X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;ds=sidebyside;f=modules%2Fzrepl.nix;h=7bee4e110336720dba97c5f3e2f0ed3a8a5b5cc1;hb=b095e430437e9d4e5ce79280ab54347a07d7a5a7;hp=cb74082f8966472791a394e393ca22b76ec707f1;hpb=5dda316b382211733cda7163b33bf388dd052671;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/zrepl.nix b/modules/zrepl.nix
index cb74082..7bee4e1 100644
--- a/modules/zrepl.nix
+++ b/modules/zrepl.nix
@@ -1,10 +1,10 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, pkgs, name, ... }:
 let
-  cfg = config.services.zrepl;
+  cfg = config.immaeServices.zrepl;
 in
 {
   options = {
-    services.zrepl = {
+    immaeServices.zrepl = {
       enable = lib.mkEnableOption "Enable the zrepl daemon";
 
       config = lib.mkOption {
@@ -16,15 +16,26 @@ in
   };
 
   config = lib.mkIf cfg.enable {
-    secrets.keys = [
-      {
-        dest = "zrepl/zrepl.yml";
+    secrets.keys = {
+      "zrepl/zrepl.yml" = {
         permissions = "0400";
         text = cfg.config;
         user = config.systemd.services.zrepl.serviceConfig.User or "root";
         group = config.systemd.services.zrepl.serviceConfig.Group or "root";
-      }
-    ];
+      };
+      "zrepl/${name}.key" = {
+        permissions = "0400";
+        text = config.myEnv.zrepl_backup.certs."${name}".key;
+        user = config.systemd.services.zrepl.serviceConfig.User or "root";
+        group = config.systemd.services.zrepl.serviceConfig.Group or "root";
+      };
+    } // builtins.listToAttrs (map (x: lib.attrsets.nameValuePair "zrepl/certificates/${x}.crt" {
+      permissions = "0400";
+      text = config.myEnv.zrepl_backup.certs."${x}".certificate;
+      user = config.systemd.services.zrepl.serviceConfig.User or "root";
+      group = config.systemd.services.zrepl.serviceConfig.Group or "root";
+    }) (builtins.attrNames config.myEnv.zrepl_backup.certs));
+
     services.filesWatcher.zrepl = {
       restart = true;
       paths = [ config.secrets.fullPaths."zrepl/zrepl.yml" ];