1 files changed, 16 insertions, 4 deletions

diff --git a/application/module.nix b/application/module.nix
index 3689996..f4b3e4a 100644
--- a/application/module.nix
+++ b/application/module.nix
@@ -58,13 +58,24 @@ in
       description = "open specimen port in firewall for incoming connections.";
     };
 
-    namePath = mkOption {
-      type = types.path;
-      description = "path from which specimen will get the content to reply with.";
+    nameSecret = mkOption {
+      type = types.attrs;
+      description = "secret from which specimen will take the name from.";
     };
   };
 
   config = mkIf cfg.enable {
+    assertions = with builtins; [
+      {
+        assertion = hasAttr "path" cfg.nameSecret;
+        message = "name secret needs to include path";
+      }
+      {
+        assertion = hasAttr "file" cfg.nameSecret;
+        message = "name secret needs to include store file";
+      }
+    ];
+
     networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.port ];
 
     users.users.${cfg.user} = {
@@ -79,13 +90,14 @@ in
       wantedBy = [ "multi-user.target" ];
       wants = [ "network.target" ];
       after = [ "network.target" ];
+      restartTriggers = [ cfg.nameSecret.file ];
 
       serviceConfig = {
         User = cfg.user;
         Group = cfg.user;
         Type = "exec";
         Restart = "always";
-        ExecStart = "${cfg.package}/bin/specimen -address ${cfg.listenAddress} -port ${toString cfg.port} -name ${cfg.namePath}";
+        ExecStart = "${cfg.package}/bin/specimen -address ${cfg.listenAddress} -port ${toString cfg.port} -name ${cfg.nameSecret.path}";
 
         # a gigantic amount of hardening!!
         # realistically this much wouldn't be necessary.