Commit cc0f145107c9
Changed files (1)
systems
okinawa
systems/okinawa/extra.nix
@@ -173,15 +173,19 @@
serviceConfig = {
Type = "simple";
WorkingDirectory = "/home/vincent";
- ExecStart = "${pkgs.opencode}/bin/opencode web";
+ ExecStart = pkgs.writeShellScript "opencode-web-start" ''
+ # Load secrets into environment
+ export OPENCODE_SERVER_PASSWORD=$(cat ${config.age.secrets."opencode-password".path})
+ export GROQ_API_KEY=$(cat ${config.age.secrets."groq-api-key".path})
+ export OPENROUTER_API_KEY=$(cat ${config.age.secrets."openrouter-api-key".path})
+ export GOOGLE_GENERATIVE_AI_API_KEY=$(cat ${config.age.secrets."gemini-api-key".path})
+ exec ${pkgs.opencode}/bin/opencode web
+ '';
Restart = "on-failure";
RestartSec = 10;
User = "vincent";
Group = "users";
-
- # Environment file for secrets (built at service start)
- EnvironmentFile = "/run/opencode/env";
};
environment = {
@@ -193,19 +197,10 @@
GOOGLE_VERTEX_LOCATION = "us-east5";
};
- # Build environment file from secrets and copy config
+ # Copy config file before start
preStart = ''
mkdir -p /run/opencode/config/opencode
cp ${opencode-config} /run/opencode/config/opencode/opencode.json
-
- # Build env file from secrets
- {
- echo "OPENCODE_SERVER_PASSWORD=$(cat ${config.age.secrets."opencode-password".path})"
- echo "GROQ_API_KEY=$(cat ${config.age.secrets."groq-api-key".path})"
- echo "OPENROUTER_API_KEY=$(cat ${config.age.secrets."openrouter-api-key".path})"
- echo "GOOGLE_GENERATIVE_AI_API_KEY=$(cat ${config.age.secrets."gemini-api-key".path})"
- } > /run/opencode/env
- chmod 400 /run/opencode/env
'';
};