You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
49 lines
1.1 KiB
Nix
49 lines
1.1 KiB
Nix
1 month ago
|
{ pkgs
|
||
|
|
, lib
|
||
|
|
, config
|
||
|
|
, ...
|
||
|
|
}:
|
||
|
|
let
|
||
|
|
systemd-vaultd = (pkgs.callPackage ../../default.nix { }).package;
|
||
|
|
in
|
||
|
|
{
|
||
|
|
imports = [
|
||
|
|
./vault-secrets.nix
|
||
|
|
];
|
||
|
|
options = {
|
||
|
|
services.systemd-openbaod = {
|
||
|
|
package = lib.mkOption {
|
||
|
|
type = lib.types.package;
|
||
|
|
default = systemd-vaultd;
|
||
|
|
defaultText = "pkgs.systemd-openbaod";
|
||
|
|
description = ''
|
||
|
|
The package to use for systemd-openbaod
|
||
|
|
'';
|
||
|
|
};
|
||
|
|
};
|
||
|
|
};
|
||
|
|
|
||
|
|
config = {
|
||
|
|
systemd.sockets.systemd-openbaod = {
|
||
|
|
description = "systemd-openbaod socket";
|
||
|
|
wantedBy = [ "sockets.target" ];
|
||
|
|
|
||
|
|
socketConfig = {
|
||
|
|
ListenStream = "/run/systemd-openbaod/sock";
|
||
|
|
SocketUser = "root";
|
||
|
|
SocketMode = "0600";
|
||
|
|
};
|
||
|
|
};
|
||
|
|
systemd.services.systemd-openbaod = {
|
||
|
|
description = "systemd-openbaod daemon";
|
||
|
|
requires = [ "systemd-openbaod.socket" ];
|
||
|
|
after = [ "systemd-openbaod.socket" ];
|
||
|
|
# Restarting can break services waiting for secrets
|
||
|
|
stopIfChanged = false;
|
||
|
|
serviceConfig = {
|
||
|
|
ExecStart = lib.getExe config.services.systemd-openbaod.package;
|
||
|
|
};
|
||
|
|
};
|
||
|
|
};
|
||
|
|
}
|