diff options
Diffstat (limited to 'hosts/poweredge/ddns-updater.nix')
| -rw-r--r-- | hosts/poweredge/ddns-updater.nix | 21 |
1 files changed, 12 insertions, 9 deletions
diff --git a/hosts/poweredge/ddns-updater.nix b/hosts/poweredge/ddns-updater.nix index 103c23b..319e3c4 100644 --- a/hosts/poweredge/ddns-updater.nix +++ b/hosts/poweredge/ddns-updater.nix @@ -1,19 +1,22 @@ -{ config, lib, ... }: { - # Password file for mail application password +{ config, lib, ... }: let + credential = "config"; +in { + # Config for ddns-updater, owned by the ddns-updater systemd service user sops.secrets.ddns-updater-config.sopsFile = ./resources/secrets/ddns-updater-config.yaml; + # Load secret as a credential in systemd service + systemd.services.ddns-updater.serviceConfig = { + LoadCredential = [ + "${credential}:${config.sops.secrets.ddns-updater-config.path}" + ]; + }; + # Enable ddns updater services.ddns-updater = { enable = true; environment = { SERVER_ENABLED="no"; - CONFIG_FILEPATH = config.sops.secrets.ddns-updater-config.path; - PERIOD = "5m"; + CONFIG_FILEPATH = "%d/${credential}"; }; }; - - # FIXME Required root permissions to open secret - systemd.services.ddns-updater = { - serviceConfig.DynamicUser = lib.mkForce false; - }; } |