From d09ec6c6a3260ce3c320ce2e3f252e7fb50eef55 Mon Sep 17 00:00:00 2001
From: Tim Keller <tjk@tjkeller.xyz>
Date: Mon, 30 Mar 2026 22:44:35 -0500
Subject: add wg1 for poweredge and masquerade for wg1 etc

---
 hosts/poweredge/ddns-updater.nix | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'hosts/poweredge/ddns-updater.nix')

diff --git a/hosts/poweredge/ddns-updater.nix b/hosts/poweredge/ddns-updater.nix
index 30f6e05..103c23b 100644
--- a/hosts/poweredge/ddns-updater.nix
+++ b/hosts/poweredge/ddns-updater.nix
@@ -1,4 +1,4 @@
-{ config, ... }: {
+{ config, lib, ... }: {
 	# Password file for mail application password
 	sops.secrets.ddns-updater-config.sopsFile = ./resources/secrets/ddns-updater-config.yaml;
 
@@ -11,4 +11,9 @@
 			PERIOD = "5m";
 		};
 	};
+
+	# FIXME Required root permissions to open secret
+	systemd.services.ddns-updater = {
+		serviceConfig.DynamicUser = lib.mkForce false;
+	};
 }
-- 
cgit v1.2.3