@ -335,19 +335,8 @@ in {
The access key for the S3 bucket .
'' ;
} ;
secret = mkOption {
type = types . nullOr types . str ;
default = null ;
example = " M 5 M r X T R j k y M a x X P e 2 F R X M T f T f b K E n Z C u + 7 u R T V S j " ;
description = ''
The access secret for the S3 bucket . Use
<literal> secretFile < /literal > to avoid this being world-readable
in the <literal> /nix/store < /literal >
'' ;
} ;
secretFile = mkOption {
type = types . nullOr types . str ;
default = null ;
type = types . str ;
example = " / v a r / n e x t c l o u d - o b j e c t s t o r e - s 3 - s e c r e t " ;
description = ''
The full path to a file that contains the access secret . Must be
@ -512,10 +501,6 @@ in {
|| ( lists . count ( v : v . enable ) ( attrsets . attrValues acfg . objectstore ) ) == 1 ;
message = " I f u s i n g o b j e c t s t o r e c l a s s a s p r i m a r y s t o r a g e e x a c t l y o n e c l a s s c a n b e e n a b l e d . " ;
}
{ assertion = let s3 = acfg . objectstore . s3 ; in acfg . objectstore == null
|| ( ! s3 . enable || ( ( s3 . arguments . secret != null ) != ( s3 . arguments . secretFile != null ) ) ) ;
message = " S 3 s t o r a g e r e q u i r e s s p e c i f y i n g e x a c t l y o n e o f s e c r e t o r s e c r e t F i l e " ;
}
] ;
warnings = let
@ -606,7 +591,7 @@ in {
c = cfg . config ;
writePhpArrary = a : " [ ${ concatMapStringsSep " , " ( val : '' " ${ toString val } " '' ) a } ] " ;
requiresReadSecretFunction = c . dbpassFile != null
|| ( c . objectstore != null && ( c . objectstore . s3 . enable && c . objectstore . s3 . arguments . secretFile != null ) ) ;
|| ( c . objectstore != null && c . objectstore . s3 . enable ) ;
objectstoreConfig = let
class = if c . objectstore . s3 . enable then " S 3 " else " " ;
args = if c . objectstore . s3 . enable then c . objectstore . s3 . arguments else { } ;
@ -615,8 +600,7 @@ in {
' bucket' = > ' $ { args . bucket } ' ,
' autocreate' = > $ { toString args . autocreate } ,
' key' = > ' $ { args . key } ' ,
$ { optionalString ( args . secret != null ) " ' s e c r e t ' = > ' ${ args . secret } ' , " }
$ { optionalString ( args . secretFile != null ) " ' s e c r e t ' = > n i x _ r e a d _ s e c r e t ( ' ${ args . secretFile } ' ) , " }
' secret' = > nix_read_secret ( ' $ { args . secretFile } ' ) ,
$ { optionalString ( args . hostname != null ) " ' h o s t n a m e ' = > ' ${ args . hostname } ' , " }
$ { optionalString ( args . port != null ) " ' p o r t ' = > ${ toString args . port } , " }
$ { optionalString ( args . useSsl != null ) " ' u s e _ s s l ' = > ${ if args . useSsl then " t r u e " else " f a l s e " } , " }