services.caddy.environmentFile
Environment file as defined in systemd.exec(5).
You can use environment variables to pass secrets to the service without adding them to the world-redable nix store.
# in configuration.nix
services.caddy.environmentFile = "/run/secrets/caddy.env";
services.caddy.globalConfig = ''
{
acme_ca https://acme.zerossl.com/v2/DV90
acme_eab {
key_id {$EAB_KEY_ID}
mac_key {$EAB_MAC_KEY}
}
}
'';
# in /run/secrets/caddy.env
EAB_KEY_ID=secret
EAB_MAC_KEY=secret
Find more examples here
- Type
null or absolute path- Default
null- Example
"/run/secrets/caddy.env"- Declared
- <nixpkgs/nixos/modules/services/web-servers/caddy/default.nix>