services.forgejo.secrets

This is a small wrapper over systemd's LoadCredential.

It takes the same sections and keys as services.forgejo.settings, but the value of each key is a path instead of a string or bool.

The path is then loaded as credential, exported as environment variable and then feed through https://codeberg.org/forgejo/forgejo/src/branch/forgejo/contrib/environment-to-ini/environment-to-ini.go.

It does the required environment variable escaping for you.

Type

open submodule of attribute set of attribute set of absolute path

Default

{ }

Example

{
  metrics = {
    TOKEN = "/run/keys/forgejo-metrics-token";
  };
  camo = {
    HMAC_KEY = "/run/keys/forgejo-camo-hmac";
  };
  service = {
    HCAPTCHA_SECRET = "/run/keys/forgejo-hcaptcha-secret";
    HCAPTCHA_SITEKEY = "/run/keys/forgejo-hcaptcha-sitekey";
  };
}

Declared

<nixpkgs/nixos/modules/services/misc/forgejo.nix>