summaryrefslogtreecommitdiff
path: root/hosts/surtr/dns
diff options
context:
space:
mode:
Diffstat (limited to 'hosts/surtr/dns')
-rw-r--r--hosts/surtr/dns/default.nix8
1 files changed, 5 insertions, 3 deletions
diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix
index 808c56da..026111be 100644
--- a/hosts/surtr/dns/default.nix
+++ b/hosts/surtr/dns/default.nix
@@ -44,11 +44,14 @@ in {
44 fsType = "zfs"; 44 fsType = "zfs";
45 }; 45 };
46 46
47 systemd.services.knot.unitConfig.RequiresMountsFor = [ "/var/lib/knot" ]; 47 systemd.services.knot = {
48 unitConfig.RequiresMountsFor = [ "/var/lib/knot" ];
49 serviceConfig.LoadCredential = map ({name, ...}: "${name}:config.sops.secrets.${name}.path") knotKeys;
50 };
48 51
49 services.knot = { 52 services.knot = {
50 enable = true; 53 enable = true;
51 keyFiles = map ({name, ...}: config.sops.secrets.${name}.path) knotKeys; 54 keyFiles = map ({name, ...}: "/run/credentials/knot.service/${name}") knotKeys;
52 extraConfig = '' 55 extraConfig = ''
53 server: 56 server:
54 listen: 127.0.0.1@53 57 listen: 127.0.0.1@53
@@ -192,7 +195,6 @@ in {
192 195
193 sops.secrets = listToAttrs (map ({name, path}: nameValuePair name { 196 sops.secrets = listToAttrs (map ({name, path}: nameValuePair name {
194 format = "binary"; 197 format = "binary";
195 owner = "knot";
196 sopsFile = path; 198 sopsFile = path;
197 }) knotKeys); 199 }) knotKeys);
198 200
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-25 01:39:36 +0000