ildkule/journald-remote: move LoadCredential to correct unit

hosts/ildkule/services/journald-remote.nix

@@ -31,22 +31,28 @@ in
     };
   };
 
+  systemd.sockets."systemd-journal-remote" = {
+    socketConfig = {
+      IPAddressDeny = "any";
+      IPAddressAllow = [
+        "127.0.0.1"
+        "::1"
+        values.ipv4-space
+        values.ipv6-space
+      ];
+    };
+  };
+
   networking.firewall.allowedTCPPorts = [ cfg.port ];
 
-  systemd.sockets."systemd-journal-remote".socketConfig = {
+  systemd.services."systemd-journal-remote" = {
-    IPAddressDeny = "any";
+    socketConfig = {
-    IPAddressAllow = [
+      LoadCredential = let
-      "127.0.0.1"
+        inherit (config.security.acme.certs.${domainName}) directory;
-      "::1"
+      in [
-      values.ipv4-space
+        "key.pem:${directory}/key.pem"
-      values.ipv6-space
+        "cert.pem:${directory}/cert.pem"
-    ];
+      ];
-
+    };
-    LoadCredential = let
-      inherit (config.security.acme.certs.${domainName}) directory;
-    in [
-      "key.pem:${directory}/key.pem"
-      "cert.pem:${directory}/cert.pem"
-    ];
   };
 }