From 1cf495d6eb113541dfa1667f03f7edd10c2217b1 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 23 Dec 2021 20:09:06 +0100
Subject: krebs.systemd: support credentials of any service

---
 krebs/3modules/tinc.nix | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

(limited to 'krebs/3modules/tinc.nix')

diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix
index f709b334..dca764f6 100644
--- a/krebs/3modules/tinc.nix
+++ b/krebs/3modules/tinc.nix
@@ -229,6 +229,15 @@ with import <stockholm/lib>;
     ) config.krebs.tinc;
 
     krebs.systemd.services = mapAttrs (netname: cfg: {
+      serviceConfig.LoadCredential = filter (x: x != "") [
+        (optionalString (cfg.privkey_ed25519 != null)
+          "ed25519_key:${cfg.privkey_ed25519}"
+        )
+        "rsa_key:${cfg.privkey}"
+      ];
+    }) config.krebs.tinc;
+
+    systemd.services = mapAttrs (netname: cfg: {
       description = "Tinc daemon for ${netname}";
       after = [ "network.target" ];
       wantedBy = [ "multi-user.target" ];
@@ -239,12 +248,6 @@ with import <stockholm/lib>;
       reloadIfChanged = true;
       restartTriggers = [ cfg.confDir ];
       serviceConfig = {
-        LoadCredential = filter (x: x != "") [
-          (optionalString (cfg.privkey_ed25519 != null)
-            "ed25519_key:${cfg.privkey_ed25519}"
-          )
-          "rsa_key:${cfg.privkey}"
-        ];
         Restart = "always";
         ExecStart = toString [
           "${cfg.tincPackage}/sbin/tincd"
-- 
cgit v1.2.3