add credentials

module.nix

@@ -17,6 +17,20 @@ in
 
       enable = lib.mkEnableOption "Verwaltungstracker web app";
 
+      credentials = lib.mkOption {
+        type = lib.types.attrsOf lib.types.str;
+        default = { };
+        example = {
+          MASTODON_API_KEY = "/run/secrets/mastodon_api_key";
+        };
+        description = ''
+          Credentials to pass to the Verwaltungstracker service.
+          Maps environment variable names to file paths containing the secret values.
+          These are loaded via systemd's LoadCredential mechanism.
+          The Python app will automatically read the value from the file.
+        '';
+      };
+
     } // options.services.froide-govplan.settings;
   };
 
@@ -29,8 +43,8 @@ in
             domain = "git.project-insanity.org";
             owner = "onny";
             repo = "verwaltungstracker";
-            rev = "e5acfdf19d5af71bc5223c72713c128f3948f39f";
-            hash = "sha256-SRxPKherMz9xv/1XZjmwYg74r7Qln+vfLWgHyG5RbxQ=";
+            rev = "fa82bf579a4a17460f6489843f2d8e2cf8b4f7c8";
+            hash = "sha256-5vE8pLSAezULKb+B8OF4C/8r4C8b1aFNvbkRZ7+ZCXM=";
           };
           dependencies = oldAttrs.dependencies ++ [ oldAttrs.passthru.python.pkgs.mastodon-py ];
           passthru = oldAttrs.passthru // {
@@ -42,6 +56,7 @@ in
 
     services.froide-govplan = {
       enable = true;
+      package = pkgs.froide-govplan;
       settings = cfg.settings;
     };