1 { config, lib, pkgs, name, ... }:
3 cfg = config.immaeServices.zrepl;
7 immaeServices.zrepl = {
8 enable = lib.mkEnableOption "Enable the zrepl daemon";
10 config = lib.mkOption {
11 type = lib.types.lines;
13 description = "Configuration";
18 config = lib.mkIf cfg.enable {
23 user = config.systemd.services.zrepl.serviceConfig.User or "root";
24 group = config.systemd.services.zrepl.serviceConfig.Group or "root";
26 "zrepl/${name}.key" = {
28 text = config.myEnv.zrepl_backup.certs."${name}".key;
29 user = config.systemd.services.zrepl.serviceConfig.User or "root";
30 group = config.systemd.services.zrepl.serviceConfig.Group or "root";
32 } // builtins.listToAttrs (map (x: lib.attrsets.nameValuePair "zrepl/certificates/${x}.crt" {
34 text = config.myEnv.zrepl_backup.certs."${x}".certificate;
35 user = config.systemd.services.zrepl.serviceConfig.User or "root";
36 group = config.systemd.services.zrepl.serviceConfig.Group or "root";
37 }) (builtins.attrNames config.myEnv.zrepl_backup.certs));
39 services.filesWatcher.zrepl = {
41 paths = [ config.secrets.fullPaths."zrepl/zrepl.yml" ];
43 systemd.services.zrepl = {
44 description = "zrepl daemon";
45 wantedBy = [ "multi-user.target" ];
46 path = [ pkgs.zfs pkgs.openssh ];
49 let configFile = config.secrets.fullPaths."zrepl/zrepl.yml";
50 in "${pkgs.zrepl}/bin/zrepl daemon --config ${configFile}";
52 RuntimeDirectory= "zrepl";
53 RuntimeDirectoryMode= "0700";