2 files changed, 16 insertions, 1 deletions

diff --git a/lib/default.nix b/lib/default.nix
index 5a948bbf3..f02959bba 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -8,6 +8,9 @@ let
     krebs = import ./krebs lib;
     krops = import ../submodules/krops/lib;
     shell = import ./shell.nix { inherit lib; };
+    systemd = {
+      encodeName = replaceChars ["/"] ["\\x2f"];
+    };
     types = nixpkgs-lib.types // import ./types.nix { inherit lib; };
     xml = import ./xml.nix { inherit lib; };
 
diff --git a/lib/types.nix b/lib/types.nix
index 16ccb145e..1eb4d947c 100644
--- a/lib/types.nix
+++ b/lib/types.nix
@@ -238,7 +238,7 @@ rec {
   secret-file = submodule ({ config, ... }: {
     options = {
       name = mkOption {
-        type = filename;
+        type = pathname;
         default = config._module.args.name;
       };
       path = mkOption {
@@ -256,6 +256,10 @@ rec {
         type = str;
         default = "root";
       };
+      service = mkOption {
+        type = systemd.unit-name;
+        default = "secret-${lib.systemd.encodeName config.name}.service";
+      };
       source-path = mkOption {
         type = str;
         default = toString <secrets> + "/${config.name}";
@@ -526,6 +530,14 @@ rec {
     merge = mergeOneOption;
   };
 
+  systemd.unit-name = mkOptionType {
+    name = "systemd unit name";
+    check = x:
+      test "^[0-9A-Za-z:_.\\-]+@?\\.(service|socket|device|mount|automount|swap|target|path|timer|slice|scope)$" x &&
+      stringLength x <= 256;
+    merge = mergeOneOption;
+  };
+
   # RFC952, B. Lexical grammar, <hname>
   hostname = mkOptionType {
     name = "hostname";