tamipes/authentik-nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

module: provide option to specify EnvironmentFile for secrets

Browse source 
The systemd service module references the module's environmentFile in a
list to allow for merging with EnvironmentFiles injected elsewhere.
This commit is contained in:
WilliButz 2023-10-04 14:47:29 +02:00
parent cd00a35204
commit 251d78a7f2
No known key found for this signature in database
GPG key ID: FB0513677AB15BEA
2 changed files with 50 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

21
test.nix
View file

@ -2,8 +2,10 @@
, nixosModules
}:
let
# use a root-owned EnvironmentFile in production instead (systemd.services.<name>.serviceConfig.EnvironmentFile)
authentiksecret = "thissecretwillbeinthenixstore";
# use a root-owned EnvironmentFile in production instead (services.authentik.environmentFile)
authentik-env = pkgs.writeText "authentik-test-secret-env" ''
AUTHENTIK_SECRET_KEY=thissecretwillbeinthenixstore
'';
in
pkgs.nixosTest {
name = "authentik";
@ -19,17 +21,10 @@ pkgs.nixosTest {
"${pkgs.path}/nixos/tests/common/x11.nix"
];
services.authentik.enable = true;
systemd.services.authentik-migrate.serviceConfig.Environment = [
"AUTHENTIK_SECRET_KEY=${authentiksecret}"
];
systemd.services.authentik-worker.serviceConfig.Environment = [
"AUTHENTIK_SECRET_KEY=${authentiksecret}"
];
systemd.services.authentik.serviceConfig.Environment = [
"AUTHENTIK_SECRET_KEY=${authentiksecret}"
];
services.authentik = {
enable = true;
environmentFile = authentik-env;
};
services.xserver.enable = true;
test-support.displayManager.auto.user = "alice";