nix-serve: fix NIX_SECRET_KEY_FILE
This commit is contained in:
parent
a78dd785b2
commit
2fb77151e8
|
@ -37,8 +37,6 @@ in
|
||||||
nix-store --generate-binary-cache-key key-name secret-key-file public-key-file
|
nix-store --generate-binary-cache-key key-name secret-key-file public-key-file
|
||||||
```
|
```
|
||||||
|
|
||||||
Make sure user `nix-serve` has read access to the private key file.
|
|
||||||
|
|
||||||
For more details see <citerefentry><refentrytitle>nix-store</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
|
For more details see <citerefentry><refentrytitle>nix-store</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -61,16 +59,22 @@ in
|
||||||
|
|
||||||
path = [ config.nix.package.out pkgs.bzip2.bin ];
|
path = [ config.nix.package.out pkgs.bzip2.bin ];
|
||||||
environment.NIX_REMOTE = "daemon";
|
environment.NIX_REMOTE = "daemon";
|
||||||
environment.NIX_SECRET_KEY_FILE = cfg.secretKeyFile;
|
|
||||||
|
script = ''
|
||||||
|
${lib.optionalString (cfg.secretKeyFile != null) ''
|
||||||
|
export NIX_SECRET_KEY_FILE="$CREDENTIALS_DIRECTORY/NIX_SECRET_KEY_FILE"
|
||||||
|
''}
|
||||||
|
exec ${pkgs.nix-serve}/bin/nix-serve --listen ${cfg.bindAddress}:${toString cfg.port} ${cfg.extraParams}
|
||||||
|
'';
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Restart = "always";
|
Restart = "always";
|
||||||
RestartSec = "5s";
|
RestartSec = "5s";
|
||||||
ExecStart = "${pkgs.nix-serve}/bin/nix-serve " +
|
|
||||||
"--listen ${cfg.bindAddress}:${toString cfg.port} ${cfg.extraParams}";
|
|
||||||
User = "nix-serve";
|
User = "nix-serve";
|
||||||
Group = "nix-serve";
|
Group = "nix-serve";
|
||||||
DynamicUser = true;
|
DynamicUser = true;
|
||||||
|
LoadCredential = lib.optionalString (cfg.secretKeyFile != null)
|
||||||
|
"NIX_SECRET_KEY_FILE:${cfg.secretKeyFile}";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue