config = mkIf cfg.enable {
- secrets.keys = [
- {
- dest = "naemon/resources.cfg";
+ secrets.keys = {
+ "naemon/resources.cfg" = {
user = cfg.user;
group = cfg.group;
permissions = "0400";
$USER1$=${pkgs.monitoring-plugins}/libexec
${cfg.extraResource}
'';
- }
- ];
+ };
+ };
- users.users = optionalAttrs (cfg.user == "naemon") (singleton
- {
- name = "naemon";
+ users.users = optionalAttrs (cfg.user == "naemon") {
+ naemon = {
group = cfg.group;
uid = config.ids.uids.nagios;
extraGroups = [ "keys" ];
- });
- users.groups = optionalAttrs (cfg.user == "naemon") (singleton
- {
- name = "naemon";
- gid = config.ids.gids.nagios;
- });
+ };
+ };
+ users.groups = optionalAttrs (cfg.user == "naemon") {
+ naemon = {
+ gid = config.ids.gids.nagios;
+ };
+ };
services.filesWatcher.naemon = {
paths = [ config.secrets.fullPaths."naemon/resources.cfg" ];