fix: handle secrets with any characters in them

2024-09-28 11:24:23 -05:00 · 2023-12-19 02:54:50 -06:00 · 2023-12-19 02:54:50 -06:00 · 043aa199f9
commit 043aa199f9
parent a5d0a9f8d5
1 changed files with 14 additions and 2 deletions
--- a/modules/squad-server.nix
+++ b/modules/squad-server.nix
@ -990,13 +990,25 @@ in
                ${lib.optionalString (cfg.config.server.passwordFile != null) ''
                ## Handle secrets for the `Server.cfg` file ##
                # Safely load the server password outside of the nix store
-                sed -i 's/^ServerPassword=.*$/ServerPassword='"$(${pkgs.systemd}/bin/systemd-creds cat SQUAD_SERVER_PASSWORD_FILE)"'/' ./Server.cfg
+                while read -r line; do
+                  if [[ "$line" == ServerPassword=* ]]; then
+                    echo "ServerPassword=$(${pkgs.systemd}/bin/systemd-creds cat SQUAD_SERVER_PASSWORD_FILE)"
+                  else
+                    echo "$line"
+                  fi
+                done
                ''}

                ${lib.optionalString (cfg.config.rcon.passwordFile != null) ''
                ## Handle secrets for the `Rcon.cfg` file ##
                # Safely load the rcon password outside of the nix store
-                sed -i 's/^Password=.*$/Password='"$(${pkgs.systemd}/bin/systemd-creds cat SQUAD_RCON_PASSWORD_FILE)"'/' ./Rcon.cfg
+                while read -r line; do
+                  if [[ "$line" == Password=* ]]; then
+                    echo "Password=$(${pkgs.systemd}/bin/systemd-creds cat SQUAD_RCON_PASSWORD_FILE)"
+                  else
+                    echo "$line"
+                  fi
+                done < ./Rcon.cfg > "rcon.temp" && mv "rcon.temp" ./Rcon.cfg
                ''}

                ${lib.optionalString (cfg.config.license.file != null) ''