systemd module: use LoadCredentials from config.systemd.services

2021-12-23 23:42:59 +01:00 · 2021-12-23 23:42:59 +01:00 · 2be08e3c52
parent 29b796f521
commit 2be08e3c52
2 changed files with 28 additions and 48 deletions
--- a/krebs/3modules/systemd.nix
+++ b/krebs/3modules/systemd.nix
@ -18,50 +18,30 @@
            null
          ];
        };
        serviceConfig.LoadCredential = lib.mkOption {
          apply = lib.toList;
          type =
            lib.types.either lib.types.str (lib.types.listOf lib.types.str);
        };
      };
    });
  };
-  body.config.systemd =
+  body.config = {
-    lib.mkMerge
+    systemd.paths = lib.mapAttrs' (serviceName: _:
-      (lib.flatten
+      lib.nameValuePair "trigger-${lib.systemd.encodeName serviceName}" {
-        (lib.mapAttrsToList (serviceName: cfg: let
+        wantedBy = [ "multi-user.target" ];
-          paths =
+        pathConfig.PathChanged =
-            lib.filter
+          lib.filter
-              lib.types.absolute-pathname.check
+            lib.types.absolute-pathname.check
-              (map
+            (map
-                (lib.compose [ lib.maybeHead (lib.match "[^:]*:(.*)") ])
+              (lib.compose [ lib.maybeHead (lib.match "[^:]*:(.*)") ])
-                cfg.serviceConfig.LoadCredential);
+              config.systemd.services.${serviceName}.serviceConfig.LoadCredential);
-        in
+      }
-          lib.singleton {
+    ) config.krebs.systemd.services;
-            services.${serviceName} = {
+
-              serviceConfig = {
+    systemd.services = lib.mapAttrs' (serviceName: cfg:
-                LoadCredential = cfg.serviceConfig.LoadCredential;
+      lib.nameValuePair "trigger-${lib.systemd.encodeName serviceName}" {
-              };
+        serviceConfig = {
-            };
+          Type = "oneshot";
-          }
+          ExecStart = "${pkgs.systemd}/bin/systemctl ${cfg.ifCredentialsChange} ${lib.shell.escape serviceName}";
-          ++
+        };
-          lib.optionals (cfg.ifCredentialsChange != null) (map (path: let
+      }
-            triggerName = "trigger-${lib.systemd.encodeName path}";
+    ) config.krebs.systemd.services;
-          in {
+  };
            paths.${triggerName} = {
              wantedBy = ["multi-user.target"];
              pathConfig.PathChanged = path;
            };
            services.${triggerName} = {
              serviceConfig = {
                Type = "oneshot";
                ExecStart = lib.singleton (toString [
                  "${pkgs.systemd}/bin/systemctl ${cfg.ifCredentialsChange}"
                  (lib.shell.escape serviceName)
                ]);
              };
            };
          }) paths)
        ) config.krebs.systemd.services));
 }
--- a/krebs/3modules/tinc.nix
+++ b/krebs/3modules/tinc.nix
@ -229,12 +229,6 @@ with import <stockholm/lib>;
    ) config.krebs.tinc;
    krebs.systemd.services = mapAttrs (netname: cfg: {
      serviceConfig.LoadCredential = filter (x: x != "") [
        (optionalString (cfg.privkey_ed25519 != null)
          "ed25519_key:${cfg.privkey_ed25519}"
        )
        "rsa_key:${cfg.privkey}"
      ];
    }) config.krebs.tinc;
    systemd.services = mapAttrs (netname: cfg: {
@ -249,6 +243,12 @@ with import <stockholm/lib>;
      restartTriggers = [ cfg.confDir ];
      serviceConfig = {
        Restart = "always";
        LoadCredential = filter (x: x != "") [
          (optionalString (cfg.privkey_ed25519 != null)
            "ed25519_key:${cfg.privkey_ed25519}"
          )
          "rsa_key:${cfg.privkey}"
        ];
        ExecStart = toString [
          "${cfg.tincPackage}/sbin/tincd"
          "-D"