Personal save-for-later and Miniflux e-reader proxy for Xteink X4 (wip)
fix: nix module miniflux auth issue
+6
-7
+1
-1
README.md
+1
-1
README.md
···
34
34
| ----------------------- | -------- | ------------------------------------------------------------------ |
35
35
| `MINIFLUX_URL` | n/a | required, base URL of your Miniflux instance |
36
36
| `MINIFLUX_TOKEN` | n/a | required (or `MINIFLUX_TOKEN_FILE`), Miniflux API key |
37
-
| `MINIFLUX_TOKEN_FILE` | n/a | path to file containing the token (systemd credential) |
37
+
| `MINIFLUX_TOKEN_FILE` | n/a | path to file containing just the token value |
38
38
| `NIGHTSHADE_PUBLIC_URL` | n/a | unset for loopback OAuth; set to `https://host.tld` for production |
39
39
| `NIGHTSHADE_PORT` | `8787` | HTTP port |
40
40
| `NIGHTSHADE_DATA_DIR` | `./data` | directory for OAuth state/session files and sync snapshot |
+5
-6
module.nix
+5
-6
module.nix
···
45
45
description = "Base URL of the Miniflux instance.";
46
46
};
47
47
48
-
minifluxTokenFile = lib.mkOption {
48
+
environmentFile = lib.mkOption {
49
49
type = lib.types.path;
50
50
description = ''
51
-
Path to a file containing the Miniflux API token. Must be readable by
52
-
root at boot. Loaded via systemd credentials so it never enters the
53
-
Nix store or the unit environment.
51
+
Path to a systemd EnvironmentFile containing secrets (at minimum
52
+
MINIFLUX_TOKEN=...). Must be readable by root at boot; typically
53
+
produced by sops-nix or agenix. Not placed in the Nix store.
54
54
'';
55
55
};
56
56
···
112
112
WorkingDirectory = cfg.dataDir;
113
113
Restart = "on-failure";
114
114
RestartSec = 5;
115
-
LoadCredential = [ "miniflux_token:${cfg.minifluxTokenFile}" ];
116
-
Environment = [ "MINIFLUX_TOKEN_FILE=%d/miniflux_token" ];
115
+
EnvironmentFile = cfg.environmentFile;
117
116
118
117
NoNewPrivileges = true;
119
118
PrivateTmp = true;