New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nixos/mattermost: add secretFile option for declarative configs #117046
Conversation
Huh, apparently I broke the manual. Since this is my first time committing to nixpkgs: where can I find documentation on how to write / test-build the manual? I couldn't find anything on that in the contributing page … |
https://nixos.org/manual/nixos/stable/index.html#chap-contributing
|
@Artturin Is something still blocking this? I'm still looking for a good way to specify secrets in mattermost using the service. |
needs a rebase and someone to test the pr https://nixos.wiki/wiki/Nixpkgs/Reviewing_changes#Modules |
Following the link I'm using this flake to test the module: {
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
# inputs.pkgsReview.url = "github:Artturin/nixpkgs/pipewirejackldpath";
inputs.pkgsReview.url = "github:stuebinm/nixpkgs/master";
#inputs.pkgsReview.url = "/home/artturin/nixgits/my-nixpkgs";
outputs = inputs@{ self, nixpkgs, pkgsReview }: {
nixosConfigurations.vm = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
({ pkgs, ... }: {
# Disable old module from upstream nixpkgs, if the module is not new
disabledModules = [ "services/web-apps/mattermost.nix" ];
imports = [
# Include the module from the fork/fork you want to test
"${inputs.pkgsReview}/nixos/modules/services/web-apps/mattermost.nix"
# For virtualisation settings
"${inputs.nixpkgs}/nixos/modules/virtualisation/qemu-vm.nix"
];
# Test-Specific configuration for the module
services.mattermost = {
enable = true;
mutableConfig = false;
};
# Documentation for these is in nixos/modules/virtualisation/qemu-vm.nix
virtualisation = {
memorySize = 1024 * 3;
diskSize = 1024 * 3;
cores = 4;
msize = 104857600;
};
users.mutableUsers = false;
users.users.root = { password = "root"; };
users.users.user = {
password = "user";
isNormalUser = true;
extraGroups = [ "wheel" ];
};
})
];
};
# So that we can just run 'nix run' instead of
# 'nix build ".#nixosConfigurations.vm.config.system.build.vm" && ./result/bin/run-nixos-vm'
defaultPackage.x86_64-linux =
self.nixosConfigurations.vm.config.system.build.vm;
defaultApp.x86_64-linux = {
type = "app";
program = "${self.defaultPackage.x86_64-linux}/bin/run-nixos-vm";
};
};
} I run into an error when using
I'd like to help test it, but need some guidance. |
Huh, was it already fixed? |
Did a rebase to current master; it seems to work fine on my end, but since a lot has happened since I originally opened this PR and I can't claim to understand the module in its current state, testing by someone else would be important @pinpox hm, that's interesting. It seems like it's trying to import a file Also, does anyone know why me pushing the rebase apparently led to github automatically closing the PR and someone else merging it before I could reopen it? Seems weird … |
Still getting an error with
Regarding the
The PR now also says |
looks like I pushed the wrong branch 🙈 I'm not sure if I can reopen it now — github doesn't offer me a "reopen" button, and new commits in my repository don't seem to be showing up. Might open a new PR with the same content if I can't find another way … |
new PR: #162479 |
This adds an option
services.mattermost.secretFile
, which may be used in conjunction withservices.mattermost.mutableConfig
set tofalse
to avoid placing secret parts of the configuration into the world-readablenix store.
Motivation for this change
#116421
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)