From 747dc5d5b559b7e2c5ea1354a596597110208219 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Tue, 19 May 2026 10:19:18 +0200
Subject: bump

---
 hosts/surtr/tls/default.nix | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'hosts/surtr')

diff --git a/hosts/surtr/tls/default.nix b/hosts/surtr/tls/default.nix
index 2c346baa..edec60b1 100644
--- a/hosts/surtr/tls/default.nix
+++ b/hosts/surtr/tls/default.nix
@@ -58,16 +58,18 @@ in {
         extraDomainNames = optional domainCfg.wildcard "*.${domain}";
         dnsResolver = "127.0.0.1:53";
         dnsProvider = "rfc2136";
-        credentialsFile = pkgs.writeText "${domain}_credentials.env" ''
+        environmentFile = pkgs.writeText "${domain}_credentials.env" ''
           RFC2136_NAMESERVER=127.0.0.1:53
           RFC2136_TSIG_ALGORITHM=hmac-sha256.
           RFC2136_TSIG_KEY=${domain}_acme_key
-          RFC2136_TSIG_SECRET_FILE=/run/credentials/acme-order-renew-${domain}.service/${tsigSecretName domain}
           RFC2136_TTL=0
           RFC2136_PROPAGATION_TIMEOUT=60
           RFC2136_POLLING_INTERVAL=2
           RFC2136_SEQUENCE_INTERVAL=1
         '';
+        credentialFiles = {
+          RFC2136_TSIG_SECRET_FILE = "/run/credentials/acme-order-renew-${domain}.service/${tsigSecretName domain}";
+        };
         dnsPropagationCheck = false;
         postRun = mkIf (domainCfg.restartUnits != []) ''
           systemctl --no-block try-restart ${escapeShellArgs domainCfg.restartUnits}
-- 
cgit v1.2.3