```
```nix
+ { config, pkgs, lib, inputs, ... }:
+ {
systemd.services."wireguard-wg-intra".serviceConfig.LoadCredentialEncrypted =
[ "privateKey:''${inputs.self}/wireguard/wg-intra/privateKey.cred" ];
+ }
```
```console
$ nix run .#nixosConfigurations.''${hostName}.config.security.systemd-creds.script
$ git add wireguard/wg-intra/privateKey.cred
```
+
+ ::: {.warning}
+ To be able to access the relative path of the `.cred` file,
+ `inputs.self` has to be used in `LoadCredentialEncrypted`.
+ Note that `inputs` is a `config._module.args` or `specialArgs`
+ usually set in your `flake.nix`.
+ Using `''${wireguard/wg-intra/privatekey}`
+ would not work, because it drops the `wireguard/wg-intra/` part.
+ :::
'';
};
};
credID=${escapeShellArg credID}
credPath=${escapeShellArg credPath}
credBase=''${credPath#${storeDir}/*/}
- if test ! -e "$credBase"; then
+ if test ! -s "$credBase"; then
{ ${cfg.decrypt}; } |
{ ${cfg.shell} -- ${cfg.encrypt} - -; } |
{ ${cfg.install}; }
fi
''
)
- service.serviceConfig.LoadCredentialEncrypted)
+ (toList service.serviceConfig.LoadCredentialEncrypted))
(attrValues
(filterAttrs
(_serviceName: service:
sourcephile / git / julm / julm-nix.git / blobdiff