diff options
Diffstat (limited to 'flake.nix')
| -rw-r--r-- | flake.nix | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/flake.nix b/flake.nix index 0ea2d37..d074ab1 100644 --- a/flake.nix +++ b/flake.nix @@ -78,6 +78,11 @@ example = "https://indieauth.com/auth"; description = "Authorization endpoint to use to authenticate the user. You can use the default if you are unsure."; }; + internalTokenFile = mkOption { + type = types.nullOr types.str; + example = "/run/secrets/kittybox-shared-secret"; + description = "A shared secret that will, when passed, allow unlimited editing access to database. Keep it safe."; + }; }; }; config = lib.mkIf cfg.enable { @@ -101,8 +106,14 @@ REDIS_URI = if (cfg.redisUri == null) then "redis://127.0.0.1:6379/" else cfg.redisUri; }; + script = '' + if [[ -f ${cfg.internalTokenFile} ]]; then + export KITTYBOX_INTERNAL_TOKEN=$(${pkgs.coreutils}/bin/cat ${cfg.internalTokenFile}) + fi + exec ${cfg.package}/bin/kittybox + ''; + serviceConfig = { - ExecStart = "${cfg.package}/bin/kittybox"; DynamicUser = true; }; }; |