environmentFiles are generally a good and reasonable idea

2022-11-11 16:28:50 +01:00 · 2022-11-11 16:28:50 +01:00 · 052e1ac126
parent 0686807690
commit 052e1ac126
1 changed files with 4 additions and 1 deletions
--- a/services/hedgedoc-hacc.nix
+++ b/services/hedgedoc-hacc.nix
@ -58,9 +58,11 @@
            authorizationURL = "https://login.infra4future.de/oauth2/authorize";
            tokenURL = "https://login.infra4future.de/oauth2/token";
            clientID = "hedgedoc";
-            clientSecret = "1a730af1-4d6e-4c1d-8f7e-72375c9b8d62";
+            # must be set to make the NixOS module happy, but env var takes precedence
+            clientSecret = "lol nope";
          };
        };
+        environmentFile = "/persist/secrets.env";
      };
      systemd.services.hedgedoc.environment = {
        "CMD_LOGLEVEL" = "warn";
@ -70,6 +72,7 @@
        "CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR" = "email";
        "CMD_OAUTH2_PROVIDERNAME" = "Infra4Future";
      };
+
      services.postgresql = {
        enable = true;
        ensureDatabases = [ "codimd" ];