nixos/glance: add environmentFile option (#413373)

2025-06-09 19:13:26 +03:00 · 2025-06-06 09:15:18 +02:00 · 2025-06-06 09:15:18 +02:00 · 13cd7afd74
commit 13cd7afd74
parent 2949933ef1 3bddd16a37
1 changed files with 55 additions and 4 deletions
--- a/nixos/modules/services/web-apps/glance.nix
+++ b/nixos/modules/services/web-apps/glance.nix
@ -100,14 +100,64 @@ in
        for more.

        Settings containing secret data should be set to an
-        attribute set containing the attribute
-        <literal>_secret</literal> - a string pointing to a file
-        containing the value the option should be set to. See the
-        example in `services.glance.settings.pages` at the weather widget
+        attribute set with this format: `{ _secret = "/path/to/secret"; }`.
+        See the example in `services.glance.settings.pages` at the weather widget
        with a location secret to get a better picture of this.
+
+        Alternatively, you can use a single file with environment variables,
+        see `services.glance.environmentFile`.
      '';
    };

+    environmentFile = mkOption {
+      type = types.nullOr types.path;
+      description =
+        let
+          singleQuotes = "''";
+        in
+        ''
+          Path to an environment file as defined in {manpage}`systemd.exec(5)`.
+
+          See upstream documentation
+          <https://github.com/glanceapp/glance/blob/main/docs/configuration.md#environment-variables>.
+
+          Example content of the file:
+          ```
+          TIMEZONE=Europe/Paris
+          ```
+
+          Example `services.glance.settings.pages` configuration:
+          ```nix
+            [
+              {
+                name = "Home";
+                columns = [
+                  {
+                    size = "full";
+                    widgets = [
+                      {
+                        type = "clock";
+                        timezone = "\''${TIMEZONE}";
+                        label = "Local Time";
+                      }
+                    ];
+                  }
+                ];
+              }
+            ];
+          ```
+
+          Note that when using Glance's `''${ENV_VAR}` syntax in Nix,
+          you need to escape it as follows: use `\''${ENV_VAR}` in `"` strings
+          and `${singleQuotes}''${ENV_VAR}` in `${singleQuotes}` strings.
+
+          Alternatively, you can put each secret in it's own file,
+          see `services.glance.settings`.
+        '';
+      default = "/dev/null";
+      example = "/var/lib/secrets/glance";
+    };
+
    openFirewall = mkOption {
      type = types.bool;
      default = false;
@ -159,6 +209,7 @@ in
          '';
        ExecStart = "${getExe cfg.package} --config ${mergedSettingsFile}";
        WorkingDirectory = "/var/lib/glance";
+        EnvironmentFile = cfg.environmentFile;
        StateDirectory = "glance";
        RuntimeDirectory = "glance";
        RuntimeDirectoryMode = "0755";