services.pinchflat.secretsFile

Secrets like SECRET_KEY_BASE and BASIC_AUTH_PASSWORD should be passed to the service without adding them to the world-readable Nix store.

Note that either this file needs to be available on the host on which pinchflat is running, or the option selfhosted must be true. Further, SECRET_KEY_BASE has a minimum length requirement of 64 bytes. One way to generate such a secret is to use openssl rand -hex 64.

As an example, the contents of the file might look like this:

SECRET_KEY_BASE=...copy-paste a secret token here...
BASIC_AUTH_USERNAME=...basic auth username...
BASIC_AUTH_PASSWORD=...basic auth password...

Type

null or absolute path

Default

null

Example

"/run/secrets/pinchflat"

Declared

<nixpkgs/nixos/modules/services/misc/pinchflat.nix>