forked from CCCHH/nix-infra
echtnurich
f6b424fa7a
introduce /etc/yate, clone/reset on service start Fix config via git make yate systemd service create yate service user recreate the full config everytime decolour the log because of blob data make sure source is available before deleting config change yate-config repo fix yate deploy key fix yate-config not pulling
49 lines
1.4 KiB
Nix
49 lines
1.4 KiB
Nix
{ config, pkgs, ... }:
|
|
|
|
{
|
|
# systemd.managerEnvironment = {
|
|
# SYSTEMD_LOG_LEVEL = "debug";
|
|
# };
|
|
|
|
|
|
|
|
sops.secrets."git_clone_key" = {
|
|
mode = "0600";
|
|
owner = "yate";
|
|
group = "yate-config";
|
|
restartUnits = [ "yate.service" ];
|
|
};
|
|
|
|
systemd.services.yate = {
|
|
enable = true;
|
|
description = "Yate telehony engine";
|
|
unitConfig = {
|
|
After= "network-online.target";
|
|
};
|
|
serviceConfig = {
|
|
ExecStart = "${pkgs.yate}/bin/yate -c /etc/yate -e /etc/yate/share";
|
|
Type="simple";
|
|
Restart="always";
|
|
User="yate";
|
|
Group="yate-config";
|
|
StateDirectory = "yate";
|
|
StateDirectoryMode = "0775";
|
|
# ...
|
|
};
|
|
wantedBy = [ "default.target" ];
|
|
requires = [ "network-online.target" ];
|
|
preStart = "echo \"\n\" >> /run/secrets/git_clone_key
|
|
sleep 5
|
|
SSH_SUCCESS=1
|
|
${pkgs.openssh}/bin/ssh -q -i /run/secrets/git_clone_key forgejo@git.hamburg.ccc.de 2> /var/lib/yate/SSH_CHECK_LOG || SSH_SUCCESS=0
|
|
if [ $SSH_SUCCESS = 1 ]; then
|
|
rm -rf /var/lib/yate/*
|
|
rm -rf /var/lib/yate/.*
|
|
env GIT_SSH_COMMAND=\"${pkgs.openssh}/bin/ssh -i /run/secrets/git_clone_key\" ${pkgs.git}/bin/git clone forgejo@git.hamburg.ccc.de:CCCHH/yate-config.git /var/lib/yate
|
|
${pkgs.git}/bin/git -C /var/lib/yate config --add safe.directory \"/var/lib/yate\"
|
|
fi";
|
|
|
|
# ...
|
|
};
|
|
}
|