This is a small wrapper over systemd's LoadCredential.
It takes the same sections and keys as services.forgejo.settings, but the value of each key is a path instead of a string or bool.
The path is then loaded as credential, exported as environment variable and then feed through https://codeberg.org/forgejo/forgejo/src/branch/forgejo/contrib/environment-to-ini/environment-to-ini.go.
It does the required environment variable escaping for you.
Keys specified here take priority over the ones in services.forgejo.settings!
Declarations
Type
open submodule of attribute set of attribute set of absolute pathDefault
{ }Example
{
metrics = {
TOKEN = "/run/keys/forgejo-metrics-token";
};
camo = {
HMAC_KEY = "/run/keys/forgejo-camo-hmac";
};
service = {
HCAPTCHA_SECRET = "/run/keys/forgejo-hcaptcha-secret";
HCAPTCHA_SITEKEY = "/run/keys/forgejo-hcaptcha-sitekey";
};
}