diff --git a/nixos/modules/services/networking/matterbridge.nix b/nixos/modules/services/networking/matterbridge.nix
index 5526e2ba23ac..e2f478405953 100644
--- a/nixos/modules/services/networking/matterbridge.nix
+++ b/nixos/modules/services/networking/matterbridge.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, lib, ... }:
+{ options, config, pkgs, lib, ... }:
with lib;
@@ -6,7 +6,11 @@ let
cfg = config.services.matterbridge;
- matterbridgeConfToml = pkgs.writeText "matterbridge.toml" (cfg.configFile);
+ matterbridgeConfToml =
+ if cfg.configPath == null then
+ pkgs.writeText "matterbridge.toml" (cfg.configFile)
+ else
+ cfg.configPath;
in
@@ -15,17 +19,32 @@ in
services.matterbridge = {
enable = mkEnableOption "Matterbridge chat platform bridge";
+ configPath = mkOption {
+ type = with types; nullOr str;
+ default = null;
+ example = "/etc/nixos/matterbridge.toml";
+ description = ''
+ The path to the matterbridge configuration file.
+ '';
+ };
+
configFile = mkOption {
type = types.str;
example = ''
- #WARNING: as this file contains credentials, be sure to set correct file permissions [irc]
+ # WARNING: as this file contains credentials, do not use this option!
+ # It is kept only for backwards compatibility, and would cause your
+ # credentials to be in the nix-store, thus with the world-readable
+ # permission bits.
+ # Use services.matterbridge.configPath instead.
+
+ [irc]
[irc.freenode]
Server="irc.freenode.net:6667"
Nick="matterbot"
[mattermost]
[mattermost.work]
- #do not prefix it wit http:// or https://
+ # Do not prefix it with http:// or https://
Server="yourmattermostserver.domain"
Team="yourteam"
Login="yourlogin"
@@ -44,6 +63,10 @@ in
channel="off-topic"
'';
description = ''
+ WARNING: THIS IS INSECURE, as your password will end up in
+ /nix/store, thus publicly readable. Use
+ services.matterbridge.configPath instead.
+
The matterbridge configuration file in the TOML file format.
'';
};
@@ -65,32 +88,31 @@ in
};
};
- config = mkMerge [
- (mkIf cfg.enable {
+ config = mkIf cfg.enable {
+ warnings = optional options.services.matterbridge.configFile.isDefined
+ "The option services.matterbridge.configFile is insecure and should be replaced with services.matterbridge.configPath";
- users.extraUsers = mkIf (cfg.user == "matterbridge") [
- { name = "matterbridge";
- group = "matterbridge";
- } ];
-
- users.extraGroups = mkIf (cfg.group == "matterbridge") [
- { name = "matterbridge";
- } ];
-
- systemd.services.matterbridge = {
- description = "Matterbridge chat platform bridge";
- wantedBy = [ "multi-user.target" ];
- after = [ "network.target" ];
-
- serviceConfig = {
- User = cfg.user;
- Group = cfg.group;
- ExecStart = "${pkgs.matterbridge.bin}/bin/matterbridge -conf ${matterbridgeConfToml}";
- Restart = "always";
- RestartSec = "10";
- };
+ users.extraUsers = optional (cfg.user == "matterbridge")
+ { name = "matterbridge";
+ group = "matterbridge";
};
- })
- ];
-}
+ users.extraGroups = optional (cfg.group == "matterbridge")
+ { name = "matterbridge";
+ };
+
+ systemd.services.matterbridge = {
+ description = "Matterbridge chat platform bridge";
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network.target" ];
+
+ serviceConfig = {
+ User = cfg.user;
+ Group = cfg.group;
+ ExecStart = "${pkgs.matterbridge.bin}/bin/matterbridge -conf ${matterbridgeConfToml}";
+ Restart = "always";
+ RestartSec = "10";
+ };
+ };
+ };
+}