systemd module: use LoadCredentials from config.systemd.services

This commit is contained in:
lassulus 2021-12-23 23:42:59 +01:00
parent 29b796f521
commit 2be08e3c52
2 changed files with 28 additions and 48 deletions

View File

@ -18,50 +18,30 @@
null
];
};
serviceConfig.LoadCredential = lib.mkOption {
apply = lib.toList;
type =
lib.types.either lib.types.str (lib.types.listOf lib.types.str);
};
};
});
};
body.config.systemd =
lib.mkMerge
(lib.flatten
(lib.mapAttrsToList (serviceName: cfg: let
paths =
lib.filter
lib.types.absolute-pathname.check
(map
(lib.compose [ lib.maybeHead (lib.match "[^:]*:(.*)") ])
cfg.serviceConfig.LoadCredential);
in
lib.singleton {
services.${serviceName} = {
serviceConfig = {
LoadCredential = cfg.serviceConfig.LoadCredential;
};
};
}
++
lib.optionals (cfg.ifCredentialsChange != null) (map (path: let
triggerName = "trigger-${lib.systemd.encodeName path}";
in {
paths.${triggerName} = {
wantedBy = ["multi-user.target"];
pathConfig.PathChanged = path;
};
services.${triggerName} = {
serviceConfig = {
Type = "oneshot";
ExecStart = lib.singleton (toString [
"${pkgs.systemd}/bin/systemctl ${cfg.ifCredentialsChange}"
(lib.shell.escape serviceName)
]);
};
};
}) paths)
) config.krebs.systemd.services));
body.config = {
systemd.paths = lib.mapAttrs' (serviceName: _:
lib.nameValuePair "trigger-${lib.systemd.encodeName serviceName}" {
wantedBy = [ "multi-user.target" ];
pathConfig.PathChanged =
lib.filter
lib.types.absolute-pathname.check
(map
(lib.compose [ lib.maybeHead (lib.match "[^:]*:(.*)") ])
config.systemd.services.${serviceName}.serviceConfig.LoadCredential);
}
) config.krebs.systemd.services;
systemd.services = lib.mapAttrs' (serviceName: cfg:
lib.nameValuePair "trigger-${lib.systemd.encodeName serviceName}" {
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.systemd}/bin/systemctl ${cfg.ifCredentialsChange} ${lib.shell.escape serviceName}";
};
}
) config.krebs.systemd.services;
};
}

View File

@ -229,12 +229,6 @@ with import <stockholm/lib>;
) config.krebs.tinc;
krebs.systemd.services = mapAttrs (netname: cfg: {
serviceConfig.LoadCredential = filter (x: x != "") [
(optionalString (cfg.privkey_ed25519 != null)
"ed25519_key:${cfg.privkey_ed25519}"
)
"rsa_key:${cfg.privkey}"
];
}) config.krebs.tinc;
systemd.services = mapAttrs (netname: cfg: {
@ -249,6 +243,12 @@ with import <stockholm/lib>;
restartTriggers = [ cfg.confDir ];
serviceConfig = {
Restart = "always";
LoadCredential = filter (x: x != "") [
(optionalString (cfg.privkey_ed25519 != null)
"ed25519_key:${cfg.privkey_ed25519}"
)
"rsa_key:${cfg.privkey}"
];
ExecStart = toString [
"${cfg.tincPackage}/sbin/tincd"
"-D"