|
|
@ -1,9 +1,9 @@
|
|
|
|
{
|
|
|
|
{ lib
|
|
|
|
lib,
|
|
|
|
, config
|
|
|
|
config,
|
|
|
|
, pkgs
|
|
|
|
pkgs,
|
|
|
|
, ...
|
|
|
|
...
|
|
|
|
}:
|
|
|
|
}: let
|
|
|
|
let
|
|
|
|
secretType = serviceName:
|
|
|
|
secretType = serviceName:
|
|
|
|
lib.types.submodule ({ config, ... }: {
|
|
|
|
lib.types.submodule ({ config, ... }: {
|
|
|
|
options = {
|
|
|
|
options = {
|
|
|
@ -59,19 +59,22 @@
|
|
|
|
|
|
|
|
|
|
|
|
vaultTemplates = config:
|
|
|
|
vaultTemplates = config:
|
|
|
|
(lib.mapAttrsToList
|
|
|
|
(lib.mapAttrsToList
|
|
|
|
(serviceName: service:
|
|
|
|
(serviceName: _service:
|
|
|
|
getSecretTemplate serviceName services.${serviceName}.vault)
|
|
|
|
getSecretTemplate serviceName services.${serviceName}.vault)
|
|
|
|
(lib.filterAttrs (n: v: v.vault.secrets != {} && v.vault.agent == config._module.args.name) services))
|
|
|
|
(lib.filterAttrs (_n: v: v.vault.secrets != { } && v.vault.agent == config._module.args.name) services))
|
|
|
|
++ (lib.mapAttrsToList
|
|
|
|
++ (lib.mapAttrsToList
|
|
|
|
(serviceName: service:
|
|
|
|
(serviceName: _service:
|
|
|
|
getEnvironmentTemplate serviceName services.${serviceName}.vault)
|
|
|
|
getEnvironmentTemplate serviceName services.${serviceName}.vault)
|
|
|
|
(lib.filterAttrs (n: v: v.vault.environmentTemplate != null && v.vault.agent == config._module.args.name) services));
|
|
|
|
(lib.filterAttrs (_n: v: v.vault.environmentTemplate != null && v.vault.agent == config._module.args.name) services));
|
|
|
|
in {
|
|
|
|
in
|
|
|
|
|
|
|
|
{
|
|
|
|
options = {
|
|
|
|
options = {
|
|
|
|
systemd.services = lib.mkOption {
|
|
|
|
systemd.services = lib.mkOption {
|
|
|
|
type = lib.types.attrsOf (lib.types.submodule ({config, ...}: let
|
|
|
|
type = lib.types.attrsOf (lib.types.submodule ({ config, ... }:
|
|
|
|
|
|
|
|
let
|
|
|
|
serviceName = config._module.args.name;
|
|
|
|
serviceName = config._module.args.name;
|
|
|
|
in {
|
|
|
|
in
|
|
|
|
|
|
|
|
{
|
|
|
|
options.vault = {
|
|
|
|
options.vault = {
|
|
|
|
changeAction = lib.mkOption {
|
|
|
|
changeAction = lib.mkOption {
|
|
|
|
description = ''
|
|
|
|
description = ''
|
|
|
@ -117,9 +120,11 @@ in {
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
config = let
|
|
|
|
config =
|
|
|
|
|
|
|
|
let
|
|
|
|
mkIfHasEnv = lib.mkIf (config.vault.environmentTemplate != null);
|
|
|
|
mkIfHasEnv = lib.mkIf (config.vault.environmentTemplate != null);
|
|
|
|
in {
|
|
|
|
in
|
|
|
|
|
|
|
|
{
|
|
|
|
after = mkIfHasEnv [ "${serviceName}-envfile.service" ];
|
|
|
|
after = mkIfHasEnv [ "${serviceName}-envfile.service" ];
|
|
|
|
bindsTo = mkIfHasEnv [ "${serviceName}-envfile.service" ];
|
|
|
|
bindsTo = mkIfHasEnv [ "${serviceName}-envfile.service" ];
|
|
|
|
|
|
|
|
|
|
|
@ -140,14 +145,17 @@ in {
|
|
|
|
|
|
|
|
|
|
|
|
config = {
|
|
|
|
config = {
|
|
|
|
# we cannot use `systemd.services` here since this would create infinite recursion
|
|
|
|
# we cannot use `systemd.services` here since this would create infinite recursion
|
|
|
|
systemd.packages = let
|
|
|
|
systemd.packages =
|
|
|
|
servicesWithEnv = builtins.attrNames (lib.filterAttrs (n: v: v.vault.environmentTemplate != null) services);
|
|
|
|
let
|
|
|
|
in [
|
|
|
|
servicesWithEnv = builtins.attrNames (lib.filterAttrs (_n: v: v.vault.environmentTemplate != null) services);
|
|
|
|
|
|
|
|
in
|
|
|
|
|
|
|
|
[
|
|
|
|
(pkgs.runCommand "env-services" { }
|
|
|
|
(pkgs.runCommand "env-services" { }
|
|
|
|
(''
|
|
|
|
(''
|
|
|
|
mkdir -p $out/lib/systemd/system
|
|
|
|
mkdir -p $out/lib/systemd/system
|
|
|
|
''
|
|
|
|
''
|
|
|
|
+ (lib.concatMapStringsSep "\n" (service: ''
|
|
|
|
+ (lib.concatMapStringsSep "\n"
|
|
|
|
|
|
|
|
(service: ''
|
|
|
|
cat > $out/lib/systemd/system/${service}-envfile.service <<EOF
|
|
|
|
cat > $out/lib/systemd/system/${service}-envfile.service <<EOF
|
|
|
|
[Unit]
|
|
|
|
[Unit]
|
|
|
|
Before=${service}.service
|
|
|
|
Before=${service}.service
|
|
|
|