Does anyone have an idea how to pass `turn_external_secret` to prosody (in a jitsi setup)?

Prosody is one of those services that apparently don’t come with an option to read secrets from a (sop-nix) file.

I’m trying to get Jitsi to use my turn server, and all that’s required for this to work is:

services.prosody = {
    extraModules = [ "turn_external" ];
    extraConfig = ''
      turn_external_host = "turn.${my_domains}"
      turn_external_port = ${builtins.toString config.services.coturn.listening-port}
      turn_external_secret = "I-can-put-the-secret-here-but-then-I-might-as-well-not-use-a-secret-at-all"
    '';
  };

My last resort would normally be to do

systemd.services.prosody.serviceConfig.EnvironmentFile = config.sops.secrets.coturn.path;

(where the coturn secret would then be in the format ENV_VAR_NAME=my-secreter-secret), but frustratingly, I can’t find any info online if/how prosody uses environment variables.

Does anyone have any ideas? :sweat_smile: