{ pkgs, ... }:
{
environment.systemPackages = [
pkgs.yate
pkgs.git
pkgs.tcpdump
pkgs.tmux
];
# Just disable it for now.
networking.firewall.enable = false;
users = {
users.yate = {
description = "yate service user";
group = "yate-config";
isNormalUser = true;
};
groups.yate-config = {
members = [ "colmema-deploy" "chaos" "root" "yate"];
};
};
environment.etc.yate = {
user = "yate";
group = "yate-config";
mode = "symlink";
source = "/var/lib/yate";
};
sops.secrets."git_clone_key" = {
mode = "0600";
owner = "yate";
group = "yate-config";
restartUnits = [ "yate.service" ];
};
systemd.services.yate = {
enable = true;
description = "Yate telehony engine";
unitConfig = {
After= "network-online.target";
};
serviceConfig = {
ExecStart = "${pkgs.yate}/bin/yate -c /etc/yate -e /etc/yate/share";
Type="simple";
Restart="always";
User="yate";
Group="yate-config";
StateDirectory = "yate";
StateDirectoryMode = "0775";
};
wantedBy = [ "default.target" ];
requires = [ "network-online.target" ];
preStart = ''
echo \"\n\" >> /run/secrets/git_clone_key
id
sleep 5
SSH_SUCCESS=1
${pkgs.openssh}/bin/ssh -q -i /run/secrets/git_clone_key forgejo@git.hamburg.ccc.de 2> /var/lib/yate/SSH_CHECK_LOG || SSH_SUCCESS=0
if [ $SSH_SUCCESS = 1 ]; then
rm -rf /var/lib/yate/*
rm -rf /var/lib/yate/.*
env GIT_SSH_COMMAND="${pkgs.openssh}/bin/ssh -i /run/secrets/git_clone_key" ${pkgs.git}/bin/git clone forgejo@git.hamburg.ccc.de:CCCHH/yate-config.git /var/lib/yate
${pkgs.git}/bin/git -C /var/lib/yate config --add safe.directory "/var/lib/yate"
fi
'';
reload= ''
id
${pkgs.git}/bin/git config --global --add safe.directory /var/lib/yate
/usr/bin/env GIT_SSH_COMMAND="${pkgs.openssh}/bin/ssh -i /run/secrets/git_clone_key" ${pkgs.git}/bin/git -C /var/lib/yate fetch --all
/usr/bin/env GIT_SSH_COMMAND="${pkgs.openssh}/bin/ssh -i /run/secrets/git_clone_key" ${pkgs.git}/bin/git -C /var/lib/yate reset --hard origin/master
'';
};
}