From 1935a8ec9b005630a8edcadbfe6d70a0dcac8b5b Mon Sep 17 00:00:00 2001
From: isabel <isabel@isabelroses.com>
Date: Mon, 11 Aug 2025 12:07:22 +0100
Subject: [PATCH] nix/appview: add enviroment file option

---
 nix/modules/appview.nix | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/nix/modules/appview.nix b/nix/modules/appview.nix
index 1c4c53d..11afa02 100644
--- a/nix/modules/appview.nix
+++ b/nix/modules/appview.nix
@@ -27,6 +27,19 @@ in
           default = "00000000000000000000000000000000";
           description = "Cookie secret";
         };
+        environmentFile = mkOption {
+          type = with types; nullOr path;
+          default = null;
+          example = "/etc/tangled-appview.env";
+          description = ''
+            Additional environment file as defined in {manpage}`systemd.exec(5)`.
+
+            Sensitive secrets such as {env}`TANGLED_COOKIE_SECRET` may be
+            passed to the service without makeing them world readable in the
+            nix store.
+
+          '';
+        };
       };
     };
 
@@ -39,6 +52,7 @@ in
           ListenStream = "0.0.0.0:${toString cfg.port}";
           ExecStart = "${cfg.package}/bin/appview";
           Restart = "always";
+          EnvironmentFile = optional (cfg.environmentFile != null) cfg.environmentFile;
         };
 
         environment = {
-- 
2.43.0