This is a small wrapper over systemd's LoadCredential.
It takes the same sections and keys as services.forgejo.settings, but the value of each key is a path instead of a string or bool.
The path is then loaded as credential, exported as environment variable and then feed through https://codeberg.org/forgejo/forgejo/src/branch/forgejo/contrib/environment-to-ini/environment-to-ini.go.
It does the required environment variable escaping for you.
Keys specified here take priority over the ones in services.forgejo.settings!
Declarations
Type
attribute set of attribute set of pathDefault
{ }Example
{
metrics = {
TOKEN = "/run/keys/forgejo-metrics-token";
};
camo = {
HMAC_KEY = "/run/keys/forgejo-camo-hmac";
};
service = {
HCAPTCHA_SECRET = "/run/keys/forgejo-hcaptcha-secret";
HCAPTCHA_SITEKEY = "/run/keys/forgejo-hcaptcha-sitekey";
};
}