blob: 8193391498000ee7419dce9f8379036f240e03c6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
{ config, lib, pkgs, ... }:
with lib;
let
serviceCfg = config.services.password-store-sync;
programCfg = config.programs.password-store;
in {
meta.maintainers = with maintainers; [ pacien ];
options.services.password-store-sync = {
enable = mkEnableOption "Password store periodic sync";
frequency = mkOption {
type = types.str;
default = "*:0/5";
description = ''
How often to synchronise the password store git repository with its
default upstream.
</para><para>
This value is passed to the systemd timer configuration as the
<literal>onCalendar</literal> option.
See
<citerefentry>
<refentrytitle>systemd.time</refentrytitle>
<manvolnum>7</manvolnum>
</citerefentry>
for more information about the format.
'';
};
};
config = mkIf serviceCfg.enable {
assertions = [{
assertion = programCfg.enable;
message = "The 'services.password-store-sync' module requires"
+ " 'programs.password-store.enable = true'.";
}];
systemd.user.services.password-store-sync = {
Unit = { Description = "Password store sync"; };
Service = {
CPUSchedulingPolicy = "idle";
IOSchedulingClass = "idle";
Environment = let
makeEnvironmentPairs =
mapAttrsToList (key: value: "${key}=${builtins.toJSON value}");
in makeEnvironmentPairs programCfg.settings;
ExecStart = toString (pkgs.writeShellScript "password-store-sync" ''
${pkgs.pass}/bin/pass git pull --rebase && \
${pkgs.pass}/bin/pass git push
'');
};
};
systemd.user.timers.password-store-sync = {
Unit = { Description = "Password store periodic sync"; };
Timer = {
Unit = "password-store-sync.service";
OnCalendar = serviceCfg.frequency;
Persistent = true;
};
Install = { WantedBy = [ "timers.target" ]; };
};
};
}
|