From e532ad85382c4646952a4a447ac50084030ffb56 Mon Sep 17 00:00:00 2001
From: Erwin Boskma <erwin@datarift.nl>
Date: Wed, 24 Apr 2024 14:59:02 +0200
Subject: [PATCH] dendrite: Use LoadCredential to load private key

---
 machines/default.nix              | 4 ++--
 machines/neo/dendrite/default.nix | 4 +++-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/machines/default.nix b/machines/default.nix
index d52bd2e..97ccd7a 100644
--- a/machines/default.nix
+++ b/machines/default.nix
@@ -73,8 +73,8 @@ inputs: {
   neo = {
     config = import ./neo/configuration.nix inputs;
     deploy = {
-      host = "10.0.0.157";
-      # host = "neo.barn-beaver.ts.net";
+      # host = "10.0.0.213";
+      host = "neo.barn-beaver.ts.net";
       targetUser = "erwin";
       tags = [ "container" ];
     };
diff --git a/machines/neo/dendrite/default.nix b/machines/neo/dendrite/default.nix
index ce080bd..c898f23 100644
--- a/machines/neo/dendrite/default.nix
+++ b/machines/neo/dendrite/default.nix
@@ -17,7 +17,8 @@ let
   settings = {
     global = {
       server_name = "matrix.boskma.frl";
-      private_key = config.sops.secrets.dendrite-private-key.path;
+      # private_key = config.sops.secrets.dendrite-private-key.path;
+      private_key = "$$CREDENTIALS_DIRECTORY/private_key";
 
       database = {
         connection_string = "postgresql://%2Frun%2Fpostgresql/dendrite";
@@ -114,6 +115,7 @@ in
       RuntimeDirectoryMode = "0700";
       LimitNOFILE = 65535;
       EnvironmentFile = environmentFile;
+      LoadCredential = [ "private_key:${config.sops.secrets.dendrite-private-key.path}" ];
       ExecStartPre = [
         ''
           ${pkgs.envsubst}/bin/envsubst \