07b64a2ad7
The `extraConfig` parameter only handles text - it doesn't support arbitrary secrets and, with the way it's processed in the setup script, it's very easy to accidentally unescape the echoed string and run shell commands / feed garbage to bash. To fix this, implement a new option, `config`, which instead takes a typed attribute set, generates the `.env` file in nix and does arbitrary secret replacement. This option is then used to provide the configuration for all other options which change the `.env` file.
14 KiB
14 KiB