feat(proxy): further adapt to openbao

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
1 month ago · 9e07182d3e
parent 8be31345fa
commit 9e07182d3e
3 changed files with 49 additions and 48 deletions
--- a/default.nix
+++ b/default.nix
@ -10,6 +10,7 @@
      license = licenses.mit;
      maintainers = with maintainers; [ raitobezarius ];
      platforms = platforms.unix;
+      mainProgram = "systemd-openbaod";
    };
  };

--- a/nix/modules/systemd-openbaod.nix
+++ b/nix/modules/systemd-openbaod.nix
@ -0,0 +1,48 @@
+{ pkgs
+, lib
+, config
+, ...
+}:
+let
+  systemd-vaultd = (pkgs.callPackage ../../default.nix { }).package;
+in
+{
+  imports = [
+    ./vault-secrets.nix
+  ];
+  options = {
+    services.systemd-openbaod = {
+      package = lib.mkOption {
+        type = lib.types.package;
+        default = systemd-vaultd;
+        defaultText = "pkgs.systemd-openbaod";
+        description = ''
+          The package to use for systemd-openbaod
+        '';
+      };
+    };
+  };
+
+  config = {
+    systemd.sockets.systemd-openbaod = {
+      description = "systemd-openbaod socket";
+      wantedBy = [ "sockets.target" ];
+
+      socketConfig = {
+        ListenStream = "/run/systemd-openbaod/sock";
+        SocketUser = "root";
+        SocketMode = "0600";
+      };
+    };
+    systemd.services.systemd-openbaod = {
+      description = "systemd-openbaod daemon";
+      requires = [ "systemd-openbaod.socket" ];
+      after = [ "systemd-openbaod.socket" ];
+      # Restarting can break services waiting for secrets
+      stopIfChanged = false;
+      serviceConfig = {
+        ExecStart = lib.getExe config.services.systemd-openbaod.package;
+      };
+    };
+  };
+}
--- a/nix/modules/systemd-vaultd.nix
+++ b/nix/modules/systemd-vaultd.nix
@ -1,48 +0,0 @@
-{ pkgs
-, lib
-, config
-, ...
-}:
-let
-  systemd-vaultd = pkgs.callPackage ../../default.nix { };
-in
-{
-  imports = [
-    ./vault-secrets.nix
-  ];
-  options = {
-    services.systemd-vaultd = {
-      package = lib.mkOption {
-        type = lib.types.package;
-        default = systemd-vaultd;
-        defaultText = "pkgs.systemd-vaultd";
-        description = ''
-          The package to use for systemd-vaultd
-        '';
-      };
-    };
-  };
-
-  config = {
-    systemd.sockets.systemd-vaultd = {
-      description = "systemd-vaultd socket";
-      wantedBy = [ "sockets.target" ];
-
-      socketConfig = {
-        ListenStream = "/run/systemd-vaultd/sock";
-        SocketUser = "root";
-        SocketMode = "0600";
-      };
-    };
-    systemd.services.systemd-vaultd = {
-      description = "systemd-vaultd daemon";
-      requires = [ "systemd-vaultd.socket" ];
-      after = [ "systemd-vaultd.socket" ];
-      # Restarting can break services waiting for secrets
-      stopIfChanged = false;
-      serviceConfig = {
-        ExecStart = "${config.services.systemd-vaultd.package}/bin/systemd-vaultd";
-      };
-    };
-  };
-}