From d5e11e4909c74f6f397ea995db4f892ea0bbeec9 Mon Sep 17 00:00:00 2001
From: coolneng <akasroua@gmail.com>
Date: Mon, 1 Dec 2025 09:25:15 +0100
Subject: [PATCH] Remove redundant secret injection for oink

---
 configuration.nix                 |   5 +++++
 modules/networking.nix            |  10 +++-------
 secrets/inadyn-porkbun-secret.age |   5 +++++
 secrets/inadyn-porkbun.age        | Bin 402 -> 281 bytes
 secrets/secrets.nix               |   1 +
 5 files changed, 14 insertions(+), 7 deletions(-)
 create mode 100644 secrets/inadyn-porkbun-secret.age

diff --git a/configuration.nix b/configuration.nix
index 9930585..fa9ed53 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -210,6 +210,11 @@ with pkgs;
       owner = "inadyn";
       group = "inadyn";
     };
+    secrets.inadyn-porkbun-secret = {
+      file = secrets/inadyn-porkbun-secret.age;
+      owner = "inadyn";
+      group = "inadyn";
+    };
     secrets.acme-duckdns = {
       file = secrets/acme-duckdns.age;
       owner = "acme";
diff --git a/modules/networking.nix b/modules/networking.nix
index 72350eb..dc99b9b 100644
--- a/modules/networking.nix
+++ b/modules/networking.nix
@@ -47,11 +47,9 @@ in
   # NOTE Temporary workaround until Inadyn fixes the Porkbun module
   services.oink = {
     enable = true;
-    settings = {
-      apiKey = "PLACEHOLDER";
-      secretApiKey = "PLACEHOLDER";
-      interval = 1800;
-    };
+    apiKeyFile = config.age.secrets.inadyn-porkbun.path;
+    secretApiKeyFile = config.age.secrets.inadyn-porkbun-secret.path;
+    settings.interval = 1800;
     domains = [
       {
         domain = "psydnd.org";
@@ -59,8 +57,6 @@ in
       }
     ];
   };
-  # NOTE Load credentials using environment variables
-  systemd.services.oink.serviceConfig.EnvironmentFile = config.age.secrets.inadyn-porkbun.path;
 
   # Firewall configuration
   networking.firewall = {
diff --git a/secrets/inadyn-porkbun-secret.age b/secrets/inadyn-porkbun-secret.age
new file mode 100644
index 0000000..79825d1
--- /dev/null
+++ b/secrets/inadyn-porkbun-secret.age
@@ -0,0 +1,5 @@
+age-encryption.org/v1
+-> ssh-ed25519 iUaRGg paS5BxWWicriSLAZyCBKd2xylLAp4/LcHmogO7me8yQ
+MWW/Pkvn+4G4YeYXY9ZPXC92TbcFXQMyHJ2ltFzXpZs
+--- ZdFfQ7tHfEo+u/0MmigCNh6OIxkd2bimRN30rMUs1ks
+Å9‚7Y˜$BµsXïÊ½bÙO'J° S'é5!­©UMÊ¯-vÆm¡¿¹Î8%|R,‹~I¸ŽúG›»VQE•0Dý:Qv<æ¾)€Ïÿ%fcÇñXZÕ¹ 7+yB
\ No newline at end of file
diff --git a/secrets/inadyn-porkbun.age b/secrets/inadyn-porkbun.age
index 3e00a89b379222255fe4f7eacd201d85b021cd01..65b43374d328fc111ccde04ff8ba154586e8fe13 100644
GIT binary patch
delta 245
zcmbQlJd<gHPJN+!LB3^JaCn5ad3uDazh{zDxqrEbbFg=kpHHGuroWMgW1ve&sG)nP
z1y`kyS%G7uvsY+9SbDOtmv4SxX0~6YW4KRxrn#?MU{y|0aCv}lRz$j^FPE;au0m;v
zmwSMrd2&gag-Miuxk*TIvZs5wc78~NQ>dqVaA-khab93}US_$zWhj^F*L#XeQx8d0
zJn_8s+;I9!!35ql^)(;QHJ@2*AQATHPves<e}Xh;t+r?rUs24p>>`8qYR_Dg*_)h2
yJKlZx@YT!x!&<#)ll3h5v8$xC-YUk&OLJ_ylP=EevrX#?U+t3Xx!*#}zXJf1<zKe|

delta 367
zcmbQqG>LhFPQ6=}zNf2ivbJk^KvG3mWI&3qVM(Z)L6~8gkA<5-rJs3ufOAN)i+_Hg
zCzpSakA<sao_9#Tsat-Dabb{4q;rmYS#C){PG-2HiDhD7xKlw@p^sZdK9{bpu7X>U
zYr2JDv7^6!MNV#{kGpSSl4YWsNxqq(m#MjPVM>x&V10gud4^F`MLO3{(UTj?c`w;j
zc>iFmy>@}SDgAD{1}n$pJKg>YVH+|!p2rp`mRA@)_$6^?W|pX8Uv21Z-WGnY2>yLe
zLdQ8>W{S*~TK0MMG{-Ifw<T}f&vf|RQtn5^bDyN_j5RnEU6nb@VC~D5_tz*%%5L9l
zc_5Z)iR00&PY*B15HzfOmw4anXnFSL1(ysW-(`H5X|^&ZCY;51f>pJl><#s5_FXa$
zOK#6%w&P`b7v6L1>$<xfLbKRhH~PCAI^Cl#88U}ic@1-qoxs_EzZ|im_v|HFQd&<0
Vv<6tb(wuVrsr?JCj{E86#sC<Um7f3r

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 1a6b1cd..4fb35e1 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -17,6 +17,7 @@ in
   "signal.age".publicKeys = [ zion ];
   "inadyn-duckdns.age".publicKeys = [ zion ];
   "inadyn-porkbun.age".publicKeys = [ zion ];
+  "inadyn-porkbun-secret.age".publicKeys = [ zion ];
   "acme-duckdns.age".publicKeys = [ zion ];
   "acme-porkbun.age".publicKeys = [ zion ];
   "microbin.age".publicKeys = [ zion ];