               "KNOT_SERVER_OWNER" = cfg.server.owner;

     

       172
       172
       +
             };

     

       160
       173
        
             environment.etc."ssh/keyfetch_wrapper" = {

     

       161
       174
        
               mode = "0555";

     

       162
       175
        
               text = ''