nixos: Provide better error message when credentialsFile is unset
This commit is contained in:
parent
257a84ad74
commit
6d3b2bd381
|
@ -64,9 +64,10 @@ in
|
||||||
variables:
|
variables:
|
||||||
|
|
||||||
- ATTIC_SERVER_TOKEN_HS256_SECRET_BASE64: The Base64-encoded version of the
|
- ATTIC_SERVER_TOKEN_HS256_SECRET_BASE64: The Base64-encoded version of the
|
||||||
HS256 JWT secret.
|
HS256 JWT secret. Generate it with `openssl rand 64 | base64 -w0`.
|
||||||
'';
|
'';
|
||||||
type = types.path;
|
type = types.nullOr types.path;
|
||||||
|
default = null;
|
||||||
};
|
};
|
||||||
settings = lib.mkOption {
|
settings = lib.mkOption {
|
||||||
description = ''
|
description = ''
|
||||||
|
@ -100,6 +101,18 @@ in
|
||||||
config = lib.mkIf (cfg.enable) (lib.mkMerge [
|
config = lib.mkIf (cfg.enable) (lib.mkMerge [
|
||||||
{
|
{
|
||||||
assertions = [
|
assertions = [
|
||||||
|
{
|
||||||
|
assertion = cfg.credentialsFile != null;
|
||||||
|
message = ''
|
||||||
|
<option>services.atticd.credentialsFile</option> is not set.
|
||||||
|
|
||||||
|
Run `openssl rand 64 | base64 -w0` and create a file with the following contents:
|
||||||
|
|
||||||
|
ATTIC_SERVER_TOKEN_HS256_SECRET_BASE64="output from command"
|
||||||
|
|
||||||
|
Then, set `services.atticd.credentialsFile` to the quoted absolute path of the file.
|
||||||
|
'';
|
||||||
|
}
|
||||||
{
|
{
|
||||||
assertion = !lib.isStorePath cfg.credentialsFile;
|
assertion = !lib.isStorePath cfg.credentialsFile;
|
||||||
message = ''
|
message = ''
|
||||||
|
|
Loading…
Reference in a new issue