diff options
| author | lassulus <lass@aidsballs.de> | 2016-02-22 01:08:46 +0100 |
|---|---|---|
| committer | lassulus <lass@aidsballs.de> | 2016-02-22 01:08:46 +0100 |
| commit | 020fcc22000ce35337a765bfa37f4178fbbff68c (patch) | |
| tree | 8485531b5285b4dce6e9b9abecba4ccad5b9b46a /krebs/3modules/secret.nix | |
| parent | 2924afb8a2cb7d734b56a4a8934737129a20154c (diff) | |
| parent | a2b8eb75506fa27bc3d44f6a33d860ce7d3470e0 (diff) | |
Merge remote-tracking branch 'cd/master'
Diffstat (limited to 'krebs/3modules/secret.nix')
| -rw-r--r-- | krebs/3modules/secret.nix | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/krebs/3modules/secret.nix b/krebs/3modules/secret.nix new file mode 100644 index 000000000..579f375f3 --- /dev/null +++ b/krebs/3modules/secret.nix @@ -0,0 +1,39 @@ +{ config, lib, pkgs, ... }@args: with config.krebs.lib; let + cfg = config.krebs.secret; +in { + options.krebs.secret = { + files = mkOption { + type = with types; attrsOf secret-file; + default = {}; + }; + }; + config = lib.mkIf (cfg.files != {}) { + systemd.services.secret = let + # TODO fail if two files have the same path but differ otherwise + files = unique (map (flip removeAttrs ["_module"]) + (attrValues cfg.files)); + in { + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = "yes"; + SyslogIdentifier = "secret"; + ExecStart = pkgs.writeDash "install-secret-files" '' + exit_code=0 + ${concatMapStringsSep "\n" (file: '' + ${pkgs.coreutils}/bin/install \ + -D \ + --compare \ + --verbose \ + --mode=${shell.escape file.mode} \ + --owner=${shell.escape file.owner.name} \ + --group=${shell.escape file.group-name} \ + ${shell.escape file.source-path} \ + ${shell.escape file.path} \ + || exit_code=1 + '') files} + exit $exit_code + ''; + }; + }; + }; +} |