diff --git a/nixos/modules/services/web-apps/mattermost.nix b/nixos/modules/services/web-apps/mattermost.nix index 56a53198b3fbf..db5122e79f006 100644 --- a/nixos/modules/services/web-apps/mattermost.nix +++ b/nixos/modules/services/web-apps/mattermost.nix @@ -184,6 +184,22 @@ in .tar.gz files. ''; }; + environmentFile = mkOption { + type = types.nullOr types.path; + default = null; + description = lib.mdDoc '' + Environment file (see {manpage}`systemd.exec(5)` + "EnvironmentFile=" section for the syntax) which sets config options + for mattermost (see [the mattermost documentation](https://docs.mattermost.com/configure/configuration-settings.html#environment-variables)). + + Settings defined in the environment file will overwrite settings + set via nix or via the {option}`services.mattermost.extraConfig` + option. + + Useful for setting config options without their value ending up in the + (world-readable) nix store, e.g. for a database password. + ''; + }; localDatabaseCreate = mkOption { type = types.bool; @@ -321,6 +337,7 @@ in Restart = "always"; RestartSec = "10"; LimitNOFILE = "49152"; + EnvironmentFile = cfg.environmentFile; }; unitConfig.JoinsNamespaceOf = mkIf cfg.localDatabaseCreate "postgresql.service"; }; diff --git a/nixos/tests/mattermost.nix b/nixos/tests/mattermost.nix index 49b418d9fff74..e11201f05357d 100644 --- a/nixos/tests/mattermost.nix +++ b/nixos/tests/mattermost.nix @@ -50,6 +50,13 @@ in mutableConfig = false; extraConfig.SupportSettings.HelpLink = "https://search.nixos.org"; }; + environmentFile = makeMattermost { + mutableConfig = false; + extraConfig.SupportSettings.AboutLink = "https://example.org"; + environmentFile = pkgs.writeText "mattermost-env" '' + MM_SUPPORTSETTINGS_ABOUTLINK=https://nixos.org + ''; + }; }; testScript = let @@ -69,6 +76,7 @@ in rm -f $mattermostConfig echo "$newConfig" > "$mattermostConfig" ''; + in '' start_all() @@ -120,5 +128,13 @@ in # Our edits should be ignored on restart immutable.succeed("${expectConfig ''.AboutLink == "https://nixos.org" and .HelpLink == "https://search.nixos.org"''}") + + + ## Environment File node tests ## + environmentFile.wait_for_unit("mattermost.service") + environmentFile.wait_for_open_port(8065) + + # Settings in the environment file should override settings set otherwise + environmentFile.succeed("${expectConfig ''.AboutLink == "https://nixos.org"''}") ''; })