6267895e98
This commit introduces a new option for the Opencode web service to allow configuring an environment file so that we can safely specify an `OPENCODE_SERVER_PASSWORD` environment variable to secure access to the service without exposing the secret to the Nix store.
29 lines
741 B
Nix
29 lines
741 B
Nix
{
|
|
pkgs,
|
|
...
|
|
}:
|
|
{
|
|
programs.opencode = {
|
|
enable = true;
|
|
|
|
web = {
|
|
enable = true;
|
|
environmentFile = "/run/secrets/opencode";
|
|
};
|
|
};
|
|
|
|
nmt.script =
|
|
if pkgs.stdenv.hostPlatform.isDarwin then
|
|
''
|
|
serviceFile=LaunchAgents/org.nix-community.home.opencode-web.plist
|
|
assertFileExists "$serviceFile"
|
|
serviceFileNormalized="$(normalizeStorePaths "$serviceFile")"
|
|
assertFileContent "$serviceFileNormalized" ${./web-service-environment-file.plist}
|
|
''
|
|
else
|
|
''
|
|
serviceFile=home-files/.config/systemd/user/opencode-web.service
|
|
assertFileExists "$serviceFile"
|
|
assertFileContent "$serviceFile" ${./web-service-environment-file.service}
|
|
'';
|
|
}
|