diff options
Diffstat (limited to 'krebs/3modules/systemd.nix')
| -rw-r--r-- | krebs/3modules/systemd.nix | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/krebs/3modules/systemd.nix b/krebs/3modules/systemd.nix new file mode 100644 index 000000000..6b0fe9672 --- /dev/null +++ b/krebs/3modules/systemd.nix @@ -0,0 +1,67 @@ +{ config, pkgs, ... }: let { + lib = import ../../lib; + + body.options.krebs.systemd.services = lib.mkOption { + default = {}; + type = lib.types.attrsOf (lib.types.submodule { + options = { + ifCredentialsChange = lib.mkOption { + default = "restart"; + description = '' + Whether to reload or restart the service whenever any its + credentials change. Only credentials with an absolute path in + LoadCredential= are supported. + ''; + type = lib.types.enum [ + "reload" + "restart" + null + ]; + }; + serviceConfig.LoadCredential = lib.mkOption { + apply = lib.toList; + type = + lib.types.either lib.types.str (lib.types.listOf lib.types.str); + }; + }; + }); + }; + + body.config.systemd = + lib.mkMerge + (lib.flatten + (lib.mapAttrsToList (serviceName: cfg: let + paths = + lib.filter + lib.types.absolute-pathname.check + (map + (lib.compose [ lib.maybeHead (lib.match "[^:]*:(.*)") ]) + cfg.serviceConfig.LoadCredential); + in + lib.singleton { + services.${serviceName} = { + serviceConfig = { + LoadCredential = cfg.serviceConfig.LoadCredential; + }; + }; + } + ++ + lib.optionals (cfg.ifCredentialsChange != null) (map (path: let + triggerName = "trigger-${lib.systemd.encodeName path}"; + in { + paths.${triggerName} = { + wantedBy = ["multi-user.target"]; + pathConfig.PathChanged = path; + }; + services.${triggerName} = { + serviceConfig = { + Type = "oneshot"; + ExecStart = lib.singleton (toString [ + "${pkgs.systemd}/bin/systemctl ${cfg.ifCredentialsChange}" + (lib.shell.escape serviceName) + ]); + }; + }; + }) paths) + ) config.krebs.systemd.services)); +} |