yate: clean up and nicely format nix configuration
This commit is contained in:
parent
4467c2172d
commit
50e5e78968
SSH key fingerprint:
SHA256:o9EAq4Y9N9K0pBQeBTqhSDrND5E7oB+60ZNx0U1yPe0
4 changed files with 55 additions and 64 deletions
config/hosts/yate
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, pkgs, ... }:
|
{ ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
networking = {
|
networking = {
|
||||||
|
|
@ -6,7 +6,5 @@
|
||||||
domain = "z9.ccchh.net";
|
domain = "z9.ccchh.net";
|
||||||
};
|
};
|
||||||
|
|
||||||
# users.users.chaos.password = "yes";
|
|
||||||
|
|
||||||
system.stateVersion = "23.11";
|
system.stateVersion = "23.11";
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,11 +1,10 @@
|
||||||
{ config, pkgs, ... }:
|
{ ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./configuration.nix
|
./configuration.nix
|
||||||
./networking.nix
|
./networking.nix
|
||||||
./yate.nix
|
./yate.nix
|
||||||
./service.nix
|
|
||||||
./sops.nix
|
./sops.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,48 +0,0 @@
|
||||||
{ config, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
# systemd.managerEnvironment = {
|
|
||||||
# SYSTEMD_LOG_LEVEL = "debug";
|
|
||||||
# };
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
sops.secrets."git_clone_key" = {
|
|
||||||
mode = "0600";
|
|
||||||
owner = "yate";
|
|
||||||
group = "yate-config";
|
|
||||||
restartUnits = [ "yate.service" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.services.yate = {
|
|
||||||
enable = true;
|
|
||||||
description = "Yate telehony engine";
|
|
||||||
unitConfig = {
|
|
||||||
After= "network-online.target";
|
|
||||||
};
|
|
||||||
serviceConfig = {
|
|
||||||
ExecStart = "${pkgs.yate}/bin/yate -c /etc/yate -e /etc/yate/share";
|
|
||||||
Type="simple";
|
|
||||||
Restart="always";
|
|
||||||
User="yate";
|
|
||||||
Group="yate-config";
|
|
||||||
StateDirectory = "yate";
|
|
||||||
StateDirectoryMode = "0775";
|
|
||||||
# ...
|
|
||||||
};
|
|
||||||
wantedBy = [ "default.target" ];
|
|
||||||
requires = [ "network-online.target" ];
|
|
||||||
preStart = "echo \"\n\" >> /run/secrets/git_clone_key
|
|
||||||
sleep 5
|
|
||||||
SSH_SUCCESS=1
|
|
||||||
${pkgs.openssh}/bin/ssh -q -i /run/secrets/git_clone_key forgejo@git.hamburg.ccc.de 2> /var/lib/yate/SSH_CHECK_LOG || SSH_SUCCESS=0
|
|
||||||
if [ $SSH_SUCCESS = 1 ]; then
|
|
||||||
rm -rf /var/lib/yate/*
|
|
||||||
rm -rf /var/lib/yate/.*
|
|
||||||
env GIT_SSH_COMMAND=\"${pkgs.openssh}/bin/ssh -i /run/secrets/git_clone_key\" ${pkgs.git}/bin/git clone forgejo@git.hamburg.ccc.de:CCCHH/yate-config.git /var/lib/yate
|
|
||||||
${pkgs.git}/bin/git -C /var/lib/yate config --add safe.directory \"/var/lib/yate\"
|
|
||||||
fi";
|
|
||||||
|
|
||||||
# ...
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, pkgs, ... }:
|
{ pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
environment.systemPackages = [
|
environment.systemPackages = [
|
||||||
|
|
@ -11,18 +11,60 @@
|
||||||
# Just disable it for now.
|
# Just disable it for now.
|
||||||
networking.firewall.enable = false;
|
networking.firewall.enable = false;
|
||||||
|
|
||||||
users.users.yate = {
|
users = {
|
||||||
description = "yate service user";
|
users.yate = {
|
||||||
group = "yate-config";
|
description = "yate service user";
|
||||||
isNormalUser = true;
|
group = "yate-config";
|
||||||
|
isNormalUser = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
groups.yate-config = {
|
||||||
|
members = [ "colmema-deploy" "chaos" "root" "yate"];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
environment.etc.yate = {
|
||||||
|
user = "yate";
|
||||||
|
group = "yate-config";
|
||||||
|
mode = "symlink";
|
||||||
|
source = "/var/lib/yate";
|
||||||
|
};
|
||||||
|
|
||||||
users.groups.yate-config = {};
|
sops.secrets."git_clone_key" = {
|
||||||
users.groups.yate-config.members = [ "colmema-deploy" "chaos" "root" "yate"];
|
mode = "0600";
|
||||||
|
owner = "yate";
|
||||||
|
group = "yate-config";
|
||||||
|
restartUnits = [ "yate.service" ];
|
||||||
|
};
|
||||||
|
|
||||||
environment.etc.yate.user = "yate";
|
systemd.services.yate = {
|
||||||
environment.etc.yate.group = "yate-config";
|
enable = true;
|
||||||
environment.etc.yate.mode = "symlink";
|
description = "Yate telehony engine";
|
||||||
environment.etc.yate.source = "/var/lib/yate";
|
unitConfig = {
|
||||||
|
After= "network-online.target";
|
||||||
|
};
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart = "${pkgs.yate}/bin/yate -c /etc/yate -e /etc/yate/share";
|
||||||
|
Type="simple";
|
||||||
|
Restart="always";
|
||||||
|
User="yate";
|
||||||
|
Group="yate-config";
|
||||||
|
StateDirectory = "yate";
|
||||||
|
StateDirectoryMode = "0775";
|
||||||
|
};
|
||||||
|
wantedBy = [ "default.target" ];
|
||||||
|
requires = [ "network-online.target" ];
|
||||||
|
preStart = ''
|
||||||
|
echo \"\n\" >> /run/secrets/git_clone_key
|
||||||
|
sleep 5
|
||||||
|
SSH_SUCCESS=1
|
||||||
|
${pkgs.openssh}/bin/ssh -q -i /run/secrets/git_clone_key forgejo@git.hamburg.ccc.de 2> /var/lib/yate/SSH_CHECK_LOG || SSH_SUCCESS=0
|
||||||
|
if [ $SSH_SUCCESS = 1 ]; then
|
||||||
|
rm -rf /var/lib/yate/*
|
||||||
|
rm -rf /var/lib/yate/.*
|
||||||
|
env GIT_SSH_COMMAND=\"${pkgs.openssh}/bin/ssh -i /run/secrets/git_clone_key\" ${pkgs.git}/bin/git clone forgejo@git.hamburg.ccc.de:CCCHH/yate-config.git /var/lib/yate
|
||||||
|
${pkgs.git}/bin/git -C /var/lib/yate config --add safe.directory \"/var/lib/yate\"
|
||||||
|
fi
|
||||||
|
'';
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue