diff options
| -rw-r--r-- | lib/default.nix | 3 | ||||
| -rw-r--r-- | lib/types.nix | 6 | ||||
| -rw-r--r-- | tv/2configs/binary-cache/default.nix | 2 | ||||
| -rw-r--r-- | tv/3modules/charybdis/default.nix | 4 | ||||
| -rw-r--r-- | tv/3modules/ejabberd/default.nix | 4 | ||||
| -rw-r--r-- | tv/3modules/x0vncserver.nix | 1 |
6 files changed, 14 insertions, 6 deletions
diff --git a/lib/default.nix b/lib/default.nix index 5a948bb..f02959b 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -8,6 +8,9 @@ let krebs = import ./krebs lib; krops = import ../submodules/krops/lib; shell = import ./shell.nix { inherit lib; }; + systemd = { + encodeName = replaceChars ["/"] ["\\x2f"]; + }; types = nixpkgs-lib.types // import ./types.nix { inherit lib; }; xml = import ./xml.nix { inherit lib; }; diff --git a/lib/types.nix b/lib/types.nix index 66b01fd..1eb4d94 100644 --- a/lib/types.nix +++ b/lib/types.nix @@ -238,7 +238,7 @@ rec { secret-file = submodule ({ config, ... }: { options = { name = mkOption { - type = filename; + type = pathname; default = config._module.args.name; }; path = mkOption { @@ -257,8 +257,8 @@ rec { default = "root"; }; service = mkOption { - type = filename; - default = "secret.service"; + type = systemd.unit-name; + default = "secret-${lib.systemd.encodeName config.name}.service"; }; source-path = mkOption { type = str; diff --git a/tv/2configs/binary-cache/default.nix b/tv/2configs/binary-cache/default.nix index 970f705..866434c 100644 --- a/tv/2configs/binary-cache/default.nix +++ b/tv/2configs/binary-cache/default.nix @@ -12,7 +12,7 @@ after = [ config.krebs.secret.files.binary-cache-seckey.service ]; - requires = [ + partOf = [ config.krebs.secret.files.binary-cache-seckey.service ]; }; diff --git a/tv/3modules/charybdis/default.nix b/tv/3modules/charybdis/default.nix index 3809da4..a0638e1 100644 --- a/tv/3modules/charybdis/default.nix +++ b/tv/3modules/charybdis/default.nix @@ -17,6 +17,7 @@ in { ssl_dh_params = mkOption { type = types.secret-file; default = { + name = "charybdis-ssl_dh_params"; path = "${cfg.user.home}/dh.pem"; owner = cfg.user; source-path = toString <secrets> + "/charybdis.dh.pem"; @@ -25,6 +26,7 @@ in { ssl_private_key = mkOption { type = types.secret-file; default = { + name = "charybdis-ssl_private_key"; path = "${cfg.user.home}/ssl.key.pem"; owner = cfg.user; source-path = toString <secrets> + "/charybdis.key.pem"; @@ -56,7 +58,7 @@ in { config.krebs.secret.files.charybdis-ssl_private_key.service "network-online.target" ]; - requires = [ + partOf = [ config.krebs.secret.files.charybdis-ssl_dh_params.service config.krebs.secret.files.charybdis-ssl_private_key.service ]; diff --git a/tv/3modules/ejabberd/default.nix b/tv/3modules/ejabberd/default.nix index b995c14..aaf262f 100644 --- a/tv/3modules/ejabberd/default.nix +++ b/tv/3modules/ejabberd/default.nix @@ -18,6 +18,7 @@ in { certfile = mkOption { type = types.secret-file; default = { + name = "ejabberd-certfile"; path = "${cfg.user.home}/ejabberd.pem"; owner = cfg.user; source-path = toString <secrets> + "/ejabberd.pem"; @@ -26,6 +27,7 @@ in { dhfile = mkOption { type = types.secret-file; default = { + name = "ejabberd-dhfile"; path = "${cfg.user.home}/dhparams.pem"; owner = cfg.user; source-path = "/dev/null"; @@ -100,7 +102,7 @@ in { config.krebs.secret.files.ejabberd-s2s_certfile.service "network.target" ]; - requires = [ + partOf = [ config.krebs.secret.files.ejabberd-certfile.service config.krebs.secret.files.ejabberd-s2s_certfile.service ]; diff --git a/tv/3modules/x0vncserver.nix b/tv/3modules/x0vncserver.nix index 8b9cfa8..ba79c4a 100644 --- a/tv/3modules/x0vncserver.nix +++ b/tv/3modules/x0vncserver.nix @@ -12,6 +12,7 @@ in { enable = mkEnableOption "tv.x0vncserver"; pwfile = mkOption { default = { + name = "x0vncserver-pwfile"; owner = cfg.user; path = "${cfg.user.home}/.vncpasswd"; source-path = toString <secrets> + "/vncpasswd"; |