diff options
| author | tv <tv@krebsco.de> | 2021-12-23 20:16:34 +0100 |
|---|---|---|
| committer | tv <tv@krebsco.de> | 2021-12-23 20:18:28 +0100 |
| commit | d4521eb339a47c52c5e8f7d82969b54f6dce1e9c (patch) | |
| tree | ce1c6a04cf6d78b8a3a04c10b045ca4e0541a114 | |
| parent | 1cf495d6eb113541dfa1667f03f7edd10c2217b1 (diff) | |
krebs.systemd: allow reload if credentials change
| -rw-r--r-- | krebs/3modules/systemd.nix | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/krebs/3modules/systemd.nix b/krebs/3modules/systemd.nix index 00538d5f3..6b0fe9672 100644 --- a/krebs/3modules/systemd.nix +++ b/krebs/3modules/systemd.nix @@ -5,6 +5,19 @@ default = {}; type = lib.types.attrsOf (lib.types.submodule { options = { + ifCredentialsChange = lib.mkOption { + default = "restart"; + description = '' + Whether to reload or restart the service whenever any its + credentials change. Only credentials with an absolute path in + LoadCredential= are supported. + ''; + type = lib.types.enum [ + "reload" + "restart" + null + ]; + }; serviceConfig.LoadCredential = lib.mkOption { apply = lib.toList; type = @@ -33,7 +46,7 @@ }; } ++ - map (path: let + lib.optionals (cfg.ifCredentialsChange != null) (map (path: let triggerName = "trigger-${lib.systemd.encodeName path}"; in { paths.${triggerName} = { @@ -44,11 +57,11 @@ serviceConfig = { Type = "oneshot"; ExecStart = lib.singleton (toString [ - "${pkgs.systemd}/bin/systemctl restart" + "${pkgs.systemd}/bin/systemctl ${cfg.ifCredentialsChange}" (lib.shell.escape serviceName) ]); }; }; - }) paths + }) paths) ) config.krebs.systemd.services)); } |