mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-01-19 03:14:03 +00:00
nixos/rabbitmq: Rename cookie -> unsafeCookie
Not a mkRenamedOptionModule, because user intervention is required to determine whether they have a problem. mkRenamed* does not let us explain anything to the user.
This commit is contained in:
parent
4c9b5cb310
commit
6761394083
@ -14,6 +14,15 @@ let
|
||||
|
||||
in
|
||||
{
|
||||
|
||||
imports = [
|
||||
(mkRemovedOptionModule [ "services" "rabbitmq" "cookie" ] ''
|
||||
This option wrote the Erlang cookie to the store, while it should be kept secret.
|
||||
Please remove it from your NixOS configuration and deploy a cookie securely instead.
|
||||
The renamed `unsafeCookie` must ONLY be used in isolated non-production environments such as NixOS VM tests.
|
||||
'')
|
||||
];
|
||||
|
||||
###### interface
|
||||
options = {
|
||||
services.rabbitmq = {
|
||||
@ -62,13 +71,18 @@ in
|
||||
'';
|
||||
};
|
||||
|
||||
cookie = mkOption {
|
||||
unsafeCookie = mkOption {
|
||||
default = "";
|
||||
type = types.str;
|
||||
description = lib.mdDoc ''
|
||||
Erlang cookie is a string of arbitrary length which must
|
||||
be the same for several nodes to be allowed to communicate.
|
||||
Leave empty to generate automatically.
|
||||
|
||||
Setting the cookie via this option exposes the cookie to the store, which
|
||||
is not recommended for security reasons.
|
||||
Only use this option in an isolated non-production environment such as
|
||||
NixOS VM tests.
|
||||
'';
|
||||
};
|
||||
|
||||
@ -209,8 +223,8 @@ in
|
||||
};
|
||||
|
||||
preStart = ''
|
||||
${optionalString (cfg.cookie != "") ''
|
||||
install -m 600 <(echo -n ${cfg.cookie}) ${cfg.dataDir}/.erlang.cookie
|
||||
${optionalString (cfg.unsafeCookie != "") ''
|
||||
install -m 600 <(echo -n ${cfg.unsafeCookie}) ${cfg.dataDir}/.erlang.cookie
|
||||
''}
|
||||
'';
|
||||
};
|
||||
|
Loading…
Reference in New Issue
Block a user