From 4878c42ca91279bf421808383a00f68db39cbcd2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Motiejus=20Jak=C5=A1tys?= <motiejus@jakstys.lt>
Date: Thu, 10 Aug 2023 00:46:36 +0300
Subject: [PATCH] cron + alerting for cert updates

---
 modules/services/nsd-acme/default.nix | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/modules/services/nsd-acme/default.nix b/modules/services/nsd-acme/default.nix
index 09686a9..f921523 100644
--- a/modules/services/nsd-acme/default.nix
+++ b/modules/services/nsd-acme/default.nix
@@ -186,6 +186,25 @@ in {
       )
       config.mj.services.nsd-acme.zones;
 
-    mj.base.unitstatus.units = lib.mkIf config.mj.base.unitstatus.enable ["nsd-control-setup"];
+    systemd.timers =
+      lib.mapAttrs'
+      (
+        zone: cfg:
+          lib.nameValuePair "nsd-acme-${lib.strings.sanitizeDerivationName zone}" {
+            description = "nsd-acme for zone ${zone}";
+            wantedBy = ["timers.target"];
+            timerConfig = {
+              OnCalendar = "*-*-* 01:30";
+            };
+            after = ["network-online.target"];
+          }
+      )
+      config.mj.services.nsd-acme.zones;
+
+    mj.base.unitstatus.units = let
+      zones = config.mj.services.nsd-acme.zones;
+      sanitized = map lib.strings.sanitizeDerivationName (lib.attrNames zones);
+    in
+      lib.mkIf config.mj.base.unitstatus.enable (["nsd-control-setup"] ++ map (n: "nsd-acme-${n}") sanitized);
   };
 }