mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-22 23:13:19 +00:00
nix-serve: fix NIX_SECRET_KEY_FILE
This commit is contained in:
parent
a78dd785b2
commit
2fb77151e8
@ -37,8 +37,6 @@ in
|
||||
nix-store --generate-binary-cache-key key-name secret-key-file public-key-file
|
||||
```
|
||||
|
||||
Make sure user `nix-serve` has read access to the private key file.
|
||||
|
||||
For more details see <citerefentry><refentrytitle>nix-store</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
|
||||
'';
|
||||
};
|
||||
@ -61,16 +59,22 @@ in
|
||||
|
||||
path = [ config.nix.package.out pkgs.bzip2.bin ];
|
||||
environment.NIX_REMOTE = "daemon";
|
||||
environment.NIX_SECRET_KEY_FILE = cfg.secretKeyFile;
|
||||
|
||||
script = ''
|
||||
${lib.optionalString (cfg.secretKeyFile != null) ''
|
||||
export NIX_SECRET_KEY_FILE="$CREDENTIALS_DIRECTORY/NIX_SECRET_KEY_FILE"
|
||||
''}
|
||||
exec ${pkgs.nix-serve}/bin/nix-serve --listen ${cfg.bindAddress}:${toString cfg.port} ${cfg.extraParams}
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
Restart = "always";
|
||||
RestartSec = "5s";
|
||||
ExecStart = "${pkgs.nix-serve}/bin/nix-serve " +
|
||||
"--listen ${cfg.bindAddress}:${toString cfg.port} ${cfg.extraParams}";
|
||||
User = "nix-serve";
|
||||
Group = "nix-serve";
|
||||
DynamicUser = true;
|
||||
LoadCredential = lib.optionalString (cfg.secretKeyFile != null)
|
||||
"NIX_SECRET_KEY_FILE:${cfg.secretKeyFile}";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
Loading…
Reference in New Issue
Block a user