56 lines
1.5 KiB
Nix
56 lines
1.5 KiB
Nix
{ config, pkgs, lib, ... }: with lib; let
|
|
cfg = config.services.ssh-cert-dist;
|
|
directoryModule = { name, ... }: {
|
|
options = {
|
|
name = mkOption {
|
|
type = types.str;
|
|
default = last (splitString "/" name);
|
|
};
|
|
fetch = mkOption {
|
|
type = types.bool;
|
|
default = true;
|
|
};
|
|
upload = mkOption {
|
|
type = types.bool;
|
|
default = false;
|
|
};
|
|
};
|
|
};
|
|
in
|
|
{
|
|
options.services.ssh-cert-dist = {
|
|
enable = mkEnableOption "ssh-cert-dist";
|
|
endpoint = mkOption {
|
|
type = types.str;
|
|
description = "API endpoint url";
|
|
};
|
|
directories = mkOption {
|
|
type = with types; attrsOf (submodule directoryModule);
|
|
default = { };
|
|
};
|
|
};
|
|
config.systemd.user.services = mkIf cfg.enable (mapAttrs'
|
|
(path: options: {
|
|
inherit (options) name; value = {
|
|
Unit.Description = "ssh-cert-dist service for ${path}";
|
|
Service = {
|
|
Environment = "RUST_LOG=debug";
|
|
ExecStart = toString (pkgs.writeShellApplication {
|
|
name = "ssh-cert-dist-${options.name}";
|
|
runtimeInputs = [ pkgs.ssh-cert-dist ];
|
|
text = ''
|
|
${optionalString options.fetch ''
|
|
ssh-cert-dist client fetch --cert-dir '${path}' --api-endpoint '${cfg.endpoint}'
|
|
''}
|
|
${optionalString options.upload ''
|
|
ssh-cert-dist client upload --api-endpoint '${cfg.endpoint}' ${path}/*
|
|
''}
|
|
|
|
'';
|
|
});
|
|
};
|
|
};
|
|
})
|
|
cfg.directories);
|
|
}
|