summaryrefslogtreecommitdiffstats
path: root/krebs/3modules/systemd.nix
diff options
context:
space:
mode:
Diffstat (limited to 'krebs/3modules/systemd.nix')
-rw-r--r--krebs/3modules/systemd.nix48
1 files changed, 48 insertions, 0 deletions
diff --git a/krebs/3modules/systemd.nix b/krebs/3modules/systemd.nix
new file mode 100644
index 000000000..294f80a3c
--- /dev/null
+++ b/krebs/3modules/systemd.nix
@@ -0,0 +1,48 @@
+{ config, pkgs, ... }: let {
+ lib = import ../../lib;
+
+ body.options.krebs.systemd.services = lib.mkOption {
+ default = {};
+ type = lib.types.attrsOf (lib.types.submodule {
+ options = {
+ ifCredentialsChange = lib.mkOption {
+ default = "restart";
+ description = ''
+ Whether to reload or restart the service whenever any its
+ credentials change. Only credentials with an absolute path in
+ LoadCredential= are supported.
+ '';
+ type = lib.types.enum [
+ "reload"
+ "restart"
+ null
+ ];
+ };
+ };
+ });
+ };
+
+ body.config = {
+ systemd.paths = lib.mapAttrs' (serviceName: _:
+ lib.nameValuePair "trigger-${lib.systemd.encodeName serviceName}" {
+ wantedBy = [ "multi-user.target" ];
+ pathConfig.PathChanged =
+ lib.filter
+ lib.types.absolute-pathname.check
+ (map
+ (lib.compose [ lib.maybeHead (lib.match "[^:]*:(.*)") ])
+ (lib.toList
+ config.systemd.services.${serviceName}.serviceConfig.LoadCredential));
+ }
+ ) config.krebs.systemd.services;
+
+ systemd.services = lib.mapAttrs' (serviceName: cfg:
+ lib.nameValuePair "trigger-${lib.systemd.encodeName serviceName}" {
+ serviceConfig = {
+ Type = "oneshot";
+ ExecStart = "${pkgs.systemd}/bin/systemctl ${cfg.ifCredentialsChange} ${lib.shell.escape serviceName}";
+ };
+ }
+ ) config.krebs.systemd.services;
+ };
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-13 17:32:32 +0000