CCCHH/nix-infra
CCCHH/nix-infra
2
3
Fork 2
Code Issues1 Pull requests1 Wiki Activity

yate: clean up and nicely format nix configuration

Browse source
This commit is contained in:
June 2025-01-19 19:05:15 +01:00
parent 4467c2172d
commit 50e5e78968
Signed by: june
SSH key fingerprint: SHA256:o9EAq4Y9N9K0pBQeBTqhSDrND5E7oB+60ZNx0U1yPe0
4 changed files with 55 additions and 64 deletions

4
config/hosts/yate/configuration.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, ... }:
{ ... }:
{
networking = {
@ -6,7 +6,5 @@
domain = "z9.ccchh.net";
};
# users.users.chaos.password = "yes";
system.stateVersion = "23.11";
}

3
config/hosts/yate/default.nix
View file

@ -1,11 +1,10 @@
{ config, pkgs, ... }:
{ ... }:
{
imports = [
./configuration.nix
./networking.nix
./yate.nix
./service.nix
./sops.nix
];
}

48
config/hosts/yate/service.nix
View file

@ -1,48 +0,0 @@
{ config, pkgs, ... }:
{
# systemd.managerEnvironment = {
# SYSTEMD_LOG_LEVEL = "debug";
# };
sops.secrets."git_clone_key" = {
mode = "0600";
owner = "yate";
group = "yate-config";
restartUnits = [ "yate.service" ];
};
systemd.services.yate = {
enable = true;
description = "Yate telehony engine";
unitConfig = {
After= "network-online.target";
};
serviceConfig = {
ExecStart = "${pkgs.yate}/bin/yate -c /etc/yate -e /etc/yate/share";
Type="simple";
Restart="always";
User="yate";
Group="yate-config";
StateDirectory = "yate";
StateDirectoryMode = "0775";
# ...
};
wantedBy = [ "default.target" ];
requires = [ "network-online.target" ];
preStart = "echo \"\n\" >> /run/secrets/git_clone_key
sleep 5
SSH_SUCCESS=1
${pkgs.openssh}/bin/ssh -q -i /run/secrets/git_clone_key forgejo@git.hamburg.ccc.de 2> /var/lib/yate/SSH_CHECK_LOG || SSH_SUCCESS=0
if [ $SSH_SUCCESS = 1 ]; then
rm -rf /var/lib/yate/*
rm -rf /var/lib/yate/.*
env GIT_SSH_COMMAND=\"${pkgs.openssh}/bin/ssh -i /run/secrets/git_clone_key\" ${pkgs.git}/bin/git clone forgejo@git.hamburg.ccc.de:CCCHH/yate-config.git /var/lib/yate
${pkgs.git}/bin/git -C /var/lib/yate config --add safe.directory \"/var/lib/yate\"
fi";
# ...
};
}

64
config/hosts/yate/yate.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, ... }:
{ pkgs, ... }:
{
environment.systemPackages = [
@ -11,18 +11,60 @@
# Just disable it for now.
networking.firewall.enable = false;
users.users.yate = {
description = "yate service user";
group = "yate-config";
isNormalUser = true;
users = {
users.yate = {
description = "yate service user";
group = "yate-config";
isNormalUser = true;
};
groups.yate-config = {
members = [ "colmema-deploy" "chaos" "root" "yate"];
};
};
environment.etc.yate = {
user = "yate";
group = "yate-config";
mode = "symlink";
source = "/var/lib/yate";
};
users.groups.yate-config = {};
users.groups.yate-config.members = [ "colmema-deploy" "chaos" "root" "yate"];
sops.secrets."git_clone_key" = {
mode = "0600";
owner = "yate";
group = "yate-config";
restartUnits = [ "yate.service" ];
};
environment.etc.yate.user = "yate";
environment.etc.yate.group = "yate-config";
environment.etc.yate.mode = "symlink";
environment.etc.yate.source = "/var/lib/yate";
systemd.services.yate = {
enable = true;
description = "Yate telehony engine";
unitConfig = {
After= "network-online.target";
};
serviceConfig = {
ExecStart = "${pkgs.yate}/bin/yate -c /etc/yate -e /etc/yate/share";
Type="simple";
Restart="always";
User="yate";
Group="yate-config";
StateDirectory = "yate";
StateDirectoryMode = "0775";
};
wantedBy = [ "default.target" ];
requires = [ "network-online.target" ];
preStart = ''
echo \"\n\" >> /run/secrets/git_clone_key
sleep 5
SSH_SUCCESS=1
${pkgs.openssh}/bin/ssh -q -i /run/secrets/git_clone_key forgejo@git.hamburg.ccc.de 2> /var/lib/yate/SSH_CHECK_LOG || SSH_SUCCESS=0
if [ $SSH_SUCCESS = 1 ]; then
rm -rf /var/lib/yate/*
rm -rf /var/lib/yate/.*
env GIT_SSH_COMMAND=\"${pkgs.openssh}/bin/ssh -i /run/secrets/git_clone_key\" ${pkgs.git}/bin/git clone forgejo@git.hamburg.ccc.de:CCCHH/yate-config.git /var/lib/yate
${pkgs.git}/bin/git -C /var/lib/yate config --add safe.directory \"/var/lib/yate\"
fi
'';
};
}