In my last post, I shared how to get a working instance of Nitter deployed on NixOS, but requested advice on how to best automatically provision the guest_accounts.json runtime secret file on the target server. A number of folks reached out to me on Mastodon (thanks @[email protected], @[email protected], @[email protected] and @[email protected]!) to suggest that I use agenix to copy encrypted files to the server and decrypt them in non-world readable directories, and then use systemd’s LoadCredentials option to make them available to the nitter service.