minio service: add additional config options #27229
Conversation
| @@ -29,6 +29,38 @@ in | |||
| description = "The config directory, for the access keys and other settings."; | |||
| }; | |||
|
|
|||
| accessKey = mkOption { | |||
| default = ""; | |||
| type = types.string; | |||
There was a problem hiding this comment.
I expect you want types.str (string has potentially surprising merge semantics & is deprecated).
There was a problem hiding this comment.
Thanks for pointing this out. I wasn't even aware of the difference.
I changed all to types.str now.
| type = types.str; | ||
| description = '' | ||
| Specify the Secret key of 8 to 40 characters in length that clients use to access the server. | ||
| If not set the generated key from <literal>configDir</literal> is used. |
There was a problem hiding this comment.
There should be an option to not store secrets in the nix store. For background: #24288
| type = types.str; | ||
| description = '' | ||
| Access key of 5 to 20 characters in length that clients use to access the server. | ||
| If not set the generated key from <literal>configDir</literal> is used. |
There was a problem hiding this comment.
ok. so this means, when somebody prefer not store secrets in the nix store, the can fall back to this method? (using a generated one)
There was a problem hiding this comment.
Yes exactly. Do you think I need to clarify this?
There was a problem hiding this comment.
If I just read the 4 line context visible here, I have no idea where this generated key comes from. Generated by what process and who designed that process? Upstream/you?
Set access and secret key and disable browser. Tests extended to do real operations against minio.
Motivation for this change
Set access and secret key and disable browser.
Tests extended to do real operations against minio.
Things done
(nix.useSandbox on NixOS,
or option
build-use-sandboxinnix.confon non-NixOS)