From 4a81613aa6cd11349948476f17daf350b4d07740 Mon Sep 17 00:00:00 2001 From: Sanjin Sehic Date: Fri, 25 Aug 2023 08:59:06 +0100 Subject: [PATCH] nixos/healthchecks: add EMAIL_HOST_PASSWORD_FILE option This allows keeping EMAIL_HOST_PASSWORD out of /nix/store. --- nixos/modules/services/web-apps/healthchecks.nix | 8 ++++++++ pkgs/servers/web-apps/healthchecks/default.nix | 7 +++++++ 2 files changed, 15 insertions(+) diff --git a/nixos/modules/services/web-apps/healthchecks.nix b/nixos/modules/services/web-apps/healthchecks.nix index 657cf387d9ee..3b541e12481b 100644 --- a/nixos/modules/services/web-apps/healthchecks.nix +++ b/nixos/modules/services/web-apps/healthchecks.nix @@ -107,6 +107,8 @@ in We add two variables to this list inside the packages `local_settings.py.` - STATIC_ROOT to set a state directory for dynamically generated static files. - SECRET_KEY_FILE to read SECRET_KEY from a file at runtime and keep it out of /nix/store. + - EMAIL_HOST_PASSWORD_FILE to read EMAIL_HOST_PASSWORD from a file at runtime and keep it + out of /nix/store. ''; type = types.submodule (settings: { freeformType = types.attrsOf types.str; @@ -163,6 +165,12 @@ in ''; description = lib.mdDoc "Database name."; }; + + EMAIL_HOST_PASSWORD_FILE = mkOption { + type = types.str; + default = ""; + description = lib.mdDoc "Path to a file containing the email password."; + }; }; }); }; diff --git a/pkgs/servers/web-apps/healthchecks/default.nix b/pkgs/servers/web-apps/healthchecks/default.nix index 142a67d3367a..59ddf659832b 100644 --- a/pkgs/servers/web-apps/healthchecks/default.nix +++ b/pkgs/servers/web-apps/healthchecks/default.nix @@ -41,11 +41,18 @@ py.pkgs.buildPythonApplication rec { localSettings = writeText "local_settings.py" '' import os + STATIC_ROOT = os.getenv("STATIC_ROOT") + SECRET_KEY_FILE = os.getenv("SECRET_KEY_FILE") if SECRET_KEY_FILE: with open(SECRET_KEY_FILE, "r") as file: SECRET_KEY = file.readline() + + EMAIL_HOST_PASSWORD_FILE = os.getenv("EMAIL_HOST_PASSWORD_FILE") + if EMAIL_HOST_PASSWORD_FILE: + with open(EMAIL_HOST_PASSWORD_FILE, "r") as file: + EMAIL_HOST_PASSWORD = file.readline() ''; installPhase = ''