-{ config, lib, pkgs, ... }:
+{ config, lib, pkgs, name, ... }:
let
- cfg = config.services.zrepl;
+ cfg = config.immaeServices.zrepl;
in
{
options = {
- services.zrepl = {
+ immaeServices.zrepl = {
enable = lib.mkEnableOption "Enable the zrepl daemon";
config = lib.mkOption {
};
config = lib.mkIf cfg.enable {
- secrets.keys = [
- {
- dest = "zrepl/zrepl.yml";
+ secrets.keys = {
+ "zrepl/zrepl.yml" = {
permissions = "0400";
text = cfg.config;
user = config.systemd.services.zrepl.serviceConfig.User or "root";
group = config.systemd.services.zrepl.serviceConfig.Group or "root";
- }
- ];
+ };
+ "zrepl/${name}.key" = {
+ permissions = "0400";
+ text = config.myEnv.zrepl_backup.certs."${name}".key;
+ user = config.systemd.services.zrepl.serviceConfig.User or "root";
+ group = config.systemd.services.zrepl.serviceConfig.Group or "root";
+ };
+ } // builtins.listToAttrs (map (x: lib.attrsets.nameValuePair "zrepl/certificates/${x}.crt" {
+ permissions = "0400";
+ text = config.myEnv.zrepl_backup.certs."${x}".certificate;
+ user = config.systemd.services.zrepl.serviceConfig.User or "root";
+ group = config.systemd.services.zrepl.serviceConfig.Group or "root";
+ }) (builtins.attrNames config.myEnv.zrepl_backup.certs));
+
services.filesWatcher.zrepl = {
restart = true;
paths = [ config.secrets.fullPaths."zrepl/zrepl.yml" ];