]>
Commit | Line | Data |
---|---|---|
17069bb6 | 1 | { config, lib, pkgs, name, ... }: |
5dda316b | 2 | let |
e34b3079 | 3 | cfg = config.immaeServices.zrepl; |
5dda316b IB |
4 | in |
5 | { | |
6 | options = { | |
e34b3079 | 7 | immaeServices.zrepl = { |
5dda316b IB |
8 | enable = lib.mkEnableOption "Enable the zrepl daemon"; |
9 | ||
10 | config = lib.mkOption { | |
11 | type = lib.types.lines; | |
12 | default = ""; | |
13 | description = "Configuration"; | |
14 | }; | |
15 | }; | |
16 | }; | |
17 | ||
18 | config = lib.mkIf cfg.enable { | |
4c4652aa IB |
19 | secrets.keys = { |
20 | "zrepl/zrepl.yml" = { | |
5dda316b IB |
21 | permissions = "0400"; |
22 | text = cfg.config; | |
23 | user = config.systemd.services.zrepl.serviceConfig.User or "root"; | |
24 | group = config.systemd.services.zrepl.serviceConfig.Group or "root"; | |
4c4652aa | 25 | }; |
17069bb6 IB |
26 | "zrepl/${name}.key" = { |
27 | permissions = "0400"; | |
28 | text = config.myEnv.zrepl_backup.certs."${name}".key; | |
29 | user = config.systemd.services.zrepl.serviceConfig.User or "root"; | |
30 | group = config.systemd.services.zrepl.serviceConfig.Group or "root"; | |
31 | }; | |
32 | } // builtins.listToAttrs (map (x: lib.attrsets.nameValuePair "zrepl/certificates/${x}.crt" { | |
33 | permissions = "0400"; | |
34 | text = config.myEnv.zrepl_backup.certs."${x}".certificate; | |
35 | user = config.systemd.services.zrepl.serviceConfig.User or "root"; | |
36 | group = config.systemd.services.zrepl.serviceConfig.Group or "root"; | |
37 | }) (builtins.attrNames config.myEnv.zrepl_backup.certs)); | |
38 | ||
5dda316b IB |
39 | services.filesWatcher.zrepl = { |
40 | restart = true; | |
41 | paths = [ config.secrets.fullPaths."zrepl/zrepl.yml" ]; | |
42 | }; | |
43 | systemd.services.zrepl = { | |
44 | description = "zrepl daemon"; | |
45 | wantedBy = [ "multi-user.target" ]; | |
46 | path = [ pkgs.zfs pkgs.openssh ]; | |
47 | serviceConfig = { | |
48 | ExecStart = | |
49 | let configFile = config.secrets.fullPaths."zrepl/zrepl.yml"; | |
50 | in "${pkgs.zrepl}/bin/zrepl daemon --config ${configFile}"; | |
51 | Type = "simple"; | |
52 | RuntimeDirectory= "zrepl"; | |
53 | RuntimeDirectoryMode= "0700"; | |
54 | }; | |
55 | }; | |
56 | }; | |
57 | } |