X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fzrepl.nix;h=bc3e7e16f0c4148a47f4bc9d0e570cd49c93c796;hb=81d9fdd3328b438c555f819f50e9e868053b5301;hp=5bcc17b638bd31c29dbfe4d30a35f62964f8a68e;hpb=4c4652aabf2cb3ac8b40f2856eca07a1df9c27e0;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/zrepl.nix b/modules/zrepl.nix
index 5bcc17b..bc3e7e1 100644
--- a/modules/zrepl.nix
+++ b/modules/zrepl.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, pkgs, name, ... }:
 let
   cfg = config.services.zrepl;
 in
@@ -23,7 +23,19 @@ in
         user = config.systemd.services.zrepl.serviceConfig.User or "root";
         group = config.systemd.services.zrepl.serviceConfig.Group or "root";
       };
-    };
+      "zrepl/${name}.key" = {
+        permissions = "0400";
+        text = config.myEnv.zrepl_backup.certs."${name}".key;
+        user = config.systemd.services.zrepl.serviceConfig.User or "root";
+        group = config.systemd.services.zrepl.serviceConfig.Group or "root";
+      };
+    } // builtins.listToAttrs (map (x: lib.attrsets.nameValuePair "zrepl/certificates/${x}.crt" {
+      permissions = "0400";
+      text = config.myEnv.zrepl_backup.certs."${x}".certificate;
+      user = config.systemd.services.zrepl.serviceConfig.User or "root";
+      group = config.systemd.services.zrepl.serviceConfig.Group or "root";
+    }) (builtins.attrNames config.myEnv.zrepl_backup.certs));
+
     services.filesWatcher.zrepl = {
       restart = true;
       paths = [ config.secrets.fullPaths."zrepl/zrepl.yml" ];