diff options
Diffstat (limited to 'sys/jobs/pki-expiry')
| -rw-r--r-- | sys/jobs/pki-expiry/default.nix | 53 |
1 files changed, 27 insertions, 26 deletions
diff --git a/sys/jobs/pki-expiry/default.nix b/sys/jobs/pki-expiry/default.nix index b61d6f5..553cdc8 100644 --- a/sys/jobs/pki-expiry/default.nix +++ b/sys/jobs/pki-expiry/default.nix @@ -1,9 +1,13 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with lib; let cfg = config.local.jobs.pkiExpiry; inherit (config.local) pki; -in -{ +in { options.local.jobs.pkiExpiry = { enable = mkEnableOption "PKI expiration reminder"; }; @@ -11,43 +15,40 @@ in config = mkIf cfg.enable { systemd = { services.pki-expiry = { - after = [ "postfix.service" ]; - path = [ "/run/wrappers" ]; + after = ["postfix.service"]; + path = ["/run/wrappers"]; - environment.PKI_PUBLIC = - let - mkdir = "mkdir -p $out/{ca,cert,crl}"; + environment.PKI_PUBLIC = let + mkdir = "mkdir -p $out/{ca,cert,crl}"; - cas = mapAttrsToList (_: ca: "ln -s ${ca.cert} $out/ca/${ca.path}") pki.ca; - crls = mapAttrsToList (_: ca: "ln -s ${ca.crl} $out/crl/${ca.path}") pki.ca; + cas = mapAttrsToList (_: ca: "ln -s ${ca.cert} $out/ca/${ca.path}") pki.ca; + crls = mapAttrsToList (_: ca: "ln -s ${ca.crl} $out/crl/${ca.path}") pki.ca; - certs = mapAttrsToList - (path: leaf: "ln -s ${leaf.cert} $out/cert/${path}") - (filterAttrs (_: object: ! object ? leaves) pki.byPath); + certs = + mapAttrsToList + (path: leaf: "ln -s ${leaf.cert} $out/cert/${path}") + (filterAttrs (_: object: ! object ? leaves) pki.byPath); - pkiPublic = pkgs.runCommandNoCCLocal "pki-public" { } (concatLines ([ mkdir ] ++ cas ++ crls ++ certs)); - in - "${pkiPublic}"; + pkiPublic = pkgs.runCommandNoCCLocal "pki-public" {} (concatLines ([mkdir] ++ cas ++ crls ++ certs)); + in "${pkiPublic}"; serviceConfig = { Type = "oneshot"; StateDirectory = "pki-expiry"; WorkingDirectory = "/var/lib/pki-expiry"; - ExecStart = - let - script = pkgs.writeShellApplication { - name = "pki-expiry"; - text = readFile ./pki-expiry.sh; - runtimeInputs = with pkgs; [ diffutils openssl ]; - }; - in - "${getExe script}"; + ExecStart = let + script = pkgs.writeShellApplication { + name = "pki-expiry"; + text = readFile ./pki-expiry.sh; + runtimeInputs = with pkgs; [diffutils openssl]; + }; + in "${getExe script}"; }; }; timers.pki-expiry = { - wantedBy = [ "timers.target" ]; + wantedBy = ["timers.target"]; timerConfig = { OnStartupSec = "10m"; |