ghoscht/arion
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

secrets: long syntax

Browse source 
https://docs.docker.com/compose/compose-file/05-services/#long-syntax-4
https://docs.docker.com/compose/compose-file/build/#long-syntax
This commit is contained in:
Kiara Grouwstra 2024-08-04 09:45:44 +00:00
parent f6d99030f5
commit 08fda9b957
3 changed files with 56 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
src/haskell/testdata/Arion/NixSpec/arion-context-compose.json vendored
View file

@ -21,6 +21,14 @@
"ports": [ "ports": [
"8080:80" "8080:80"
], ],
"secrets": {
"foo": {
"gid": 123,
"mode": "0440",
"source": "web_cache_redis_secret",
"uid": 123
}
},
"sysctls": {}, "sysctls": {},
"volumes": [] "volumes": []
} }

8
src/haskell/testdata/Arion/NixSpec/arion-context-compose.nix vendored
View file

@ -6,6 +6,14 @@
ports = [ ports = [
"8080:80" "8080:80"
]; ];
secrets = {
foo = {
source = "web_cache_redis_secret";
uid = 123;
gid = 123;
mode = "0440";
};
};
}; };
secrets.foo.environment = "FOO"; secrets.foo.environment = "FOO";
} }

42
src/nix/modules/service/docker-compose-service.nix
View file

@ -18,6 +18,36 @@ let
cap_add = lib.attrNames (lib.filterAttrs (name: value: value == true) config.service.capabilities); cap_add = lib.attrNames (lib.filterAttrs (name: value: value == true) config.service.capabilities);
cap_drop = lib.attrNames (lib.filterAttrs (name: value: value == false) config.service.capabilities); cap_drop = lib.attrNames (lib.filterAttrs (name: value: value == false) config.service.capabilities);
serviceSecretType = types.submodule {
options = {
source = mkOption {
type = nullOr str;
default = null;
description = serviceRef "secrets";
};
uid = mkOption {
type = nullOr (either str int);
default = null;
description = serviceRef "secrets";
};
gid = mkOption {
type = nullOr (either str int);
default = null;
description = serviceRef "secrets";
};
mode = mkOption {
type = nullOr str;
default = null;
example = "0444";
description = ''
The default value of is usually 0444. This option may not be supported
when not deploying to a Swarm.
${serviceRef "secrets"}
'';
};
};
};
in in
{ {
imports = [ imports = [
@ -93,7 +123,7 @@ in
''; '';
}; };
secrets = mkOption { secrets = mkOption {
type = nullOr (listOf str); type = nullOr (either (listOf str) (attrsOf serviceSecretType));
default = null; default = null;
description = '' description = ''
Build-time secrets exposed to the service. Build-time secrets exposed to the service.
@ -103,11 +133,19 @@ in
}); });
}; };
service.secrets = mkOption { service.secrets = mkOption {
type = listOf str; type = either (listOf str) (attrsOf serviceSecretType);
default = []; default = [];
description = '' description = ''
Run-time secrets exposed to the service. Run-time secrets exposed to the service.
''; '';
example = {
redis_secret = {
source = "web_cache_redis_secret";
uid = 123;
gid = 123;
mode = "0440";
};
};
}; };
service.hostname = mkOption { service.hostname = mkOption {
type = nullOr str; type = nullOr str;