about summary refs log tree commit diff
path: root/nixos/configuration.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/configuration.nix')
-rw-r--r--nixos/configuration.nix15
1 files changed, 12 insertions, 3 deletions
diff --git a/nixos/configuration.nix b/nixos/configuration.nix
index acca228714b9..f34e15f00495 100644
--- a/nixos/configuration.nix
+++ b/nixos/configuration.nix
@@ -1,6 +1,9 @@
 { pkgs ? import <nixpkgs> {}, ... }:
 
-{
+let
+  trimNewline = x: pkgs.lib.removeSuffix "\n" x;
+  readSecret = x: trimNewline (builtins.readFile ("/etc/secrets/" + x));
+in {
   imports = [ ./hardware.nix ];
 
   # Use the systemd-boot EFI boot loader.
@@ -72,13 +75,19 @@
 
   services.lorri.enable = true;
 
-  # TODO(wpcarro): Expose the Monzo credentials to this job. Currently they're
-  # managed with direnv and pass, which presumably systemd isn't accessing.
   systemd.user.services.monzo-token-server = {
     enable = true;
     description = "Ensure my Monzo access token is valid";
     script = "/home/wpcarro/.nix-profile/bin/token-server";
 
+    environment = {
+      monzo_client_id = readSecret "monzo-client-id";
+      monzo_client_secret = readSecret "monzo-client-secret";
+      ynab_personal_access_token = readSecret "ynab-personal-access-token";
+      ynab_account_id = readSecret "ynab-account-id";
+      ynab_budget_id = readSecret "ynab-budget-id";
+    };
+
     serviceConfig = {
       WorkingDirectory = "%h/briefcase/monzo_ynab";
       Type = "oneshot";