From b5b90b598430cfa876639d76dbbdc8d826ccb5c0 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 4 Aug 2020 20:28:04 +0200
Subject: types.secret-file: add service option

---
 lib/types.nix | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'lib')

diff --git a/lib/types.nix b/lib/types.nix
index 16ccb145..82e184ba 100644
--- a/lib/types.nix
+++ b/lib/types.nix
@@ -256,6 +256,10 @@ rec {
         type = str;
         default = "root";
       };
+      service = mkOption {
+        type = filename;
+        default = "secret.service";
+      };
       source-path = mkOption {
         type = str;
         default = toString <secrets> + "/${config.name}";
-- 
cgit v1.2.3


From 4227cadb6823bd4b945b8ea9e766f22b95d26468 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Wed, 5 Aug 2020 10:57:09 +0200
Subject: types: add systemd unit name

---
 lib/types.nix | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'lib')

diff --git a/lib/types.nix b/lib/types.nix
index 82e184ba..66b01fd1 100644
--- a/lib/types.nix
+++ b/lib/types.nix
@@ -530,6 +530,14 @@ rec {
     merge = mergeOneOption;
   };
 
+  systemd.unit-name = mkOptionType {
+    name = "systemd unit name";
+    check = x:
+      test "^[0-9A-Za-z:_.\\-]+@?\\.(service|socket|device|mount|automount|swap|target|path|timer|slice|scope)$" x &&
+      stringLength x <= 256;
+    merge = mergeOneOption;
+  };
+
   # RFC952, B. Lexical grammar, <hname>
   hostname = mkOptionType {
     name = "hostname";
-- 
cgit v1.2.3


From ec91d1b83cfad151033433159a04eb7b5381bc73 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 4 Aug 2020 22:22:43 +0200
Subject: krebs.secret: restart units on secret change

---
 lib/default.nix | 3 +++
 lib/types.nix   | 6 +++---
 2 files changed, 6 insertions(+), 3 deletions(-)

(limited to 'lib')

diff --git a/lib/default.nix b/lib/default.nix
index 5a948bbf..f02959bb 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -8,6 +8,9 @@ let
     krebs = import ./krebs lib;
     krops = import ../submodules/krops/lib;
     shell = import ./shell.nix { inherit lib; };
+    systemd = {
+      encodeName = replaceChars ["/"] ["\\x2f"];
+    };
     types = nixpkgs-lib.types // import ./types.nix { inherit lib; };
     xml = import ./xml.nix { inherit lib; };
 
diff --git a/lib/types.nix b/lib/types.nix
index 66b01fd1..1eb4d947 100644
--- a/lib/types.nix
+++ b/lib/types.nix
@@ -238,7 +238,7 @@ rec {
   secret-file = submodule ({ config, ... }: {
     options = {
       name = mkOption {
-        type = filename;
+        type = pathname;
         default = config._module.args.name;
       };
       path = mkOption {
@@ -257,8 +257,8 @@ rec {
         default = "root";
       };
       service = mkOption {
-        type = filename;
-        default = "secret.service";
+        type = systemd.unit-name;
+        default = "secret-${lib.systemd.encodeName config.name}.service";
       };
       source-path = mkOption {
         type = str;
-- 
cgit v1.2.3