From b0d0abb40316ca47caedc31965dd8dcd5af86695 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alu=C3=ADsio=20Augusto=20Silva=20Gon=C3=A7alves?=
 <aluisio@aasg.name>
Date: Thu, 3 Dec 2020 19:01:50 -0300
Subject: [PATCH] ipfs-cluster: Use more systemd features to ease new cluster
 setup

---
 modules/services/cluster/ipfs-cluster.nix | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/modules/services/cluster/ipfs-cluster.nix b/modules/services/cluster/ipfs-cluster.nix
index 03243cd..d5312c5 100644
--- a/modules/services/cluster/ipfs-cluster.nix
+++ b/modules/services/cluster/ipfs-cluster.nix
@@ -55,10 +55,23 @@ in
         description = "Directory where cluster management data lives.";
       };
 
+      secretEnvFile = mkOption {
+        type = with types; nullOr str;
+        default = null;
+        description = ''
+          File containing the cluster secret as an assignment to the CLUSTER_SECRET variable.
+          If none is given, a secret is generated during cluster creation.
+        '';
+      };
+
       secretFile = mkOption {
         type = with types; nullOr str;
         default = null;
-        description = "File containing the cluster secret. If none is given, a secret is generated during cluster creation.";
+        description = ''
+          File containing the cluster secret.
+          If none is given, a secret is generated during cluster creation.
+          Deprecated: use `services.ipfs-cluster-secretEnvFile` instead.
+        '';
       };
 
       consensus = mkOption {
@@ -106,6 +119,9 @@ in
         ProtectSystem = "full";
         ReadWriteDirectories = cfg.dataDir;
         TimeoutStopSec = "5s";
+        EnvironmentFile = optional (cfg.secretEnvFile != null) cfg.secretEnvFile;
+        StateDirectory = optional (cfg.dataDir == "/var/lib/ipfs-cluster") "ipfs-cluster";
+        StateDirectoryMode = "0700";
       };
       preStart = ''
         ${optionalString (cfg.secretFile != null) ''
-- 
2.30.2