b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

nix-serve: fix NIX_SECRET_KEY_FILE

Browse source
This commit is contained in:
Artturin 2021-12-01 23:19:58 +02:00
parent a78dd785b2
commit 2fb77151e8
1 changed files with 9 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
nixos/modules/services/networking/nix-serve.nix
View file

@ -37,8 +37,6 @@ in
nix-store --generate-binary-cache-key key-name secret-key-file public-key-file
```
Make sure user `nix-serve` has read access to the private key file.
For more details see <citerefentry><refentrytitle>nix-store</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
'';
};
@ -61,16 +59,22 @@ in
path = [ config.nix.package.out pkgs.bzip2.bin ];
environment.NIX_REMOTE = "daemon";
environment.NIX_SECRET_KEY_FILE = cfg.secretKeyFile;
script = ''
${lib.optionalString (cfg.secretKeyFile != null) ''
export NIX_SECRET_KEY_FILE="$CREDENTIALS_DIRECTORY/NIX_SECRET_KEY_FILE"
''}
exec ${pkgs.nix-serve}/bin/nix-serve --listen ${cfg.bindAddress}:${toString cfg.port} ${cfg.extraParams}
'';
serviceConfig = {
Restart = "always";
RestartSec = "5s";
ExecStart = "${pkgs.nix-serve}/bin/nix-serve " +
"--listen ${cfg.bindAddress}:${toString cfg.port} ${cfg.extraParams}";
User = "nix-serve";
Group = "nix-serve";
DynamicUser = true;
LoadCredential = lib.optionalString (cfg.secretKeyFile != null)
"NIX_SECRET_KEY_FILE:${cfg.secretKeyFile}";
};
};
};