From afff1877ab4a8f2959a1d3a4b1eb445ce1604154 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Torjus=20H=C3=A5kestad?= <torjus@usit.uio.no>
Date: Sun, 1 Feb 2026 22:02:35 +0100
Subject: [PATCH] fixup! vault: replace vault with openbao

---
 services/vault/default.nix | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/services/vault/default.nix b/services/vault/default.nix
index 3055af2..17a7236 100644
--- a/services/vault/default.nix
+++ b/services/vault/default.nix
@@ -10,8 +10,8 @@
       listener.default = {
         type = "tcp";
         address = "0.0.0.0:8200";
-        tls_cert_file = "/var/lib/openbao/cert.pem";
-        tls_key_file = "/var/lib/openbao/key.pem";
+        tls_cert_file = "/run/credentials/openbao.service/cert.pem";
+        tls_key_file = "/run/credentials/openbao.service/key.pem";
       };
       listener.socket = {
         type = "unix";
@@ -19,4 +19,11 @@
       };
     };
   };
+
+  systemd.services.openbao.serviceConfig = {
+    LoadCredential = [
+      "key.pem:/var/lib/openbao/key.pem"
+      "cert.pem:/var/lib/openbao/cert.pem"
+    ];
+  };
 }