nixos/k3s: add environmentFile as an option

* k3s: add environmentFile option Enabling to include secrets through configuration such as 'sops' * Update nixos/doc/manual/release-notes/rl-2305.section.md Co-authored-by: Jairo Llopis <973709+yajo@users.noreply.github.com>
2023-02-27 05:15:25 -06:00 · 2023-02-27 05:15:25 -06:00 · c713217380
parent c0c598ef35
commit c713217380
2 changed files with 11 additions and 0 deletions
--- a/nixos/doc/manual/release-notes/rl-2305.section.md
+++ b/nixos/doc/manual/release-notes/rl-2305.section.md
@ -270,3 +270,5 @@ In addition to numerous new and upgraded packages, this release has the followin
 - The option `services.nomad.extraSettingsPlugins` has been fixed to allow more than one plugin in the path.

 - The option `services.prometheus.exporters.pihole.interval` does not exist anymore and has been removed.
+
+- `k3s` can now be configured with an EnvironmentFile for its systemd service, allowing secrets to be provided without ending up in the Nix Store.
--- a/nixos/modules/services/cluster/k3s/default.nix
+++ b/nixos/modules/services/cluster/k3s/default.nix
@ -106,6 +106,14 @@ in
      description = lib.mdDoc "Only run the server. This option only makes sense for a server.";
    };

+    environmentFile = mkOption {
+      type = types.nullOr types.path;
+      description = lib.mdDoc ''
+        File path containing environment variables for configuring the k3s service in the format of an EnvironmentFile. See systemd.exec(5).
+      '';
+      default = null;
+    };
+
    configPath = mkOption {
      type = types.nullOr types.path;
      default = null;
@ -154,6 +162,7 @@ in
        LimitNPROC = "infinity";
        LimitCORE = "infinity";
        TasksMax = "infinity";
+        EnvironmentFile = cfg.environmentFile;
        ExecStart = concatStringsSep " \\\n " (
          [
            "${cfg.package}/bin/k3s ${cfg.role}"