fix ddns-updater service it works now!

1 files changed, 12 insertions, 9 deletions

diff --git a/hosts/poweredge/ddns-updater.nix b/hosts/poweredge/ddns-updater.nix
index 103c23b..319e3c4 100644
--- a/hosts/poweredge/ddns-updater.nix
+++ b/hosts/poweredge/ddns-updater.nix
@@ -1,19 +1,22 @@
-{ config, lib, ... }: {
-	# Password file for mail application password
+{ config, lib, ... }: let
+	credential = "config";
+in {
+	# Config for ddns-updater, owned by the ddns-updater systemd service user
 	sops.secrets.ddns-updater-config.sopsFile = ./resources/secrets/ddns-updater-config.yaml;
 
+	# Load secret as a credential in systemd service
+	systemd.services.ddns-updater.serviceConfig = {
+		LoadCredential = [
+			"${credential}:${config.sops.secrets.ddns-updater-config.path}"
+		];
+	};
+
 	# Enable ddns updater
 	services.ddns-updater = {
 		enable = true;
 		environment = {
 			SERVER_ENABLED="no";
-			CONFIG_FILEPATH = config.sops.secrets.ddns-updater-config.path;
-			PERIOD = "5m";
+			CONFIG_FILEPATH = "%d/${credential}";
 		};
 	};
-
-	# FIXME Required root permissions to open secret
-	systemd.services.ddns-updater = {
-		serviceConfig.DynamicUser = lib.mkForce false;
-	};
 }