|
4 | 4 | lib, |
5 | 5 | ... |
6 | 6 | }: let |
| 7 | + inherit (lib) optionals optionalAttrs; |
7 | 8 | cfg = config.services.demostf.api; |
8 | 9 | fpmCfg = config.services.phpfpm.pools.demostf-api; |
9 | 10 | exporterCfg = config.services.prometheus.exporters.php-fpm; |
|
45 | 46 | type = types.str; |
46 | 47 | description = "path the demos are stored"; |
47 | 48 | }; |
48 | | - keyFile = mkOption { |
49 | | - type = types.str; |
50 | | - description = "path containing key environment variables"; |
| 49 | + editKeyFile = mkOption { |
| 50 | + type = types.nullOr types.str; |
| 51 | + default = null; |
| 52 | + description = "path containing edit key environment variables"; |
| 53 | + }; |
| 54 | + uploadKeyFile = mkOption { |
| 55 | + type = types.nullOr types.str; |
| 56 | + default = null; |
| 57 | + description = "path containing upload key environment variables"; |
| 58 | + }; |
| 59 | + accessKeyFile = mkOption { |
| 60 | + type = types.nullOr types.str; |
| 61 | + default = null; |
| 62 | + description = "path containing access key environment variables"; |
51 | 63 | }; |
52 | 64 | }; |
53 | 65 | }; |
@@ -99,24 +111,43 @@ in { |
99 | 111 | "listen.owner" = "nginx"; |
100 | 112 | "listen.group" = "nginx"; |
101 | 113 | }; |
102 | | - phpEnv = { |
103 | | - BASE_HOST = cfg.baseDomain; |
104 | | - DEMO_ROOT = cfg.demoRoot; |
105 | | - DEMO_HOST = cfg.hostDomain; |
106 | | - DB_TYPE = "pgsql"; |
107 | | - DB_HOST = "/run/postgresql"; |
108 | | - DB_PORT = "5432"; |
109 | | - DB_DATABASE = "demostf"; |
110 | | - DB_USERNAME = "demostf"; |
111 | | - APP_ROOT = "https://${cfg.apiDomain}"; |
112 | | - PARSER_PATH = "${pkgs.demostf-parser}/bin/parse_demo"; |
113 | | - }; |
| 114 | + phpEnv = |
| 115 | + { |
| 116 | + BASE_HOST = cfg.baseDomain; |
| 117 | + DEMO_ROOT = cfg.demoRoot; |
| 118 | + DEMO_HOST = cfg.hostDomain; |
| 119 | + DB_TYPE = "pgsql"; |
| 120 | + DB_HOST = "/run/postgresql"; |
| 121 | + DB_PORT = "5432"; |
| 122 | + DB_DATABASE = "demostf"; |
| 123 | + DB_USERNAME = "demostf"; |
| 124 | + APP_ROOT = "https://${cfg.apiDomain}"; |
| 125 | + PARSER_PATH = "${pkgs.demostf-parser}/bin/parse_demo"; |
| 126 | + } |
| 127 | + // (optionalAttrs (cfg.editKeyFile != null) { |
| 128 | + EDIT_KEY = "$CREDENTIALS_DIRECTORY/edit_key"; |
| 129 | + }) |
| 130 | + // (optionalAttrs (cfg.uploadKeyFile != null) { |
| 131 | + UPLOAD_KEY = "$CREDENTIALS_DIRECTORY/upload_key"; |
| 132 | + }) |
| 133 | + // (optionalAttrs (cfg.accessKeyFile != null) { |
| 134 | + ACCESS_KEY = "$CREDENTIALS_DIRECTORY/access_key"; |
| 135 | + }); |
114 | 136 | user = "demostf"; |
115 | 137 | group = "demostf"; |
116 | 138 | }; |
117 | 139 |
|
118 | 140 | systemd.services.phpfpm-demostf-api.serviceConfig = { |
119 | | - EnvironmentFile = cfg.keyFile; |
| 141 | + LoadCredential = |
| 142 | + (optionals (cfg.editKeyFile != null) [ |
| 143 | + "edit_key:${cfg.editKeyFile}" |
| 144 | + ]) |
| 145 | + ++ (optionals (cfg.uploadKeyFile != null) [ |
| 146 | + "upload_key:${cfg.uploadKeyFile}" |
| 147 | + ]) |
| 148 | + ++ (optionals (cfg.accessKeyFile != null) [ |
| 149 | + "access_key:${cfg.accessKeyFile}" |
| 150 | + ]); |
120 | 151 | }; |
121 | 152 |
|
122 | 153 | services.prometheus.exporters.php-fpm = { |
|
0 commit comments