From 088ac726326776bea3065f5c549a0e2059e9446c Mon Sep 17 00:00:00 2001
From: Jermeiah S <owner@arouzing.xyz>
Date: Sat, 14 Jun 2025 07:55:32 -0400
Subject: [PATCH] add environment file mechanism for secrets

---
 modules/nixos/common/otf.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/modules/nixos/common/otf.nix b/modules/nixos/common/otf.nix
index 69d6618..5a3fda2 100644
--- a/modules/nixos/common/otf.nix
+++ b/modules/nixos/common/otf.nix
@@ -19,6 +19,10 @@ in
     };
     package = lib.mkPackageOption pkgs "otf" { };
     pgPackage = lib.mkPackageOption pkgs "postgresql_16" { };
+    environmentFile = lib.mkEnableOption {
+      type = with lib.types; nullOr path;
+      default = lib.types.null;
+    };
     # this application is configured entirely by environment variables and needs to be exposed
     environment = lib.mkOption {
       type =
@@ -85,6 +89,7 @@ in
         WorkingDirectory = cfg.dataDir;
         ExecStart = "${cfg.package}/bin/otfd";
         Restart = "on-failure";
+        EnvironmentFile = lib.mkIf (cfg.environment.file != null) cfg.environment.file;
       };
     };
   };