From 052e1ac1264f135da22c0675eb7aaa366387c3ad Mon Sep 17 00:00:00 2001
From: stuebinm <stuebinm@disroot.org>
Date: Fri, 11 Nov 2022 16:28:50 +0100
Subject: [PATCH] environmentFiles are generally a good and reasonable idea

---
 services/hedgedoc-hacc.nix | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/services/hedgedoc-hacc.nix b/services/hedgedoc-hacc.nix
index 77b2c8e..d88a411 100644
--- a/services/hedgedoc-hacc.nix
+++ b/services/hedgedoc-hacc.nix
@@ -58,9 +58,11 @@
             authorizationURL = "https://login.infra4future.de/oauth2/authorize";
             tokenURL = "https://login.infra4future.de/oauth2/token";
             clientID = "hedgedoc";
-            clientSecret = "1a730af1-4d6e-4c1d-8f7e-72375c9b8d62";
+            # must be set to make the NixOS module happy, but env var takes precedence
+            clientSecret = "lol nope";
           };
         };
+        environmentFile = "/persist/secrets.env";
       };
       systemd.services.hedgedoc.environment = {
         "CMD_LOGLEVEL" = "warn";
@@ -70,6 +72,7 @@
         "CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR" = "email";
         "CMD_OAUTH2_PROVIDERNAME" = "Infra4Future";
       };
+
       services.postgresql = {
         enable = true;
         ensureDatabases = [ "codimd" ];