alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity

Merge pull request #211559 from GTrunSec/nomad-credential

Browse source 
nixos/nomad: add LoadCredential option
This commit is contained in:
Nick Cao 2023-01-22 08:27:44 +08:00 committed by GitHub
parent a9d9ac9827 6c46078aad
commit c2de985844
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
nixos/modules/services/networking/nomad.nix
View file

@ -71,6 +71,17 @@ in
'';
};
credentials = mkOption {
description = lib.mdDoc ''
Credentials envs used to configure nomad secrets.
'';
type = types.attrsOf types.str;
default = { };
example = {
logs_remote_write_password = "/run/keys/nomad_write_password";
};
};
settings = mkOption {
type = format.type;
@ -148,7 +159,8 @@ in
};
in
"${cfg.package}/bin/nomad agent -config=/etc/nomad.json -plugin-dir=${pluginsDir}/bin" +
concatMapStrings (path: " -config=${path}") cfg.extraSettingsPaths;
concatMapStrings (path: " -config=${path}") cfg.extraSettingsPaths +
concatMapStrings (key: " -config=\${CREDENTIALS_DIRECTORY}/${key}") (lib.attrNames cfg.credentials);
KillMode = "process";
KillSignal = "SIGINT";
LimitNOFILE = 65536;
@ -157,6 +169,7 @@ in
Restart = "on-failure";
RestartSec = 2;
TasksMax = "infinity";
LoadCredential = lib.mapAttrsToList (key: value: "${key}:${value}") cfg.credentials;
}
(mkIf cfg.enableDocker {
SupplementaryGroups = "docker"; # space-separated string