aaaaaaa

modules/wafrn.nix

@@ -499,7 +499,35 @@ in
             echo "wafrn-nix: secretsFile does not exist: ${cfg.secretsFile}" >&2
             exit 1
           fi
-          cat "${cfg.secretsFile}" >> ${serviceEnvFile}
+
+          while IFS= read -r raw_line || [ -n "$raw_line" ]; do
+            case "$raw_line" in
+              ""|\#*)
+                continue
+                ;;
+            esac
+
+            key="${raw_line%%=*}"
+            value="${raw_line#*=}"
+
+            key="$(printf '%s' "$key" | tr -d '[:space:]')"
+            if ! printf '%s' "$key" | grep -Eq '^[A-Za-z_][A-Za-z0-9_]*$'; then
+              echo "wafrn-nix: ignoring invalid env key from secretsFile: $key" >&2
+              continue
+            fi
+
+            first_char="${value:0:1}"
+            last_char="${value: -1}"
+            if [ "$first_char" = '"' ] && [ "$last_char" = '"' ]; then
+              value="${value:1:${#value}-2}"
+            elif [ "$first_char" = "'" ] && [ "$last_char" = "'" ]; then
+              value="${value:1:${#value}-2}"
+            fi
+
+            value="${value//\\/\\\\}"
+            value="${value//\"/\\\"}"
+            printf '%s="%s"\n' "$key" "$value" >> ${serviceEnvFile}
+          done < "${cfg.secretsFile}"
         ''}
         install -m 0644 ${composeTemplate} ${composeFile}
       '';