diff --git a/cluster/lib/services.nix b/cluster/lib/services.nix index c0124b2..b500f1b 100644 --- a/cluster/lib/services.nix +++ b/cluster/lib/services.nix @@ -7,13 +7,21 @@ let lib.mapAttrsToList (groupName: _: svcConfig.nixos.${groupName}) (lib.filterAttrs (_: lib.elem hostName) svcConfig.nodes); - secretsConfig.age.secrets = lib.mapAttrs' (secretName: secretConfig: { - name = "cluster-${svcName}-${secretName}"; - value = { - inherit (secretConfig) path mode owner group; - file = ../secrets/${svcName}-${secretName}${lib.optionalString (!secretConfig.shared) "-${hostName}"}.age; - }; - }) (lib.filterAttrs (_: secret: lib.any (node: node == hostName) secret.nodes) svcConfig.secrets); + secretsConfig = let + secrets = lib.filterAttrs (_: secret: lib.any (node: node == hostName) secret.nodes) svcConfig.secrets; + in { + age.secrets = lib.mapAttrs' (secretName: secretConfig: { + name = "cluster-${svcName}-${secretName}"; + value = { + inherit (secretConfig) path mode owner group; + file = ../secrets/${svcName}-${secretName}${lib.optionalString (!secretConfig.shared) "-${hostName}"}.age; + }; + }) secrets; + + systemd.services = lib.mkMerge (lib.mapAttrsToList (secretName: secretConfig: lib.genAttrs secretConfig.services (systemdServiceName: { + restartTriggers = [ "${../secrets/${svcName}-${secretName}${lib.optionalString (!secretConfig.shared) "-${hostName}"}.age}" ]; + })) secrets); + }; in serviceConfigs ++ [ secretsConfig ]; diff --git a/cluster/lib/services/secrets.nix b/cluster/lib/services/secrets.nix index 494e5f1..6909c33 100644 --- a/cluster/lib/services/secrets.nix +++ b/cluster/lib/services/secrets.nix @@ -44,6 +44,12 @@ in type = lib.types.str; default = "root"; }; + + services = lib.mkOption { + type = with lib.types; listOf str; + description = "Services to restart when this secret changes."; + default = []; + }; }; })); default = {};