TernixTernix
Config (0)

services.forgejo.secrets

NixOS option

This is a small wrapper over systemd’s LoadCredential. It takes the same sections and keys as services.forgejo.settings, but the value of each key is a path instead of a string or bool. The path is then loaded as credential, exported as environment variable and then feed through https://codeberg.org/forgejo/forgejo/src/branch/forgejo/contrib/environment-to-ini/environment-to-ini.go. It does the required environment variable escaping for you. Keys specified here take priority over the ones in services.forgejo.settings!

type: open submodule of attribute set of attribute set of absolute path
Default
{ }
Example
{
  metrics = {
    TOKEN = "/run/keys/forgejo-metrics-token";
  };
  camo = {
    HMAC_KEY = "/run/keys/forgejo-camo-hmac";
  };
  service = {
    HCAPTCHA_SECRET = "/run/keys/forgejo-hcaptcha-secret";
    HCAPTCHA_SITEKEY = "/run/keys/forgejo-hcaptcha-sitekey";
  };
}
declared in: nixos/modules/services/misc/forgejo.nixView source on NixOS/nixpkgs →