diff options
Diffstat (limited to 'ops/modules')
-rw-r--r-- | ops/modules/irccat.nix | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/ops/modules/irccat.nix b/ops/modules/irccat.nix index e4b30b73553e..9d3eea53c073 100644 --- a/ops/modules/irccat.nix +++ b/ops/modules/irccat.nix @@ -12,13 +12,13 @@ let # service launch. configJson = pkgs.writeText "irccat.json" (builtins.toJSON cfg.config); configMerge = pkgs.writeShellScript "merge-irccat-config" '' - if [ ! -f "/etc/secrets/irccat.json" ]; then + if [ ! -f "${cfg.secretsFile}" ]; then echo "irccat secrets file is missing" exit 1 fi # jq's * is the recursive merge operator - ${pkgs.jq}/bin/jq -s '.[0] * .[1]' ${configJson} /etc/secrets/irccat.json \ + ${pkgs.jq}/bin/jq -s '.[0] * .[1]' ${configJson} ${cfg.secretsFile} \ > /var/lib/irccat/irccat.json ''; in { @@ -29,6 +29,12 @@ in { type = lib.types.attrs; # varying value types description = "Configuration structure (unchecked!)"; }; + + secretsFile = lib.mkOption { + type = lib.types.str; + description = "Path to the secrets file to be merged"; + default = "/run/agenix/irccat"; + }; }; config = lib.mkIf cfg.enable { @@ -40,10 +46,14 @@ in { serviceConfig = { DynamicUser = true; + Group = "irccat"; StateDirectory = "irccat"; WorkingDirectory = "/var/lib/irccat"; Restart = "always"; }; }; + + # Create a real group to grant access to secrets to. + users.groups.irccat = {}; }; } |