From 9a9da37d19b59edf40ff5be167f50fd40d1e7f19 Mon Sep 17 00:00:00 2001
From: Henri Bourcereau <henri.bourcereau@gmail.com>
Date: Wed, 20 May 2026 12:37:36 +0200
Subject: [PATCH] fix: module.nix credentials permissions

---
 module.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/module.nix b/module.nix
index 212f614..63054a8 100644
--- a/module.nix
+++ b/module.nix
@@ -178,7 +178,7 @@ in
         '';
         startScript = pkgs.writeShellScript "trictrac-start" (
           optionalString (cfg.smtp.passwordFile != null) ''
-            export SMTP_PASS="$(< ${cfg.smtp.passwordFile})"
+            export SMTP_PASS="$(< "$CREDENTIALS_DIRECTORY/smtp-pass")"
           '' + ''
             exec ${pkgs.trictrac}/bin/relay-server
           ''
@@ -210,6 +210,7 @@ in
           StateDirectory = "trictrac";
           StateDirectoryMode = "0755";
           WorkingDirectory = "/var/lib/trictrac";
+          LoadCredential = mkIf (cfg.smtp.passwordFile != null) "smtp-pass:${cfg.smtp.passwordFile}";
           ExecStartPre = "${setupScript}";
           ExecStart = "${startScript}";
           Restart = "on-failure";