Add a filesWatcher service to restart them when secrets change

[perso/Immae/Config/Nix.git] / modules / private / ftp.nix

diff --git a/modules/private/ftp.nix b/modules/private/ftp.nix
index 842d2d6540bbe65d0347c3989d0f243a24884b9f..59cae595bfe1c359aa6e6e7ef36a3c4a142a1937 100644 (file)
--- a/modules/private/ftp.nix
+++ b/modules/private/ftp.nix
@@ -1,4 +1,7 @@
 { lib, pkgs, config, myconfig, ... }:
+let
+  package = pkgs.pure-ftpd.override { ldapFtpId = "immaeFtp"; };
+in
 {
   options = {
     services.pure-ftpd.enable = lib.mkOption {
@@ -69,6 +72,11 @@
         '';
     }];
 
+    services.filesWatcher.pure-ftpd = {
+      restart = true;
+      paths = [ "/var/secrets/pure-ftpd-ldap" ];
+    };
+
     systemd.services.pure-ftpd = let
       configFile = pkgs.writeText "pure-ftpd.conf" ''
         PassivePortRange             40000 50000
@@ -109,7 +117,7 @@
       wantedBy = [ "multi-user.target" ];
       after = [ "network.target" ];
 
-      serviceConfig.ExecStart = "${pkgs.pure-ftpd}/bin/pure-ftpd ${configFile}";
+      serviceConfig.ExecStart = "${package}/bin/pure-ftpd ${configFile}";
       serviceConfig.Type = "forking";
       serviceConfig.PIDFile = "/run/pure-ftpd.pid";
     };