add environment file mechanism for secrets

modules/nixos/common/otf.nix

@@ -19,6 +19,10 @@ in
     };
     package = lib.mkPackageOption pkgs "otf" { };
     pgPackage = lib.mkPackageOption pkgs "postgresql_16" { };
+    environmentFile = lib.mkEnableOption {
+      type = with lib.types; nullOr path;
+      default = lib.types.null;
+    };
     # this application is configured entirely by environment variables and needs to be exposed
     environment = lib.mkOption {
       type =
@@ -85,6 +89,7 @@ in
         WorkingDirectory = cfg.dataDir;
         ExecStart = "${cfg.package}/bin/otfd";
         Restart = "on-failure";
+        EnvironmentFile = lib.mkIf (cfg.environment.file != null) cfg.environment.file;
       };
     };
   };