diff options
| author | Vincent Ambo <mail@tazj.in> | 2022-01-01T13·38+0300 |
|---|---|---|
| committer | clbot <clbot@tvl.fyi> | 2022-01-01T15·30+0000 |
| commit | 2bf39d7101baaa718fd8aee7abe3eb2f793e3324 (patch) | |
| tree | e25d61d8682403e51fcab76fbb9fe8654f606806 /ops/modules | |
| parent | 58c64aa81a21f4e1d280d3632af4834ec1b3041e (diff) | |
refactor(modules/smtprelay): Load credentials via agenix r/3509
Change-Id: I56f6887e1fd35551cfc83ad08cafebb611f4a341 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4760 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: Profpatsch <mail@profpatsch.de> Autosubmit: tazjin <mail@tazj.in>
Diffstat (limited to 'ops/modules')
| -rw-r--r-- | ops/modules/smtprelay.nix | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/ops/modules/smtprelay.nix b/ops/modules/smtprelay.nix index d8e03b5794b0..106593fe39d1 100644 --- a/ops/modules/smtprelay.nix +++ b/ops/modules/smtprelay.nix @@ -9,32 +9,38 @@ let mkIf mkOption types -; + ; cfg = config.services.depot.smtprelay; description = "Simple SMTP relay"; - # Configuration values that are always overridden. In particular, - # `config` is specified to always load $StateDirectory/secure.config - # (so that passwords can be loaded from there) and logging is pinned - # to stdout for journald compatibility. + # Configuration values that are always overridden. + # + # - logging is pinned to stdout for journald compatibility + # - secret config is loaded through systemd's credential loading facility overrideArgs = { logfile = ""; - config = "/var/lib/smtprelay/secure.config"; + config = "$CREDENTIALS_DIRECTORY/secrets"; }; # Creates the command line argument string for the service. prepareArgs = args: concatStringsSep " " - (attrValues (mapAttrs (key: value: "-${key} '${toString value}'") + (attrValues (mapAttrs (key: value: "-${key} \"${toString value}\"") (args // overrideArgs))); in { options.services.depot.smtprelay = { enable = mkEnableOption description; + args = mkOption { type = types.attrsOf types.str; description = "Key value pairs for command line arguments"; }; + + secretsFile = mkOption { + type = types.str; + default = "/run/agenix/smtprelay"; + }; }; config = mkIf cfg.enable { @@ -47,6 +53,7 @@ in { Restart = "always"; StateDirectory = "smtprelay"; DynamicUser = true; + LoadCredential = "secrets:${cfg.secretsFile}"; }; }; }; |