yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

vars: add restartUnits option

Browse Source 
For secrets not part of the nix store there is no other way in NixOS to
restart a service after the secret is updated. One example is changing
password in userborn, which doesn't run as a activation script but as a
systemd service.
This commit is contained in:
Jörg Thalheim
2025-05-28 16:17:51 +02:00
parent 2efb4994a6
commit 7314f6b2ff
5 changed files with 20 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
clanModules/root-password/roles/default.nix
View File

@@ -1,6 +1,7 @@
{ {
pkgs, pkgs,
config, config,
lib,
... ...
}: }:
{ {
@@ -12,6 +13,7 @@
files.password-hash = { files.password-hash = {
neededFor = "users"; neededFor = "users";
}; };
files.password-hash.restartUnits = lib.optional (config.services.userborn.enable) "userborn.service";
files.password = { files.password = {
deploy = false; deploy = false;
}; };

1
clanModules/user-password/roles/default.nix
View File

@@ -31,6 +31,7 @@ in
clan.core.vars.generators.user-password = { clan.core.vars.generators.user-password = {
files.user-password-hash.neededFor = "users"; files.user-password-hash.neededFor = "users";
files.user-password-hash.restartUnits = lib.optional (config.services.userborn.enable) "userborn.service";
prompts.user-password.type = "hidden"; prompts.user-password.type = "hidden";
prompts.user-password.persist = true; prompts.user-password.persist = true;

10
nixosModules/clanCore/vars/interface.nix
View File

@@ -298,6 +298,16 @@ in
description = "The unix file mode of the file. Must be a 4-digit octal number."; description = "The unix file mode of the file. Must be a 4-digit octal number.";
default = "0400"; default = "0400";
}; };
restartUnits = lib.mkOption {
description = ''
A list of systemd units that should be restarted after the file is deployed.
This is useful for services that need to reload their configuration after the file is updated.
WARNING: currently only sops-nix implements this option.
'';
type = listOf str;
default = [ ];
};
value = value =
lib.mkOption { lib.mkOption {
description = '' description = ''

1
nixosModules/clanCore/vars/secret/sops/default.nix
View File

@@ -48,6 +48,7 @@ in
group group
mode mode
neededForUsers neededForUsers
restartUnits
; ;
sopsFile = builtins.path { sopsFile = builtins.path {
name = "${secret.generator}_${secret.name}"; name = "${secret.generator}_${secret.name}";

7
nixosModules/clanCore/vars/secret/sops/funcs.nix
View File

@@ -28,7 +28,12 @@ in
generator = gen_name; generator = gen_name;
neededForUsers = file.neededFor == "users"; neededForUsers = file.neededFor == "users";
inherit (generator) share; inherit (generator) share;
inherit (file) owner group mode; inherit (file)
owner
group
mode
restartUnits
;
}) (relevantFiles generator) }) (relevantFiles generator)
) generators ) generators
); );