nixos/mxisd: allow passing secrets

Suppose you want to provide a LDAP-based directory search to your
homeserver via a service-user with a bind-password. To make sure that
this doesn't end up in the Nix store, it's now possible to set a
substitute for the bindPassword like

    services.mxisd.extraConfig.ldap.connection = {
      # host, bindDn etc.
      bindPassword = "$LDAP_BIND_PW";
    };

and write the actual secret into an environment file that's readable for
`mxisd.service` containing

    LDAP_BIND_PW=<your secret bind pw>

and the following setting in the Nix expression:

    services.mxisd.environmentFile = "/runs/ecrets/mxisd";

(cherry picked from commit aa25ce7aa1a89618e4257fd46c7d20879f54c728)

0 files changed, 0 insertions, 0 deletions