added: hm module

modules/home-manager.nix

@@ -1,2 +1,55 @@
-{ config, pkgs, lib, ... }: with lib; let cfg = config.services.ssh-cert-dist; in { }
+{ config, pkgs, lib, ... }: with lib; let
+  cfg = config.services.ssh-cert-dist;
+  directoryModule = { name, ... }: {
+    options = {
+      name = mkOption {
+        type = types.str;
+        default = last (splitString "/" name);
+      };
+      fetch = mkOption {
+        type = types.bool;
+        default = true;
+      };
+      upload = mkOption {
+        type = types.bool;
+        default = false;
+      };
+    };
+  };
+in
+{
+  options.services.ssh-cert-dist = {
+    enable = mkEnableOption "ssh-cert-dist";
+    endpoint = mkOption {
+      type = types.str;
+      description = "API endpoint url";
+    };
+    directories = mkOption {
+      type = with types; attrsOf (submodule directoryModule);
+      default = { };
+    };
+  };
+  config.systemd.user.services = mkIf cfg.enable (mapAttrs'
+    (path: options: {
+      inherit (options) name; value = {
+      Unit.Description = "ssh-cert-dist service for ${path}";
+      Service = {
+        Environment = "RUST_LOG=debug";
+        ExecStart = toString (pkgs.writeShellApplication {
+          name = "ssh-cert-dist-${options.name}";
+          runtimeInputs = [ pkgs.ssh-cert-dist ];
+          text = ''
+            ${optionalString options.fetch ''
+             ssh-cert-dist client fetch --cert-dir '${path}' --api-endpoint '${cfg.endpoint}' 
+            ''}
+            ${optionalString options.upload ''
+             ssh-cert-dist client upload --api-endpoint '${cfg.endpoint}' ${path}/*
+            ''}
 
+          '';
+        });
+      };
+    };
+    })
+    cfg.directories);
+}