module: support additional properties in "ak"
This changes the "ak" script to contain all properties from the authentik.service unit except the Exec* and Restart* properties. This allows the script to work when the user has added additional properties to the unit (e.g. the `SupplementaryGroups` property to connect to Redis over a Unix socket).
This commit is contained in:
Quentin Smith
parent
1361d269fe
commit
940f49870b
1 changed files with 10 additions and 6 deletions
16
module.nix
16
module.nix
|
|
@ -196,13 +196,17 @@ in
|
|||
# `systemd-run(1)` in order to spin up an environment with correct (dynamic) user,
|
||||
# state directory and environment to run `ak` inside.
|
||||
(k: vs: map (v: "--property ${k}=${if isBool v then boolToString v else toString v}") (toList vs))
|
||||
# Read serviceDefaults from `authentik.service`. That way, module system primitives (mk*)
|
||||
# can be used inside `serviceDefaults` and it doesn't need to be evaluated here again.
|
||||
# Read properties from `authentik.service`. That way, users can customize the properties using
|
||||
# module system primitives and the like.
|
||||
(
|
||||
getAttrs (attrNames serviceDefaults) config.systemd.services.authentik.serviceConfig
|
||||
// {
|
||||
StateDirectory = "authentik";
|
||||
}
|
||||
removeAttrs config.systemd.services.authentik.serviceConfig [
|
||||
"ExecStart"
|
||||
"ExecStartPre"
|
||||
"Restart"
|
||||
"RestartSec"
|
||||
# systemd-run doesn't expand the %S specifier, so this is passed separately below.
|
||||
"WorkingDirectory"
|
||||
]
|
||||
)
|
||||
);
|
||||
in
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue