diff options
Diffstat (limited to 'hosts/surtr/dns/default.nix')
-rw-r--r-- | hosts/surtr/dns/default.nix | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix index 808c56da..026111be 100644 --- a/hosts/surtr/dns/default.nix +++ b/hosts/surtr/dns/default.nix | |||
@@ -44,11 +44,14 @@ in { | |||
44 | fsType = "zfs"; | 44 | fsType = "zfs"; |
45 | }; | 45 | }; |
46 | 46 | ||
47 | systemd.services.knot.unitConfig.RequiresMountsFor = [ "/var/lib/knot" ]; | 47 | systemd.services.knot = { |
48 | unitConfig.RequiresMountsFor = [ "/var/lib/knot" ]; | ||
49 | serviceConfig.LoadCredential = map ({name, ...}: "${name}:config.sops.secrets.${name}.path") knotKeys; | ||
50 | }; | ||
48 | 51 | ||
49 | services.knot = { | 52 | services.knot = { |
50 | enable = true; | 53 | enable = true; |
51 | keyFiles = map ({name, ...}: config.sops.secrets.${name}.path) knotKeys; | 54 | keyFiles = map ({name, ...}: "/run/credentials/knot.service/${name}") knotKeys; |
52 | extraConfig = '' | 55 | extraConfig = '' |
53 | server: | 56 | server: |
54 | listen: 127.0.0.1@53 | 57 | listen: 127.0.0.1@53 |
@@ -192,7 +195,6 @@ in { | |||
192 | 195 | ||
193 | sops.secrets = listToAttrs (map ({name, path}: nameValuePair name { | 196 | sops.secrets = listToAttrs (map ({name, path}: nameValuePair name { |
194 | format = "binary"; | 197 | format = "binary"; |
195 | owner = "knot"; | ||
196 | sopsFile = path; | 198 | sopsFile = path; |
197 | }) knotKeys); | 199 | }) knotKeys); |
198 | 200 | ||