Change monitoring for tiboqorl

[perso/Immae/Config/Nix.git] / modules / zrepl.nix

diff --git a/modules/zrepl.nix b/modules/zrepl.nix
index cb74082f8966472791a394e393ca22b76ec707f1..7bee4e110336720dba97c5f3e2f0ed3a8a5b5cc1 100644 (file)
--- a/modules/zrepl.nix
+++ b/modules/zrepl.nix
@@ -1,10 +1,10 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, pkgs, name, ... }:
 let
-  cfg = config.services.zrepl;
+  cfg = config.immaeServices.zrepl;
 in
 {
   options = {
-    services.zrepl = {
+    immaeServices.zrepl = {
       enable = lib.mkEnableOption "Enable the zrepl daemon";
 
       config = lib.mkOption {
@@ -16,15 +16,26 @@ in
   };
 
   config = lib.mkIf cfg.enable {
-    secrets.keys = [
-      {
-        dest = "zrepl/zrepl.yml";
+    secrets.keys = {
+      "zrepl/zrepl.yml" = {
         permissions = "0400";
         text = cfg.config;
         user = config.systemd.services.zrepl.serviceConfig.User or "root";
         group = config.systemd.services.zrepl.serviceConfig.Group or "root";
-      }
-    ];
+      };
+      "zrepl/${name}.key" = {
+        permissions = "0400";
+        text = config.myEnv.zrepl_backup.certs."${name}".key;
+        user = config.systemd.services.zrepl.serviceConfig.User or "root";
+        group = config.systemd.services.zrepl.serviceConfig.Group or "root";
+      };
+    } // builtins.listToAttrs (map (x: lib.attrsets.nameValuePair "zrepl/certificates/${x}.crt" {
+      permissions = "0400";
+      text = config.myEnv.zrepl_backup.certs."${x}".certificate;
+      user = config.systemd.services.zrepl.serviceConfig.User or "root";
+      group = config.systemd.services.zrepl.serviceConfig.Group or "root";
+    }) (builtins.attrNames config.myEnv.zrepl_backup.certs));
+
     services.filesWatcher.zrepl = {
       restart = true;
       paths = [ config.secrets.fullPaths."zrepl/zrepl.yml" ];