From 01d5adc29cf5f261e65bea1d86ad67aa00645e96 Mon Sep 17 00:00:00 2001
From: Wolfgang <mail@weirdrescue.pw>
Date: Sat, 26 Oct 2024 13:53:07 +0200
Subject: [PATCH] Attempt to hide secrets from the curl process listing

---
 nixos/modules/services/misc/duckdns.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/nixos/modules/services/misc/duckdns.nix b/nixos/modules/services/misc/duckdns.nix
index a83a954197a6d..9a8535b53c812 100644
--- a/nixos/modules/services/misc/duckdns.nix
+++ b/nixos/modules/services/misc/duckdns.nix
@@ -10,7 +10,6 @@ in
 {
   options.services.duckdns = {
     enable = lib.mkEnableOption ("DuckDNS Dynamic DNS Client");
-
     tokenFile = lib.mkOption {
       default = null;
       type = lib.types.path;
@@ -37,6 +36,7 @@ in
         The path to a file containing a
         newline-separated list of DuckDNS
         domain(s) to be updated
+        (without the .duckdns.org prefix)
       '';
     };
 
@@ -76,7 +76,7 @@ in
         ${lib.optionalString (cfg.domainsFile != null) ''
           export DUCKDNS_DOMAINS=$(systemd-creds cat DUCKDNS_DOMAINS_FILE | sed -z 's/\n/,/g')
         ''}
-        curl --no-progress-meter -k "https://www.duckdns.org/update?domains=$DUCKDNS_DOMAINS&token=$DUCKDNS_TOKEN&ip=" | grep -v "KO"
+        curl --no-progress-meter -k -K- <<< "url = 'https://www.duckdns.org/update?domains=$DUCKDNS_DOMAINS&token=$DUCKDNS_TOKEN&ip='" | grep -v "KO"
       '';
     };
   };