environmentFiles are generally a good and reasonable idea

This commit is contained in:
stuebinm 2022-11-11 16:28:50 +01:00
parent 0686807690
commit 052e1ac126

View file

@ -58,9 +58,11 @@
authorizationURL = "https://login.infra4future.de/oauth2/authorize"; authorizationURL = "https://login.infra4future.de/oauth2/authorize";
tokenURL = "https://login.infra4future.de/oauth2/token"; tokenURL = "https://login.infra4future.de/oauth2/token";
clientID = "hedgedoc"; clientID = "hedgedoc";
clientSecret = "1a730af1-4d6e-4c1d-8f7e-72375c9b8d62"; # must be set to make the NixOS module happy, but env var takes precedence
clientSecret = "lol nope";
}; };
}; };
environmentFile = "/persist/secrets.env";
}; };
systemd.services.hedgedoc.environment = { systemd.services.hedgedoc.environment = {
"CMD_LOGLEVEL" = "warn"; "CMD_LOGLEVEL" = "warn";
@ -70,6 +72,7 @@
"CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR" = "email"; "CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR" = "email";
"CMD_OAUTH2_PROVIDERNAME" = "Infra4Future"; "CMD_OAUTH2_PROVIDERNAME" = "Infra4Future";
}; };
services.postgresql = { services.postgresql = {
enable = true; enable = true;
ensureDatabases = [ "codimd" ]; ensureDatabases = [ "codimd" ];