nrabulinski/attic
1
1
Fork 1
Code Issues Pull requests Packages Projects Releases Wiki Activity

nixos: Provide better error message when credentialsFile is unset

Browse source
This commit is contained in:
Zhaofeng Li 2023-01-14 23:55:10 -07:00
parent 257a84ad74
commit 6d3b2bd381
1 changed files with 15 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
nixos/atticd.nix
View file

@ -64,9 +64,10 @@ in
variables: variables:
- ATTIC_SERVER_TOKEN_HS256_SECRET_BASE64: The Base64-encoded version of the - ATTIC_SERVER_TOKEN_HS256_SECRET_BASE64: The Base64-encoded version of the
HS256 JWT secret. HS256 JWT secret. Generate it with `openssl rand 64 | base64 -w0`.
''; '';
type = types.path; type = types.nullOr types.path;
default = null;
}; };
settings = lib.mkOption { settings = lib.mkOption {
description = '' description = ''
@ -100,6 +101,18 @@ in
config = lib.mkIf (cfg.enable) (lib.mkMerge [ config = lib.mkIf (cfg.enable) (lib.mkMerge [
{ {
assertions = [ assertions = [
{
assertion = cfg.credentialsFile != null;
message = ''
<option>services.atticd.credentialsFile</option> is not set.
Run `openssl rand 64 | base64 -w0` and create a file with the following contents:
ATTIC_SERVER_TOKEN_HS256_SECRET_BASE64="output from command"
Then, set `services.atticd.credentialsFile` to the quoted absolute path of the file.
'';
}
{ {
assertion = !lib.isStorePath cfg.credentialsFile; assertion = !lib.isStorePath cfg.credentialsFile;
message = '' message = ''