gitea: Add option to supply the metrics token via file

[TLATER]

Description of changes

This adds an option to substitute the metrics token in the gitea config just like all the other secrets. Modeled after the mailerPasswordFile.

I'm not sure if this runs afoul of RFC42, but it's quite annoying to get this secret into the config otherwise, you need to mess with systemd.services.gitea.serviceConfig.ExecStartPre, and expose some gitea module internals to the callsite, which just feels wrong.

Maybe there should be a more generic secret management feature, but I think that's a general NixOS topic that would need much more design.

Is there a feature freeze for 23.11 in place yet? I imagine so, are readme updates in limbo for the moment?

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 23.11 Release Notes (or backporting 23.05 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
• Fits CONTRIBUTING.md.

@srhb @Ma27 @theHedgehog0

[srhb]

Seems perfectly reasonable to me.

There is no freeze in place -- see the schedule here #258640 though this kind of change could go in at the very last minute or even be backported, since it's an entirely nonbreaking feature addition. For the same reason, it doesn't really need an entry in the release notes, so I will simply merge. If you wish to advertise it, you can add it later. :)

[srhb]

Ah, small nit, the commit message should follow the conventions: https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md#commit-conventions

(that is, it should be nixos/gitea: added metricsTokenFile option (that is, since it relates to a module, it should have the nixos/ prefix)

[TLATER]

(that is, it should be nixos/gitea: added metricsTokenFile option (that is, since it relates to a module, it should have the nixos/ prefix)

o\ teaches me to write commit messages late into the night.

Can't get to my computer to add that prefix and re-sign the commit for a while, I'll fix it later today. Thanks for the blazingly fast review!

[TLATER]

@srhb ok, fixed up; I also removed a spurious newline change I missed previously. Should be good to go now :)