nixos/healthchecks: add EMAIL_HOST_PASSWORD_FILE option

This allows keeping EMAIL_HOST_PASSWORD out of /nix/store.

nixos/modules/services/web-apps/healthchecks.nix

@@ -107,6 +107,8 @@ in
         We add two variables to this list inside the packages `local_settings.py.`
         - STATIC_ROOT to set a state directory for dynamically generated static files.
         - SECRET_KEY_FILE to read SECRET_KEY from a file at runtime and keep it out of /nix/store.
+        - EMAIL_HOST_PASSWORD_FILE to read EMAIL_HOST_PASSWORD from a file at runtime and keep it
+          out of /nix/store.
       '';
       type = types.submodule (settings: {
         freeformType = types.attrsOf types.str;
@@ -163,6 +165,12 @@ in
             '';
             description = lib.mdDoc "Database name.";
           };
+
+          EMAIL_HOST_PASSWORD_FILE = mkOption {
+            type = types.str;
+            default = "";
+            description = lib.mdDoc "Path to a file containing the email password.";
+          };
         };
       });
     };

pkgs/servers/web-apps/healthchecks/default.nix

@@ -41,11 +41,18 @@ py.pkgs.buildPythonApplication rec {
 
   localSettings = writeText "local_settings.py" ''
     import os
+
     STATIC_ROOT = os.getenv("STATIC_ROOT")
+
     SECRET_KEY_FILE = os.getenv("SECRET_KEY_FILE")
     if SECRET_KEY_FILE:
         with open(SECRET_KEY_FILE, "r") as file:
             SECRET_KEY = file.readline()
+
+    EMAIL_HOST_PASSWORD_FILE = os.getenv("EMAIL_HOST_PASSWORD_FILE")
+    if EMAIL_HOST_PASSWORD_FILE:
+        with open(EMAIL_HOST_PASSWORD_FILE, "r") as file:
+            EMAIL_HOST_PASSWORD = file.readline()
   '';
 
   installPhase = ''