68 lines
2.1 KiB
Nix
68 lines
2.1 KiB
Nix
{ config, pkgs, ... }: let {
|
|
lib = import ../../lib;
|
|
|
|
body.options.krebs.systemd.services = lib.mkOption {
|
|
default = {};
|
|
type = lib.types.attrsOf (lib.types.submodule {
|
|
options = {
|
|
ifCredentialsChange = lib.mkOption {
|
|
default = "restart";
|
|
description = ''
|
|
Whether to reload or restart the service whenever any its
|
|
credentials change. Only credentials with an absolute path in
|
|
LoadCredential= are supported.
|
|
'';
|
|
type = lib.types.enum [
|
|
"reload"
|
|
"restart"
|
|
null
|
|
];
|
|
};
|
|
serviceConfig.LoadCredential = lib.mkOption {
|
|
apply = lib.toList;
|
|
type =
|
|
lib.types.either lib.types.str (lib.types.listOf lib.types.str);
|
|
};
|
|
};
|
|
});
|
|
};
|
|
|
|
body.config.systemd =
|
|
lib.mkMerge
|
|
(lib.flatten
|
|
(lib.mapAttrsToList (serviceName: cfg: let
|
|
paths =
|
|
lib.filter
|
|
lib.types.absolute-pathname.check
|
|
(map
|
|
(lib.compose [ lib.maybeHead (lib.match "[^:]*:(.*)") ])
|
|
cfg.serviceConfig.LoadCredential);
|
|
in
|
|
lib.singleton {
|
|
services.${serviceName} = {
|
|
serviceConfig = {
|
|
LoadCredential = cfg.serviceConfig.LoadCredential;
|
|
};
|
|
};
|
|
}
|
|
++
|
|
lib.optionals (cfg.ifCredentialsChange != null) (map (path: let
|
|
triggerName = "trigger-${lib.systemd.encodeName path}";
|
|
in {
|
|
paths.${triggerName} = {
|
|
wantedBy = ["multi-user.target"];
|
|
pathConfig.PathChanged = path;
|
|
};
|
|
services.${triggerName} = {
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
ExecStart = lib.singleton (toString [
|
|
"${pkgs.systemd}/bin/systemctl ${cfg.ifCredentialsChange}"
|
|
(lib.shell.escape serviceName)
|
|
]);
|
|
};
|
|
};
|
|
}) paths)
|
|
) config.krebs.systemd.services));
|
|
}
|