nathan/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2026-06-05 21:03:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

nixos/wakapi: streamline password salt & smtp password config

Browse Source
This commit is contained in:
isabel
2025-11-13 14:16:24 +00:00
parent 5f221dca4f
commit c5992aba91
2 changed files with 72 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

76
nixos/modules/services/web-apps/wakapi.nix
View File

@@ -18,11 +18,34 @@ let
types
mkIf
optional
mkMerge
singleton
mkRemovedOptionModule
;
in
{
imports = [
(mkRemovedOptionModule [
"services"
"wakapi"
"passwordSalt"
] "Use services.wakapi.environmentFiles instead.")
(mkRemovedOptionModule [
"services"
"wakapi"
"passwordSaltFile"
] "Use services.wakapi.environmentFiles instead.")
(mkRemovedOptionModule [
"services"
"wakapi"
"smtpPassword"
] "Use services.wakapi.environmentFiles instead.")
(mkRemovedOptionModule [
"services"
"wakapi"
"smtpPasswordFile"
] "Use services.wakapi.environmentFiles instead.")
];
options.services.wakapi = {
enable = mkEnableOption "Wakapi";
package = mkPackageOption pkgs "wakapi" { };
@@ -45,33 +68,11 @@ in
'';
};
passwordSalt = mkOption {
type = types.nullOr types.str;
default = null;
environmentFiles = mkOption {
type = types.listOf types.path;
default = [ ];
description = ''
The password salt to use for Wakapi.
'';
};
passwordSaltFile = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
The path to a file containing the password salt to use for Wakapi.
'';
};
smtpPassword = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
The password used for the smtp mailed to used by Wakapi.
'';
};
smtpPasswordFile = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
The path to a file containing the password for the smtp mailer used by Wakapi.
Use this to set `WAKAPI_PASSWORD_SALT` and `WAKAPI_MAIL_SMTP_PASS`.
'';
};
@@ -148,14 +149,7 @@ in
'';
serviceConfig = {
Environment = mkMerge [
(mkIf (cfg.passwordSalt != null) "WAKAPI_PASSWORD_SALT=${cfg.passwordSalt}")
(mkIf (cfg.smtpPassword != null) "WAKAPI_MAIL_SMTP_PASS=${cfg.smtpPassword}")
];
EnvironmentFile =
(lib.optional (cfg.passwordSaltFile != null) cfg.passwordSaltFile)
++ (lib.optional (cfg.smtpPasswordFile != null) cfg.smtpPasswordFile);
EnvironmentFile = cfg.environmentFiles;
User = config.users.users.wakapi.name;
Group = config.users.users.wakapi.group;
@@ -196,18 +190,6 @@ in
};
assertions = [
{
assertion = cfg.passwordSalt != null || cfg.passwordSaltFile != null;
message = "Either `services.wakapi.passwordSalt` or `services.wakapi.passwordSaltFile` must be set.";
}
{
assertion = !(cfg.passwordSalt != null && cfg.passwordSaltFile != null);
message = "Both `services.wakapi.passwordSalt` and `services.wakapi.passwordSaltFile` should not be set at the same time.";
}
{
assertion = !(cfg.smtpPassword != null && cfg.smtpPasswordFile != null);
message = "Both `services.wakapi.smtpPassword` and `services.wakapi.smtpPasswordFile` should not be set at the same time.";
}
{
assertion = cfg.database.createLocally -> cfg.settings.db.dialect != null;
message = "`services.wakapi.database.createLocally` is true, but a database dialect is not set!";

74
nixos/tests/wakapi.nix
View File

@@ -3,44 +3,56 @@
name = "Wakapi";
nodes = {
wakapiPsql = {
services.wakapi = {
enable = true;
settings = {
server.port = 3000; # upstream default, set explicitly in case upstream changes it
db = {
dialect = "postgres"; # `createLocally` only supports postgres
host = "/run/postgresql";
port = 5432; # service will fail if port is not set
name = "wakapi";
user = "wakapi";
wakapiPsql =
{ pkgs, ... }:
{
services.wakapi = {
enable = true;
settings = {
server.port = 3000; # upstream default, set explicitly in case upstream changes it
db = {
dialect = "postgres"; # `createLocally` only supports postgres
host = "/run/postgresql";
port = 5432; # service will fail if port is not set
name = "wakapi";
user = "wakapi";
};
};
# Automatically create our database
database.createLocally = true; # only works with Postgresql for now
# Created with `cat /dev/urandom | LC_ALL=C tr -dc 'a-zA-Z0-9' | fold -w ${1:-32} | head -n 1`
# In production you should use sops-nix, agenix or something alike.
environmentFiles = [
(pkgs.writeText "env" ''
WAKAPI_PASSWORD_SALT=NpqCY7eY7fMoIWYmPx5mAgr6YoSlXSuI
'')
];
};
# Automatically create our database
database.createLocally = true; # only works with Postgresql for now
# Created with `cat /dev/urandom | LC_ALL=C tr -dc 'a-zA-Z0-9' | fold -w ${1:-32} | head -n 1`
# Prefer passwordSaltFile in production.
passwordSalt = "NpqCY7eY7fMoIWYmPx5mAgr6YoSlXSuI";
};
};
wakapiSqlite = {
services.wakapi = {
enable = true;
settings = {
server.port = 3001;
db = {
dialect = "sqlite3";
name = "wakapi";
user = "wakapi";
wakapiSqlite =
{ pkgs, ... }:
{
services.wakapi = {
enable = true;
settings = {
server.port = 3001;
db = {
dialect = "sqlite3";
name = "wakapi";
user = "wakapi";
};
};
};
passwordSalt = "NpqCY7eY7fMoIWYmPx5mAgr6YoSlXSuI";
environmentFiles = [
(pkgs.writeText "env" ''
WAKAPI_PASSWORD_SALT=NpqCY7eY7fMoIWYmPx5mAgr6YoSlXSuI
'')
];
};
};
};
};
# Test that service works under both postgresql and sqlite3