diff options
-rw-r--r-- | nixos/configuration.nix | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/nixos/configuration.nix b/nixos/configuration.nix index acca228714b9..f34e15f00495 100644 --- a/nixos/configuration.nix +++ b/nixos/configuration.nix @@ -1,6 +1,9 @@ { pkgs ? import <nixpkgs> {}, ... }: -{ +let + trimNewline = x: pkgs.lib.removeSuffix "\n" x; + readSecret = x: trimNewline (builtins.readFile ("/etc/secrets/" + x)); +in { imports = [ ./hardware.nix ]; # Use the systemd-boot EFI boot loader. @@ -72,13 +75,19 @@ services.lorri.enable = true; - # TODO(wpcarro): Expose the Monzo credentials to this job. Currently they're - # managed with direnv and pass, which presumably systemd isn't accessing. systemd.user.services.monzo-token-server = { enable = true; description = "Ensure my Monzo access token is valid"; script = "/home/wpcarro/.nix-profile/bin/token-server"; + environment = { + monzo_client_id = readSecret "monzo-client-id"; + monzo_client_secret = readSecret "monzo-client-secret"; + ynab_personal_access_token = readSecret "ynab-personal-access-token"; + ynab_account_id = readSecret "ynab-account-id"; + ynab_budget_id = readSecret "ynab-budget-id"; + }; + serviceConfig = { WorkingDirectory = "%h/briefcase/monzo_ynab"; Type = "oneshot"; |