From 16042b08c0fa44e0a21daa0c59d58132ffb7055c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Torjus=20H=C3=A5kestad?= <torjus@usit.uio.no>
Date: Sun, 18 May 2025 15:20:00 +0200
Subject: [PATCH] Alertonotify hardening part 2

---
 services/monitoring/alerttonotify.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/services/monitoring/alerttonotify.nix b/services/monitoring/alerttonotify.nix
index db63450..f6b3a9f 100644
--- a/services/monitoring/alerttonotify.nix
+++ b/services/monitoring/alerttonotify.nix
@@ -13,7 +13,7 @@
 
     environment = {
       NATS_URL = "nats://nats1.home.2rjus.net:4222";
-      NATS_NKEY_FILE = "${config.sops.secrets.nats_nkey.path}";
+      NATS_NKEY_FILE = "%d/nats_nkey";
     };
 
     serviceConfig = {
@@ -31,6 +31,7 @@
       ProtectHome = "yes";
       ProtectHostname = "yes";
       RestrictNamespace = "yes";
+      LoadCredential = "nats_nkey:/run/secrets/nats_nkey";
     };
   };
 }