blob: 319e3c4bd67e13832c73b4e0cd92bbe7fe9214ea (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
{ config, lib, ... }: let
credential = "config";
in {
# Config for ddns-updater, owned by the ddns-updater systemd service user
sops.secrets.ddns-updater-config.sopsFile = ./resources/secrets/ddns-updater-config.yaml;
# Load secret as a credential in systemd service
systemd.services.ddns-updater.serviceConfig = {
LoadCredential = [
"${credential}:${config.sops.secrets.ddns-updater-config.path}"
];
};
# Enable ddns updater
services.ddns-updater = {
enable = true;
environment = {
SERVER_ENABLED="no";
CONFIG_FILEPATH = "%d/${credential}";
};
};
}
|
