From 805e5be3b1701df9775ccc4201130fc98f349a75 Mon Sep 17 00:00:00 2001
From: Jonas Heinrich <onny@project-insanity.org>
Date: Mon, 18 Aug 2025 16:08:21 +0200
Subject: [PATCH] fix passing secret file as config

---
 module.nix | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/module.nix b/module.nix
index 18cdb4f..5e729a9 100644
--- a/module.nix
+++ b/module.nix
@@ -57,12 +57,16 @@ in
       };
 
       secretFile = lib.mkOption {
-        type = with lib.types; listOf path;
+        type = lib.types.nullOr (lib.types.pathWith {
+          inStore = false;
+          absolute = true;
+        });
+        default = null;
+        example = "/run/keys/mail-quota-warning-secrets";
         description = ''
-          A list of files containing the various secrets. Should be in the
-          format expected by systemd's `EnvironmentFile` directory.
+          A YAML file containing secrets, see example config file
+          in the repository.
         '';
-        default = [ ];
       };
 
       interval = lib.mkOption {
@@ -91,7 +95,7 @@ in
       // lib.mapAttrs (_: v: toString v) cfg.settings;
       serviceConfig = {
         Type = "simple";
-        ExecStart = lib.getExe pkgs.mail-quota-warning;
+        ExecStart = "${lib.getExe pkgs.mail-quota-warning}${lib.optionalString (cfg.secretFile != null) " --config ${cfg.secretFile}"}";
 
         # hardening
         AmbientCapabilities = "";
@@ -128,9 +132,6 @@ in
           "~@privileged"
         ];
         UMask = "0077";
-      }
-      // lib.optionalAttrs (cfg.secretFile != [ ]) {
-        EnvironmentFile = cfg.secretFile;
       };
     };