| 10 Sep 2023 |
 shaniag | and then I want to start the bot there with systemd service usng that flake as working directory | 17:01:02 |
| shaniag | I think this all works out, but the problem now is in my local dev envrionment I have the file config.json where my secret bot token is, and I somehow need to also have that on the directory on the server. But since that is in .gitignore because not everyone shuold see it I do not have that necessary file on the server :( | 17:02:00 |
| shaniag | * and then I want to start the bot there with systemd service usng that flake input as working directory | 17:02:39 |
 Lily Foster | In reply to @shaniag:matrix.org
to start the bot I use the node index.js command (I'm not sure how your package.json is structured, but you might find it easier to set a "bin": "index.js" entry in it and if you need auxiliary files then including "directories": [ "..." ] and/or "files": [ "..." ] might be easier, since then buildNpmPackage's default installPhase would handle installing all of the files and providing a nice $pkg/bin/botname executable. It won't help with stuff like secret management, but I just figured I'd mention it) | 17:04:17 |
| Lily Foster | In reply to @shaniag:matrix.org
I think this all works out, but the problem now is in my local dev envrionment I have the file config.json where my secret bot token is, and I somehow need to also have that on the directory on the server. But since that is in .gitignore because not everyone shuold see it I do not have that necessary file on the server :( Can you pull it from environment variables? Systemd has a EnvironmentFile option you can use to load secret environment variables from something you place on the server. Alternatively it also has a LoadCredential mechanism you can look into. Not sure this part specifically has to do with the npm tooling though NixOS secrets management options are still not mature/first-class supported things | 17:05:52 |
| Lily Foster | (If you want to manage the secrets declaratively there's agenix and sops-nix too. But yeah that's not really a node.js related thing) | 17:06:53 |
| Lily Foster | (I mostly mentioned this channel since I saw you had a custom installPhase and thought you might have been having buildNpmPackage problems with the default install phase 😅) | 17:08:19 |
| shaniag | In reply to @lily:lily.flowers
(I mostly mentioned this channel since I saw you had a custom installPhase and thought you might have been having buildNpmPackage problems with the default install phase 😅) yes i am sorry, you fixed that issue in like one minute I guess. Now the main issue is the secret management | 17:09:34 |
| shaniag | should I post my question in private chat with you or where? | 17:09:42 |
| Lily Foster | Probably back to #nix:nixos.org , more people can help there and I'm technically on mobile (I just have buildNpmPackage set as a matrix keyword so you pinged me with that first message and I thought I'd weigh in) | 17:10:37 |
| shaniag | Lily Foster: getting one error for the bot service | 19:43:23 |
| shaniag | Sep 10 21:37:38 server node[528332]: Error: Cannot find module 'discord.js'
| 19:43:28 |
| Lily Foster | How is your flake structured? You probably want the working directory as that of the built package, not the flake source directory | 19:44:49 |
| Lily Foster | I noticed that earlier but forgot to mention it | 19:44:59 |
| shaniag | In reply to @lily:lily.flowers
How is your flake structured? You probably want the working directory as that of the built package, not the flake source directory bot = {
url = "github:...";
inputs.nixpkgs.follows = "nixpkgs";
};
| 19:45:38 |
| Lily Foster | You probably want something like WorkingDirectory = inputs.botflake.packages.${pkgs.system}.default | 19:45:47 |
| shaniag | ah ok | 19:45:58 |
| Lily Foster | In reply to @shaniag:matrix.org
bot = {
url = "github:...";
inputs.nixpkgs.follows = "nixpkgs";
};
Yeah but the bot flake itself, I was meaning its outputs | 19:46:14 |
| shaniag | oh yeah that makes sense what you are saying | 19:46:17 |
| shaniag | hmm, now getting "an invalid token was provided Lily Foster | 19:56:49 |
| shaniag | probably did something wrong | 19:56:52 |
| shaniag | with passing that with systemd | 19:56:58 |
| shaniag | There has to be some little mistake with these two lines:
ExecStart = "${pkgs.nodejs_20}/bin/node index.js --token=$CREDENTIALS_DIRECTORY/bot.token";
LoadCredential = "bot.token:/var/run/bot-token.txt";
| 20:03:43 |
| shaniag | the token inside of that file is correct | 20:03:55 |
| Lily Foster | In reply to @shaniag:matrix.org
the token inside of that file is correct So if you run it locally/manually with node index.js --token=/var/run/bot-token.txt it works? | 20:07:16 |
| Lily Foster | (Just to be 100% clear) | 20:07:23 |
| shaniag | In reply to @lily:lily.flowers
So if you run it locally/manually with node index.js --token=/var/run/bot-token.txt it works? Nope, it only works with the token in plain text (node index.js --token=23948u2cxjMMwkejrjdslsf), I thought that systemd stuff pastes the files contents there | 20:08:10 |
| Lily Foster | It does not, it just puts the file where the service can read it (e.g. so you can have the service be able to read a privileged file that it wouldn't otherwise be able to) | 20:09:09 |
| Lily Foster | And then you're passing in the file there | 20:09:19 |
| Lily Foster | (Side note but programs args are visible by anyone on a linux system and are discouraged for secrets, but for single-user systems I suppose the threat is not great) | 20:10:08 |
