18dc3dd0b9
Currently the module's `DyanmicUser` does not exist at build time and therefore this module's secrets file can't be assigned appropriate (e.g. 0400) permissions without additional configuration. This change uses `LoadCredential` to read the secrets file with elevated privileges and place then into the service-specific credentials directory, where the dynamic user can access them. This will allow using standard approaches to nix secrets (such as sops, agenix), which by default provide an out-of-store `0400 root:root` file. Fixes https://github.com/NixOS/nixpkgs/issues/408780
914 B
914 B