Allow the fetcher to authenticate with user name and password.
Note: as of now, GitLab ignores the user name (it must be set, but the
value does not matter) but this may change in the future:
https://gitlab.com/gitlab-org/gitlab/-/issues/212953
Credentials can be passed to the nix-daemon, for example, via a
read-protected `EnvironmentFile`:
```console
$ ls -l /to/secrets.txt
-rw------- 1 root root 100 Nov 1 10:42 /to/secrets.txt
```
In /to/secrets.txt:
```
# for `fetchFromGitLab { private=true; ... }`
NIX_GITLAB_PRIVATE_USERNAME=whatever
NIX_GITLAB_PRIVATE_PASSWORD=glpat-the-access-token
# for `fetchFromGitLab { private=true; varPrefix="EXAMPLE"; ... }`
NIX_EXAMPLE_GITLAB_PRIVATE_USERNAME=whatever
NIX_EXAMPLE_GITLAB_PRIVATE_PASSWORD=glpat-another-access-token
```
In /etc/nixos/configuration.nix:
```nix
{ config, pkgs, ... }:
{
systemd.services.nix-daemon.serviceConfig.EnvironmentFile =
"/to/secrets.txt";
}
```
GitLab supports HTTP Basic Authentication (credentials in `.netrc` file)
only if accessed via Git. Access via the GitLab API requires a custom
header (e.g. `PRIVATE-TOKEN`) instead. See:
* https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html#project-access-tokens
* https://docs.gitlab.com/ee/api/rest/authentication.html#personalprojectgroup-access-tokens
2b5981c5c7