diff --git a/repack/reuse-cert.nix b/repack/reuse-cert.nix index 8cb91d27..98758c35 100644 --- a/repack/reuse-cert.nix +++ b/repack/reuse-cert.nix @@ -8,6 +8,7 @@ }: reIf ( let + inherit (lib) optionalAttrs; nameCondPair = [ { name = "trojan-server"; @@ -20,7 +21,7 @@ reIf ( ]; in { - systemd.services = + systemd.services = lib.mkMerge [ (lib.foldr ( i: acc: acc @@ -43,27 +44,23 @@ reIf ( }; } ) { } nameCondPair) - // { + (optionalAttrs config.services.caddy.enable { caddy.serviceConfig.EnvironmentFile = config.age.secrets.porkbun-api.path; - # hysteria-only.serviceConfig.LoadCredential = [ - # "crt:${config.age.secrets."nyaw.cert".path}" - # "key:${config.age.secrets."nyaw.key".path}" - # ]; + }) + (optionalAttrs (builtins.any (i: i.serve) (lib.attrValues config.services.hysteria.instances)) { hysteria-only.serviceConfig.LoadCredential = - lib.mkIf (builtins.any (i: i.serve) (lib.attrValues config.services.hysteria.instances)) + map ( - map - ( - s: - s - + ":" - + "/var/lib/caddy/certificates/acme-v02.api.letsencrypt.org-directory/nyaw.xyz/nyaw.xyz.${s}" - ) - [ - "key" - "crt" - ] - ); - }; + s: + s + + ":" + + "/var/lib/caddy/certificates/acme-v02.api.letsencrypt.org-directory/nyaw.xyz/nyaw.xyz.${s}" + ) + [ + "key" + "crt" + ]; + }) + ]; } )