From d4521eb339a47c52c5e8f7d82969b54f6dce1e9c Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Thu, 23 Dec 2021 20:16:34 +0100
Subject: krebs.systemd: allow reload if credentials change

---
 krebs/3modules/systemd.nix | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

(limited to 'krebs/3modules/systemd.nix')

diff --git a/krebs/3modules/systemd.nix b/krebs/3modules/systemd.nix
index 00538d5f..6b0fe967 100644
--- a/krebs/3modules/systemd.nix
+++ b/krebs/3modules/systemd.nix
@@ -5,6 +5,19 @@
     default = {};
     type = lib.types.attrsOf (lib.types.submodule {
       options = {
+        ifCredentialsChange = lib.mkOption {
+          default = "restart";
+          description = ''
+            Whether to reload or restart the service whenever any its
+            credentials change.  Only credentials with an absolute path in
+            LoadCredential= are supported.
+          '';
+          type = lib.types.enum [
+            "reload"
+            "restart"
+            null
+          ];
+        };
         serviceConfig.LoadCredential = lib.mkOption {
           apply = lib.toList;
           type =
@@ -33,7 +46,7 @@
             };
           }
           ++
-          map (path: let
+          lib.optionals (cfg.ifCredentialsChange != null) (map (path: let
             triggerName = "trigger-${lib.systemd.encodeName path}";
           in {
             paths.${triggerName} = {
@@ -44,11 +57,11 @@
               serviceConfig = {
                 Type = "oneshot";
                 ExecStart = lib.singleton (toString [
-                  "${pkgs.systemd}/bin/systemctl restart"
+                  "${pkgs.systemd}/bin/systemctl ${cfg.ifCredentialsChange}"
                   (lib.shell.escape serviceName)
                 ]);
               };
             };
-          }) paths
+          }) paths)
         ) config.krebs.systemd.services));
 }
-- 
cgit v1.2.3