So i have been trying to set up freshrss (module) without the services.freshrss.passwordFile
option, because i don’t want my password sitting around in git.
I have tried this:
{
systemd.services.freshrss-config.script = let
cfg = config.services.freshrss;
settingsFlags =
builtins.concatStringsSep " \\\n "
(lib.attrsets.mapAttrsToList (k: v: "${k} ${toString v}") {
"--default_user" = ''"${cfg.defaultUser}"'';
"--auth_type" = ''"form"'';
"--base_url" = ''"${cfg.baseUrl}"'';
"--language" = ''"${cfg.language}"'';
"--db-type" = ''"${cfg.database.type}"'';
# The following attributes are optional depending on the type of
# database. Those that evaluate to null on the left hand side
# will be omitted.
${
if cfg.database.name != null
then "--db-base"
else null
} = ''"${cfg.database.name}"'';
${
if cfg.database.passFile != null
then "--db-password"
else null
} = ''"$(cat ${cfg.database.passFile})"'';
${
if cfg.database.user != null
then "--db-user"
else null
} = ''"${cfg.database.user}"'';
${
if cfg.database.tableprefix != null
then "--db-prefix"
else null
} = ''"${cfg.database.tableprefix}"'';
${
if cfg.database.host != null && cfg.database.port != null
then "--db-host"
else null
} = ''"${cfg.database.host}:${toString cfg.database.port}"'';
});
in
lib.mkForce ''
# do installation or reconfigure
if test -f ${cfg.dataDir}/config.php; then
# reconfigure with settings
./cli/reconfigure.php ${settingsFlags}
else
# check correct folders in data folder
./cli/prepare.php
# install with settings
./cli/do-install.php ${settingsFlags}
fi
'';
}
while most of this is just copied from nixpkgs, i removed these two lines from the string
''
./cli/update-user.php --user ${cfg.defaultUser} --password "$(cat ${cfg.passwordFile})"
./cli/create-user.php --user ${cfg.defaultUser} --password "$(cat ${cfg.passwordFile})"
''
according to github these are the only 2 usages of passwordFile
apart from the option declaration, but nix still errors with:
error: The option `services.freshrss.passwordFile' is used but not defined.
--show-trace
doesn’t yield anything useful either.
Is this behaviour expected? Are overridden options still evaluated?
If not, what could cause this, and what can i do to find other usages of passwordFile?