krebs.systemd: support credentials of any service

author: tv <tv@krebsco.de> 2021-12-23 20:09:06 +0100
committer: tv <tv@krebsco.de> 2021-12-23 20:18:28 +0100
commit: 1cf495d6eb113541dfa1667f03f7edd10c2217b1 (patch)
tree: 8ed3026e1ab4705c5758a354e032ebfb0bf621df /krebs/3modules/tinc.nix
parent: 5f7ab23ebf220194dc9ef28dd164f042ee2804c4 (diff)
1 files changed, 9 insertions, 6 deletions
diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix
index f709b334..dca764f6 100644
--- a/krebs/3modules/tinc.nix
+++ b/krebs/3modules/tinc.nix
@@ -229,6 +229,15 @@ with import <stockholm/lib>;
     ) config.krebs.tinc;
 
     krebs.systemd.services = mapAttrs (netname: cfg: {
+      serviceConfig.LoadCredential = filter (x: x != "") [
+        (optionalString (cfg.privkey_ed25519 != null)
+          "ed25519_key:${cfg.privkey_ed25519}"
+        )
+        "rsa_key:${cfg.privkey}"
+      ];
+    }) config.krebs.tinc;
+
+    systemd.services = mapAttrs (netname: cfg: {
       description = "Tinc daemon for ${netname}";
       after = [ "network.target" ];
       wantedBy = [ "multi-user.target" ];
@@ -239,12 +248,6 @@ with import <stockholm/lib>;
       reloadIfChanged = true;
       restartTriggers = [ cfg.confDir ];
       serviceConfig = {
-        LoadCredential = filter (x: x != "") [
-          (optionalString (cfg.privkey_ed25519 != null)
-            "ed25519_key:${cfg.privkey_ed25519}"
-          )
-          "rsa_key:${cfg.privkey}"
-        ];
         Restart = "always";
         ExecStart = toString [
           "${cfg.tincPackage}/sbin/tincd"
author	tv <tv@krebsco.de>	2021-12-23 20:09:06 +0100
committer	tv <tv@krebsco.de>	2021-12-23 20:18:28 +0100
commit	1cf495d6eb113541dfa1667f03f7edd10c2217b1 (patch)
tree	8ed3026e1ab4705c5758a354e032ebfb0bf621df /krebs/3modules/tinc.nix
parent	5f7ab23ebf220194dc9ef28dd164f042ee2804c4 (diff)