From 1e32d28824ccdaf171f8044478bbb5ad8f042aaa Mon Sep 17 00:00:00 2001
From: linj <linj.dev@outlook.com>
Date: Mon, 14 Mar 2022 18:13:57 +0800
Subject: [PATCH] nixos/dendrite: always substitute environment variables in
 config

Before this patch, services.dendrite.environmentFile is used for
secrets and environment variable substitution only happens when this
option is used.

systemd-247 provides a mechanism called LoadCredential for secrets and
it is better than environment file. See the section of Environment=
in the manual of systemd.exec for more information.

This patch always substitute environment variables, which enables the
usage of systemd LoadCredential.
---
 nixos/modules/services/misc/dendrite.nix | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/nixos/modules/services/misc/dendrite.nix b/nixos/modules/services/misc/dendrite.nix
index b2885b09415..89bb989a09e 100644
--- a/nixos/modules/services/misc/dendrite.nix
+++ b/nixos/modules/services/misc/dendrite.nix
@@ -248,14 +248,11 @@ in
         RuntimeDirectory = "dendrite";
         RuntimeDirectoryMode = "0700";
         EnvironmentFile = lib.mkIf (cfg.environmentFile != null) cfg.environmentFile;
-        ExecStartPre =
-          if (cfg.environmentFile != null) then ''
-            ${pkgs.envsubst}/bin/envsubst \
-              -i ${configurationYaml} \
-              -o /run/dendrite/dendrite.yaml
-          '' else ''
-            ${pkgs.coreutils}/bin/cp ${configurationYaml} /run/dendrite/dendrite.yaml
-          '';
+        ExecStartPre = ''
+          ${pkgs.envsubst}/bin/envsubst \
+            -i ${configurationYaml} \
+            -o /run/dendrite/dendrite.yaml
+        '';
         ExecStart = lib.strings.concatStringsSep " " ([
           "${pkgs.dendrite}/bin/dendrite-monolith-server"
           "--config /run/dendrite/dendrite.yaml"