create yate service user
This commit is contained in:
parent
fd525ee06f
commit
149f846d32
|
@ -9,7 +9,7 @@
|
||||||
|
|
||||||
sops.secrets."git_clone_key" = {
|
sops.secrets."git_clone_key" = {
|
||||||
mode = "0600";
|
mode = "0600";
|
||||||
owner = "root";
|
owner = "yate";
|
||||||
group = "yate-config";
|
group = "yate-config";
|
||||||
restartUnits = [ "yate.service" ];
|
restartUnits = [ "yate.service" ];
|
||||||
};
|
};
|
||||||
|
@ -25,7 +25,7 @@
|
||||||
ExecStart = "${pkgs.yate}/bin/yate -c /etc/yate -e /etc/yate/share -Do";
|
ExecStart = "${pkgs.yate}/bin/yate -c /etc/yate -e /etc/yate/share -Do";
|
||||||
Type="simple";
|
Type="simple";
|
||||||
Restart="always";
|
Restart="always";
|
||||||
User="root";
|
User="yate";
|
||||||
Group="yate-config";
|
Group="yate-config";
|
||||||
StateDirectory = "yate";
|
StateDirectory = "yate";
|
||||||
StateDirectoryMode = "0775";
|
StateDirectoryMode = "0775";
|
||||||
|
@ -39,12 +39,13 @@
|
||||||
${pkgs.git}/bin/git init /var/lib/yate
|
${pkgs.git}/bin/git init /var/lib/yate
|
||||||
${pkgs.git}/bin/git -C /var/lib/yate remote add origin forgejo@git.hamburg.ccc.de:echtnurich/yate-config.git
|
${pkgs.git}/bin/git -C /var/lib/yate remote add origin forgejo@git.hamburg.ccc.de:echtnurich/yate-config.git
|
||||||
env GIT_SSH_COMMAND=\"${pkgs.openssh}/bin/ssh -i /run/secrets/git_clone_key\" ${pkgs.git}/bin/git -C /var/lib/yate pull -f --set-upstream
|
env GIT_SSH_COMMAND=\"${pkgs.openssh}/bin/ssh -i /run/secrets/git_clone_key\" ${pkgs.git}/bin/git -C /var/lib/yate pull -f --set-upstream
|
||||||
|
${pkgs.git}/bin/git -C /var/lib/yate checkout --track -f origin/master
|
||||||
echo \"New repo set up.\"
|
echo \"New repo set up.\"
|
||||||
fi
|
fi
|
||||||
test ${pkgs.openssh}/bin/ssh
|
test ${pkgs.openssh}/bin/ssh
|
||||||
${pkgs.git}/bin/git -C /var/lib/yate config --add safe.directory \"/var/lib/yate\"
|
${pkgs.git}/bin/git -C /var/lib/yate config --add safe.directory \"/var/lib/yate\"
|
||||||
env GIT_SSH_COMMAND=\"${pkgs.openssh}/bin/ssh -i /run/secrets/git_clone_key\" ${pkgs.git}/bin/git -C /var/lib/yate fetch --all
|
env GIT_SSH_COMMAND=\"${pkgs.openssh}/bin/ssh -i /run/secrets/git_clone_key\" ${pkgs.git}/bin/git -C /var/lib/yate fetch --all
|
||||||
${pkgs.git}/bin/git -C /var/lib/yate checkout --track -f origin/master";
|
${pkgs.git}/bin/git -C /var/lib/yate checkout -f origin/master";
|
||||||
# ...
|
# ...
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,10 +11,17 @@
|
||||||
# Just disable it for now.
|
# Just disable it for now.
|
||||||
networking.firewall.enable = false;
|
networking.firewall.enable = false;
|
||||||
|
|
||||||
users.groups.yate-config = {};
|
users.users.yate = {
|
||||||
users.groups.yate-config.members = [ "colmema-deploy" "chaos" ];
|
description = "yate service user";
|
||||||
|
group = "yate-config";
|
||||||
|
isNormalUser = true;
|
||||||
|
};
|
||||||
|
|
||||||
environment.etc.yate.user = "root";
|
|
||||||
|
users.groups.yate-config = {};
|
||||||
|
users.groups.yate-config.members = [ "colmema-deploy" "chaos" "root" "yate"];
|
||||||
|
|
||||||
|
environment.etc.yate.user = "yate";
|
||||||
environment.etc.yate.group = "yate-config";
|
environment.etc.yate.group = "yate-config";
|
||||||
environment.etc.yate.mode = "symlink";
|
environment.etc.yate.mode = "symlink";
|
||||||
environment.etc.yate.source = "/var/lib/yate";
|
environment.etc.yate.source = "/var/lib/yate";
|
||||||
|
|
Loading…
Reference in a new issue