@ -877,6 +877,37 @@ in
description = " C o n f i g u r e t h e S A M L i n t e g r a t i o n . " ;
} ;
} ;
environmentFile = mkOption {
type = with types ; nullOr path ;
default = null ;
example = " / v a r / l i b / c o d i m d / c o d i m d . e n v " ;
description = ''
Environment file as defined in <citerefentry>
<refentrytitle> systemd . exec < /refentrytitle > <manvolnum> 5 < /manvolnum >
< /citerefentry > .
Secrets may be passed to the service without adding them to the world-readable
Nix store , by specifying placeholder variables as the option value in Nix and
setting these variables accordingly in the environment file .
<programlisting>
# snippet of CodiMD-related config
services . codimd . configuration . dbURL = " p o s t g r e s : / / c o d i m d : \' ' ${ DB_PASSWORD } @ d b - h o s t : 5 4 3 2 / c o d i m d d b " ;
services . codimd . configuration . minio . secretKey = " $ M I N I O _ S E C R E T _ K E Y " ;
< /programlisting >
<programlisting>
# content of the environment file
DB_PASSWORD = verysecretdbpassword
MINIO_SECRET_KEY = verysecretminiokey
< /programlisting >
Note that this file needs to be available on the host on which
<literal> CodiMD < /literal > is running .
'' ;
} ;
} ;
config = mkIf cfg . enable {
@ -900,11 +931,17 @@ in
description = " C o d i M D S e r v i c e " ;
wantedBy = [ " m u l t i - u s e r . t a r g e t " ] ;
after = [ " n e t w o r k i n g . t a r g e t " ] ;
preStart = ''
$ { pkgs . envsubst } /bin/envsubst \
- o $ { cfg . workDir } /config.json \
- i $ { prettyJSON cfg . configuration }
'' ;
serviceConfig = {
WorkingDirectory = cfg . workDir ;
ExecStart = " ${ pkgs . codimd } / b i n / c o d i m d " ;
EnvironmentFile = mkIf ( cfg . environmentFile != null ) [ cfg . environmentFile ] ;
Environment = [
" C M D _ C O N F I G _ F I L E = ${ prettyJSON cfg . configuration } "
" C M D _ C O N F I G _ F I L E = ${ cfg . workDir } / c o n f i g . j s o n "
" N O D E _ E N V = p r o d u c t i o n "
] ;
Restart = " a l w a y s " ;