Reading env variables from files

tcurdt · January 14, 2024, 2:59pm

I know it’s best to have secrets in files - but some containers only support env variables.

  virtualisation.oci-containers.containers = {
    foo = {
      image = "....";
      environment = {
        USER = "foo";
        PASSWORD = "secret"; # read from file
      };
      login = {
        registry = "ghcr.io";
        username = "tcurdt";
        passwordFile = "/run/secrets/registry.github";
      };
    };

Is there an easy way to read the PASSWORD from a file instead?
Similar to the login.registry.passwordFile.

hexa · January 14, 2024, 3:44pm

You can use the environmentFiles option in that same scope.

https://search.nixos.org/options?channel=23.11&show=virtualisation.oci-containers.containers.<name>.environmentFiles&from=0&size=50&sort=relevance&type=packages&query=environmentFiles

tcurdt · January 15, 2024, 12:09am

Ah, I missed that. Thanks!
Works!