add wg1 for poweredge and masquerade for wg1 etc

author: Tim Keller <tjk@tjkeller.xyz> 2026-03-30 22:44:35 -0500
committer: Tim Keller <tjk@tjkeller.xyz> 2026-03-30 22:44:35 -0500
commit: d09ec6c6a3260ce3c320ce2e3f252e7fb50eef55 (patch)
tree: 04ac8f02d3c13fd6a50cc3bcef6566fdf5837092 /hosts/poweredge/ddns-updater.nix
parent: 369e8b83f082f3ac2d3f6a040c0efafe981642a7 (diff)
download: nixos-d09ec6c6a3260ce3c320ce2e3f252e7fb50eef55.tar.xz
nixos-d09ec6c6a3260ce3c320ce2e3f252e7fb50eef55.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/hosts/poweredge/ddns-updater.nix b/hosts/poweredge/ddns-updater.nix
index 30f6e05..103c23b 100644
--- a/hosts/poweredge/ddns-updater.nix
+++ b/hosts/poweredge/ddns-updater.nix
@@ -1,4 +1,4 @@
-{ config, ... }: {
+{ config, lib, ... }: {
 	# Password file for mail application password
 	sops.secrets.ddns-updater-config.sopsFile = ./resources/secrets/ddns-updater-config.yaml;
 
@@ -11,4 +11,9 @@
 			PERIOD = "5m";
 		};
 	};
+
+	# FIXME Required root permissions to open secret
+	systemd.services.ddns-updater = {
+		serviceConfig.DynamicUser = lib.mkForce false;
+	};
 }
author	Tim Keller <tjk@tjkeller.xyz>	2026-03-30 22:44:35 -0500
committer	Tim Keller <tjk@tjkeller.xyz>	2026-03-30 22:44:35 -0500
commit	d09ec6c6a3260ce3c320ce2e3f252e7fb50eef55 (patch)
tree	04ac8f02d3c13fd6a50cc3bcef6566fdf5837092 /hosts/poweredge/ddns-updater.nix
parent	369e8b83f082f3ac2d3f6a040c0efafe981642a7 (diff)
download	nixos-d09ec6c6a3260ce3c320ce2e3f252e7fb50eef55.tar.xz nixos-d09ec6c6a3260ce3c320ce2e3f252e7fb50eef55.zip