Prosody is one of those services that apparently don’t come with an option to read secrets from a (sop-nix) file.
I’m trying to get Jitsi to use my turn server, and all that’s required for this to work is:
services.prosody = {
extraModules = [ "turn_external" ];
extraConfig = ''
turn_external_host = "turn.${my_domains}"
turn_external_port = ${builtins.toString config.services.coturn.listening-port}
turn_external_secret = "I-can-put-the-secret-here-but-then-I-might-as-well-not-use-a-secret-at-all"
'';
};
My last resort would normally be to do
systemd.services.prosody.serviceConfig.EnvironmentFile = config.sops.secrets.coturn.path;
(where the coturn secret would then be in the format ENV_VAR_NAME=my-secreter-secret
), but frustratingly, I can’t find any info online if/how prosody uses environment variables.
Does anyone have any ideas?