From 6c64d6daf932cabf8e63619e7590a4770e3e446a Mon Sep 17 00:00:00 2001
From: Pedro Alves <pta2002@pta2002.com>
Date: Thu, 13 Feb 2025 12:55:41 +0000
Subject: [PATCH 1/2] nixos/autobrr: use systemd credentials

Make use of systemd's LoadCredentials feature to allow for the secret
file to be better managed without having to be world-readable, since
due to DynamicUser it was not possible to assign it to one specific
user.
---
 nixos/modules/services/misc/autobrr.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/nixos/modules/services/misc/autobrr.nix b/nixos/modules/services/misc/autobrr.nix
index 097bcc10096e3..4694b8e80ed33 100644
--- a/nixos/modules/services/misc/autobrr.nix
+++ b/nixos/modules/services/misc/autobrr.nix
@@ -9,7 +9,7 @@ let
   cfg = config.services.autobrr;
   configFormat = pkgs.formats.toml { };
   configTemplate = configFormat.generate "autobrr.toml" cfg.settings;
-  templaterCmd = "${lib.getExe pkgs.dasel} put -f '${configTemplate}' -v $(cat ${cfg.secretFile}) -o %S/autobrr/config.toml 'sessionSecret'";
+  templaterCmd = ''${lib.getExe pkgs.dasel} put -f '${configTemplate}' -v "$(${config.systemd.package}/bin/systemd-creds cat sessionSecret)" -o %S/autobrr/config.toml "sessionSecret"'';
 in
 {
   options = {
@@ -73,6 +73,7 @@ in
       serviceConfig = {
         Type = "simple";
         DynamicUser = true;
+        LoadCredential = "sessionSecret:${cfg.secretFile}";
         StateDirectory = "autobrr";
         ExecStartPre = "${lib.getExe pkgs.bash} -c '${templaterCmd}'";
         ExecStart = "${lib.getExe pkgs.autobrr} --config %S/autobrr";

From ce9137b32dc6bfa747ea78fdb683f0a12571574a Mon Sep 17 00:00:00 2001
From: Pedro Alves <pta2002@pta2002.com>
Date: Thu, 13 Feb 2025 13:31:29 +0000
Subject: [PATCH 2/2] nixos/autobrr: make use of package option

The package option was defined, but the generated systemd service was
hardcoded to use pkgs.autobrr.
---
 nixos/modules/services/misc/autobrr.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos/modules/services/misc/autobrr.nix b/nixos/modules/services/misc/autobrr.nix
index 4694b8e80ed33..c898351c43165 100644
--- a/nixos/modules/services/misc/autobrr.nix
+++ b/nixos/modules/services/misc/autobrr.nix
@@ -76,7 +76,7 @@ in
         LoadCredential = "sessionSecret:${cfg.secretFile}";
         StateDirectory = "autobrr";
         ExecStartPre = "${lib.getExe pkgs.bash} -c '${templaterCmd}'";
-        ExecStart = "${lib.getExe pkgs.autobrr} --config %S/autobrr";
+        ExecStart = "${lib.getExe cfg.package} --config %S/autobrr";
         Restart = "on-failure";
       };
     };