vars: add restartUnits option

For secrets not part of the nix store there is no other way in NixOS to
restart a service after the secret is updated. One example is changing
password in userborn, which doesn't run as a activation script but as a
systemd service.

nixosModules/clanCore/vars/interface.nix

@@ -298,6 +298,16 @@ in
                       description = "The unix file mode of the file. Must be a 4-digit octal number.";
                       default = "0400";
                     };
+                    restartUnits = lib.mkOption {
+                      description = ''
+                        A list of systemd units that should be restarted after the file is deployed.
+                        This is useful for services that need to reload their configuration after the file is updated.
+
+                        WARNING: currently only sops-nix implements this option.
+                      '';
+                      type = listOf str;
+                      default = [ ];
+                    };
                     value =
                       lib.mkOption {
                         description = ''

nixosModules/clanCore/vars/secret/sops/default.nix

@@ -48,6 +48,7 @@ in
             group
             mode
             neededForUsers
+            restartUnits
             ;
           sopsFile = builtins.path {
             name = "${secret.generator}_${secret.name}";

nixosModules/clanCore/vars/secret/sops/funcs.nix

@@ -28,7 +28,12 @@ in
             generator = gen_name;
             neededForUsers = file.neededFor == "users";
             inherit (generator) share;
-            inherit (file) owner group mode;
+            inherit (file)
+              owner
+              group
+              mode
+              restartUnits
+              ;
           }) (relevantFiles generator)
         ) generators
       );