yate: clean up and nicely format nix configuration
This commit is contained in:
parent
4467c2172d
commit
50e5e78968
4 changed files with 55 additions and 64 deletions
config/hosts/yate
|
@ -1,4 +1,4 @@
|
|||
{ config, pkgs, ... }:
|
||||
{ ... }:
|
||||
|
||||
{
|
||||
networking = {
|
||||
|
@ -6,7 +6,5 @@
|
|||
domain = "z9.ccchh.net";
|
||||
};
|
||||
|
||||
# users.users.chaos.password = "yes";
|
||||
|
||||
system.stateVersion = "23.11";
|
||||
}
|
||||
|
|
|
@ -1,11 +1,10 @@
|
|||
{ config, pkgs, ... }:
|
||||
{ ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
./configuration.nix
|
||||
./networking.nix
|
||||
./yate.nix
|
||||
./service.nix
|
||||
./sops.nix
|
||||
];
|
||||
}
|
||||
|
|
|
@ -1,48 +0,0 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
# systemd.managerEnvironment = {
|
||||
# SYSTEMD_LOG_LEVEL = "debug";
|
||||
# };
|
||||
|
||||
|
||||
|
||||
sops.secrets."git_clone_key" = {
|
||||
mode = "0600";
|
||||
owner = "yate";
|
||||
group = "yate-config";
|
||||
restartUnits = [ "yate.service" ];
|
||||
};
|
||||
|
||||
systemd.services.yate = {
|
||||
enable = true;
|
||||
description = "Yate telehony engine";
|
||||
unitConfig = {
|
||||
After= "network-online.target";
|
||||
};
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.yate}/bin/yate -c /etc/yate -e /etc/yate/share";
|
||||
Type="simple";
|
||||
Restart="always";
|
||||
User="yate";
|
||||
Group="yate-config";
|
||||
StateDirectory = "yate";
|
||||
StateDirectoryMode = "0775";
|
||||
# ...
|
||||
};
|
||||
wantedBy = [ "default.target" ];
|
||||
requires = [ "network-online.target" ];
|
||||
preStart = "echo \"\n\" >> /run/secrets/git_clone_key
|
||||
sleep 5
|
||||
SSH_SUCCESS=1
|
||||
${pkgs.openssh}/bin/ssh -q -i /run/secrets/git_clone_key forgejo@git.hamburg.ccc.de 2> /var/lib/yate/SSH_CHECK_LOG || SSH_SUCCESS=0
|
||||
if [ $SSH_SUCCESS = 1 ]; then
|
||||
rm -rf /var/lib/yate/*
|
||||
rm -rf /var/lib/yate/.*
|
||||
env GIT_SSH_COMMAND=\"${pkgs.openssh}/bin/ssh -i /run/secrets/git_clone_key\" ${pkgs.git}/bin/git clone forgejo@git.hamburg.ccc.de:CCCHH/yate-config.git /var/lib/yate
|
||||
${pkgs.git}/bin/git -C /var/lib/yate config --add safe.directory \"/var/lib/yate\"
|
||||
fi";
|
||||
|
||||
# ...
|
||||
};
|
||||
}
|
|
@ -1,4 +1,4 @@
|
|||
{ config, pkgs, ... }:
|
||||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
environment.systemPackages = [
|
||||
|
@ -11,18 +11,60 @@
|
|||
# Just disable it for now.
|
||||
networking.firewall.enable = false;
|
||||
|
||||
users.users.yate = {
|
||||
description = "yate service user";
|
||||
group = "yate-config";
|
||||
isNormalUser = true;
|
||||
users = {
|
||||
users.yate = {
|
||||
description = "yate service user";
|
||||
group = "yate-config";
|
||||
isNormalUser = true;
|
||||
};
|
||||
|
||||
groups.yate-config = {
|
||||
members = [ "colmema-deploy" "chaos" "root" "yate"];
|
||||
};
|
||||
};
|
||||
|
||||
environment.etc.yate = {
|
||||
user = "yate";
|
||||
group = "yate-config";
|
||||
mode = "symlink";
|
||||
source = "/var/lib/yate";
|
||||
};
|
||||
|
||||
users.groups.yate-config = {};
|
||||
users.groups.yate-config.members = [ "colmema-deploy" "chaos" "root" "yate"];
|
||||
sops.secrets."git_clone_key" = {
|
||||
mode = "0600";
|
||||
owner = "yate";
|
||||
group = "yate-config";
|
||||
restartUnits = [ "yate.service" ];
|
||||
};
|
||||
|
||||
environment.etc.yate.user = "yate";
|
||||
environment.etc.yate.group = "yate-config";
|
||||
environment.etc.yate.mode = "symlink";
|
||||
environment.etc.yate.source = "/var/lib/yate";
|
||||
systemd.services.yate = {
|
||||
enable = true;
|
||||
description = "Yate telehony engine";
|
||||
unitConfig = {
|
||||
After= "network-online.target";
|
||||
};
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.yate}/bin/yate -c /etc/yate -e /etc/yate/share";
|
||||
Type="simple";
|
||||
Restart="always";
|
||||
User="yate";
|
||||
Group="yate-config";
|
||||
StateDirectory = "yate";
|
||||
StateDirectoryMode = "0775";
|
||||
};
|
||||
wantedBy = [ "default.target" ];
|
||||
requires = [ "network-online.target" ];
|
||||
preStart = ''
|
||||
echo \"\n\" >> /run/secrets/git_clone_key
|
||||
sleep 5
|
||||
SSH_SUCCESS=1
|
||||
${pkgs.openssh}/bin/ssh -q -i /run/secrets/git_clone_key forgejo@git.hamburg.ccc.de 2> /var/lib/yate/SSH_CHECK_LOG || SSH_SUCCESS=0
|
||||
if [ $SSH_SUCCESS = 1 ]; then
|
||||
rm -rf /var/lib/yate/*
|
||||
rm -rf /var/lib/yate/.*
|
||||
env GIT_SSH_COMMAND=\"${pkgs.openssh}/bin/ssh -i /run/secrets/git_clone_key\" ${pkgs.git}/bin/git clone forgejo@git.hamburg.ccc.de:CCCHH/yate-config.git /var/lib/yate
|
||||
${pkgs.git}/bin/git -C /var/lib/yate config --add safe.directory \"/var/lib/yate\"
|
||||
fi
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Add table
Reference in a new issue