summaryrefslogtreecommitdiffstats
path: root/krebs/3modules
diff options
context:
space:
mode:
authorlassulus <lassulus@lassul.us>2021-12-23 23:42:59 +0100
committerlassulus <lassulus@lassul.us>2021-12-23 23:59:22 +0100
commit2be08e3c528546de8e4a17d360153c2f59b07183 (patch)
tree6d5e085629d1b75020f3d2e2ece45f2fbf68e529 /krebs/3modules
parent29b796f5216a6743f6c0230b23048fada0d6c2ef (diff)
systemd module: use LoadCredentials from config.systemd.services
Diffstat (limited to 'krebs/3modules')
-rw-r--r--krebs/3modules/systemd.nix64
-rw-r--r--krebs/3modules/tinc.nix12
2 files changed, 28 insertions, 48 deletions
diff --git a/krebs/3modules/systemd.nix b/krebs/3modules/systemd.nix
index 6b0fe9672..0ce44391e 100644
--- a/krebs/3modules/systemd.nix
+++ b/krebs/3modules/systemd.nix
@@ -18,50 +18,30 @@
null
];
};
- serviceConfig.LoadCredential = lib.mkOption {
- apply = lib.toList;
- type =
- lib.types.either lib.types.str (lib.types.listOf lib.types.str);
- };
};
});
};
- body.config.systemd =
- lib.mkMerge
- (lib.flatten
- (lib.mapAttrsToList (serviceName: cfg: let
- paths =
- lib.filter
- lib.types.absolute-pathname.check
- (map
- (lib.compose [ lib.maybeHead (lib.match "[^:]*:(.*)") ])
- cfg.serviceConfig.LoadCredential);
- in
- lib.singleton {
- services.${serviceName} = {
- serviceConfig = {
- LoadCredential = cfg.serviceConfig.LoadCredential;
- };
- };
- }
- ++
- lib.optionals (cfg.ifCredentialsChange != null) (map (path: let
- triggerName = "trigger-${lib.systemd.encodeName path}";
- in {
- paths.${triggerName} = {
- wantedBy = ["multi-user.target"];
- pathConfig.PathChanged = path;
- };
- services.${triggerName} = {
- serviceConfig = {
- Type = "oneshot";
- ExecStart = lib.singleton (toString [
- "${pkgs.systemd}/bin/systemctl ${cfg.ifCredentialsChange}"
- (lib.shell.escape serviceName)
- ]);
- };
- };
- }) paths)
- ) config.krebs.systemd.services));
+ body.config = {
+ systemd.paths = lib.mapAttrs' (serviceName: _:
+ lib.nameValuePair "trigger-${lib.systemd.encodeName serviceName}" {
+ wantedBy = [ "multi-user.target" ];
+ pathConfig.PathChanged =
+ lib.filter
+ lib.types.absolute-pathname.check
+ (map
+ (lib.compose [ lib.maybeHead (lib.match "[^:]*:(.*)") ])
+ config.systemd.services.${serviceName}.serviceConfig.LoadCredential);
+ }
+ ) config.krebs.systemd.services;
+
+ systemd.services = lib.mapAttrs' (serviceName: cfg:
+ lib.nameValuePair "trigger-${lib.systemd.encodeName serviceName}" {
+ serviceConfig = {
+ Type = "oneshot";
+ ExecStart = "${pkgs.systemd}/bin/systemctl ${cfg.ifCredentialsChange} ${lib.shell.escape serviceName}";
+ };
+ }
+ ) config.krebs.systemd.services;
+ };
}
diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix
index dca764f63..a18248351 100644
--- a/krebs/3modules/tinc.nix
+++ b/krebs/3modules/tinc.nix
@@ -229,12 +229,6 @@ with import <stockholm/lib>;
) config.krebs.tinc;
krebs.systemd.services = mapAttrs (netname: cfg: {
- serviceConfig.LoadCredential = filter (x: x != "") [
- (optionalString (cfg.privkey_ed25519 != null)
- "ed25519_key:${cfg.privkey_ed25519}"
- )
- "rsa_key:${cfg.privkey}"
- ];
}) config.krebs.tinc;
systemd.services = mapAttrs (netname: cfg: {
@@ -249,6 +243,12 @@ with import <stockholm/lib>;
restartTriggers = [ cfg.confDir ];
serviceConfig = {
Restart = "always";
+ LoadCredential = filter (x: x != "") [
+ (optionalString (cfg.privkey_ed25519 != null)
+ "ed25519_key:${cfg.privkey_ed25519}"
+ )
+ "rsa_key:${cfg.privkey}"
+ ];
ExecStart = toString [
"${cfg.tincPackage}/sbin/tincd"
"-D"