Fix monitoring script

[perso/Immae/Config/Nix.git] / modules / zrepl.nix

diff --git a/modules/zrepl.nix b/modules/zrepl.nix
index 5bcc17b638bd31c29dbfe4d30a35f62964f8a68e..bc3e7e16f0c4148a47f4bc9d0e570cd49c93c796 100644 (file)
--- a/modules/zrepl.nix
+++ b/modules/zrepl.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, pkgs, name, ... }:
 let
   cfg = config.services.zrepl;
 in
@@ -23,7 +23,19 @@ in
         user = config.systemd.services.zrepl.serviceConfig.User or "root";
         group = config.systemd.services.zrepl.serviceConfig.Group or "root";
       };
-    };
+      "zrepl/${name}.key" = {
+        permissions = "0400";
+        text = config.myEnv.zrepl_backup.certs."${name}".key;
+        user = config.systemd.services.zrepl.serviceConfig.User or "root";
+        group = config.systemd.services.zrepl.serviceConfig.Group or "root";
+      };
+    } // builtins.listToAttrs (map (x: lib.attrsets.nameValuePair "zrepl/certificates/${x}.crt" {
+      permissions = "0400";
+      text = config.myEnv.zrepl_backup.certs."${x}".certificate;
+      user = config.systemd.services.zrepl.serviceConfig.User or "root";
+      group = config.systemd.services.zrepl.serviceConfig.Group or "root";
+    }) (builtins.attrNames config.myEnv.zrepl_backup.certs));
+
     services.filesWatcher.zrepl = {
       restart = true;
       paths = [ config.secrets.fullPaths."zrepl/zrepl.yml" ];