ambroisie/nix-config
ambroisie/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

modules: services: paperless: use 'secretKeyFile'

Browse source 
In preparation for the migration to agenix.
This commit is contained in:
Bruno BELANYI 2021-09-25 13:15:34 +02:00
parent 5579baecfb
commit 4643690b43
2 changed files with 22 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

23
modules/services/paperless.nix
View file

@ -13,10 +13,12 @@ in
description = "Internal port for webui";
};
secretKey = mkOption {
secretKeyFile = mkOption {
type = types.str;
example = "e11fl1oa-*ytql8p)(06fbj4ukrlo+n7k&q5+$1md7i+mge=ee";
description = "Secret key used for sessions tokens";
example = "/var/lib/paperless/secret-key.env";
description = ''
Secret key as an 'EnvironmentFile' (see `systemd.exec(5)`)
'';
};
documentPath = mkOption {
@ -65,7 +67,6 @@ in
PAPERLESS_DBNAME = "paperless";
# Security settings
PAPERLESS_SECRET_KEY = cfg.secretKey; # Insecure, I don't care
PAPERLESS_ALLOWED_HOSTS = paperlessDomain;
PAPERLESS_CORS_ALLOWED_HOSTS = "https://${paperlessDomain}";
@ -81,6 +82,20 @@ in
passwordFile = cfg.passwordFile;
};
systemd.services = {
paperless-ng-server.serviceConfig = {
EnvironmentFile = cfg.secretKeyFile;
};
paperless-ng-consumer.serviceConfig = {
EnvironmentFile = cfg.secretKeyFile;
};
paperless-ng-web.serviceConfig = {
EnvironmentFile = cfg.secretKeyFile;
};
};
# Set-up database
services.postgresql = {
enable = true;