From 2be08e3c528546de8e4a17d360153c2f59b07183 Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 23 Dec 2021 23:42:59 +0100 Subject: systemd module: use LoadCredentials from config.systemd.services --- krebs/3modules/systemd.nix | 64 ++++++++++++++++------------------------------ krebs/3modules/tinc.nix | 12 ++++----- 2 files changed, 28 insertions(+), 48 deletions(-) diff --git a/krebs/3modules/systemd.nix b/krebs/3modules/systemd.nix index 6b0fe967..0ce44391 100644 --- a/krebs/3modules/systemd.nix +++ b/krebs/3modules/systemd.nix @@ -18,50 +18,30 @@ null ]; }; - serviceConfig.LoadCredential = lib.mkOption { - apply = lib.toList; - type = - lib.types.either lib.types.str (lib.types.listOf lib.types.str); - }; }; }); }; - body.config.systemd = - lib.mkMerge - (lib.flatten - (lib.mapAttrsToList (serviceName: cfg: let - paths = - lib.filter - lib.types.absolute-pathname.check - (map - (lib.compose [ lib.maybeHead (lib.match "[^:]*:(.*)") ]) - cfg.serviceConfig.LoadCredential); - in - lib.singleton { - services.${serviceName} = { - serviceConfig = { - LoadCredential = cfg.serviceConfig.LoadCredential; - }; - }; - } - ++ - lib.optionals (cfg.ifCredentialsChange != null) (map (path: let - triggerName = "trigger-${lib.systemd.encodeName path}"; - in { - paths.${triggerName} = { - wantedBy = ["multi-user.target"]; - pathConfig.PathChanged = path; - }; - services.${triggerName} = { - serviceConfig = { - Type = "oneshot"; - ExecStart = lib.singleton (toString [ - "${pkgs.systemd}/bin/systemctl ${cfg.ifCredentialsChange}" - (lib.shell.escape serviceName) - ]); - }; - }; - }) paths) - ) config.krebs.systemd.services)); + body.config = { + systemd.paths = lib.mapAttrs' (serviceName: _: + lib.nameValuePair "trigger-${lib.systemd.encodeName serviceName}" { + wantedBy = [ "multi-user.target" ]; + pathConfig.PathChanged = + lib.filter + lib.types.absolute-pathname.check + (map + (lib.compose [ lib.maybeHead (lib.match "[^:]*:(.*)") ]) + config.systemd.services.${serviceName}.serviceConfig.LoadCredential); + } + ) config.krebs.systemd.services; + + systemd.services = lib.mapAttrs' (serviceName: cfg: + lib.nameValuePair "trigger-${lib.systemd.encodeName serviceName}" { + serviceConfig = { + Type = "oneshot"; + ExecStart = "${pkgs.systemd}/bin/systemctl ${cfg.ifCredentialsChange} ${lib.shell.escape serviceName}"; + }; + } + ) config.krebs.systemd.services; + }; } diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index dca764f6..a1824835 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -229,12 +229,6 @@ with import ; ) config.krebs.tinc; krebs.systemd.services = mapAttrs (netname: cfg: { - serviceConfig.LoadCredential = filter (x: x != "") [ - (optionalString (cfg.privkey_ed25519 != null) - "ed25519_key:${cfg.privkey_ed25519}" - ) - "rsa_key:${cfg.privkey}" - ]; }) config.krebs.tinc; systemd.services = mapAttrs (netname: cfg: { @@ -249,6 +243,12 @@ with import ; restartTriggers = [ cfg.confDir ]; serviceConfig = { Restart = "always"; + LoadCredential = filter (x: x != "") [ + (optionalString (cfg.privkey_ed25519 != null) + "ed25519_key:${cfg.privkey_ed25519}" + ) + "rsa_key:${cfg.privkey}" + ]; ExecStart = toString [ "${cfg.tincPackage}/sbin/tincd" "-D" -- cgit v1.2.3