krebs.systemd: support credentials of any service

author: tv <tv@krebsco.de> 2021-12-23 20:09:06 +0100
committer: tv <tv@krebsco.de> 2021-12-23 20:18:28 +0100
commit: 1cf495d6eb113541dfa1667f03f7edd10c2217b1 (patch)
tree: 8ed3026e1ab4705c5758a354e032ebfb0bf621df /krebs/3modules/systemd.nix
parent: 5f7ab23ebf220194dc9ef28dd164f042ee2804c4 (diff)
1 files changed, 18 insertions, 15 deletions
diff --git a/krebs/3modules/systemd.nix b/krebs/3modules/systemd.nix
index c30b2264a..00538d5f3 100644
--- a/krebs/3modules/systemd.nix
+++ b/krebs/3modules/systemd.nix
@@ -1,36 +1,39 @@
-{ config, options, pkgs, ... }: let {
+{ config, pkgs, ... }: let {
   lib = import ../../lib;
 
   body.options.krebs.systemd.services = lib.mkOption {
     default = {};
-    type = lib.types.attrs;
-    description = ''
-      Definition of systemd service units with bonus features.
-
-      Services defined using this option will be restarted whenever any file
-      (described by an absolute path) used in LoadCredential changes.
-    '';
+    type = lib.types.attrsOf (lib.types.submodule {
+      options = {
+        serviceConfig.LoadCredential = lib.mkOption {
+          apply = lib.toList;
+          type =
+            lib.types.either lib.types.str (lib.types.listOf lib.types.str);
+        };
+      };
+    });
   };
 
   body.config.systemd =
     lib.mkMerge
       (lib.flatten
         (lib.mapAttrsToList (serviceName: cfg: let
-          prefix = [ "krebs" "systemd" "services" serviceName ];
-          opts = options.systemd.services.type.getSubOptions prefix;
-
           paths =
             lib.filter
               lib.types.absolute-pathname.check
               (map
                 (lib.compose [ lib.maybeHead (lib.match "[^:]*:(.*)") ])
-                (cfg.serviceConfig.LoadCredential or []));
+                cfg.serviceConfig.LoadCredential);
         in
           lib.singleton {
-            services.${serviceName} = cfg;
+            services.${serviceName} = {
+              serviceConfig = {
+                LoadCredential = cfg.serviceConfig.LoadCredential;
+              };
+            };
           }
           ++
-          lib.optionals (cfg.enable or opts.enable.default) (map (path: let
+          map (path: let
             triggerName = "trigger-${lib.systemd.encodeName path}";
           in {
             paths.${triggerName} = {
@@ -46,6 +49,6 @@
                 ]);
               };
             };
-          }) paths)
+          }) paths
         ) config.krebs.systemd.services));
 }
author	tv <tv@krebsco.de>	2021-12-23 20:09:06 +0100
committer	tv <tv@krebsco.de>	2021-12-23 20:18:28 +0100
commit	1cf495d6eb113541dfa1667f03f7edd10c2217b1 (patch)
tree	8ed3026e1ab4705c5758a354e032ebfb0bf621df /krebs/3modules/systemd.nix
parent	5f7ab23ebf220194dc9ef28dd164f042ee2804c4 (diff)