ops/nixos: misc cleanups
This commit is contained in:
parent
daccfa5717
commit
0c458988de
4 changed files with 11 additions and 41 deletions
|
@ -56,7 +56,11 @@ in {
|
|||
muc = [{
|
||||
domain = "muc.xmpp.lukegb.com";
|
||||
}];
|
||||
uploadHttp.domain = "upload.xmpp.lukegb.com";
|
||||
uploadHttp = {
|
||||
domain = "upload.xmpp.lukegb.com";
|
||||
};
|
||||
ssl.cert = "/var/lib/acme/xmpp.lukegb.com/fullchain.pem";
|
||||
ssl.key = "/var/lib/acme/xmpp.lukegb.com/privkey.pem";
|
||||
|
||||
extraConfig = ''
|
||||
archive_expires_after = "never" -- keep messages forever
|
||||
|
|
|
@ -356,10 +356,12 @@ in {
|
|||
extraNames = [
|
||||
"lukegb.com"
|
||||
"*.lukegb.com"
|
||||
"*.int.lukegb.com"
|
||||
"objdump.zxcvbnm.ninja"
|
||||
];
|
||||
reloadOrRestartUnits = [ "pomerium.service" ];
|
||||
};
|
||||
users.groups.acme = {};
|
||||
|
||||
system.stateVersion = "20.09";
|
||||
}
|
||||
|
|
|
@ -10,6 +10,9 @@ let
|
|||
format = pkgs.formats.json {};
|
||||
|
||||
templatePathDirectories = lib.unique (map (t: dirOf t.destination) config.my.vault.settings.template);
|
||||
|
||||
# Remove empty lists at the top level because they make Vault implode.
|
||||
cleanedSettings = lib.filterAttrs (n: v: !((builtins.typeOf v) == "list" && (builtins.length v) == 0)) config.my.vault.settings;
|
||||
in
|
||||
{
|
||||
options.my.vault = {
|
||||
|
@ -77,7 +80,7 @@ in
|
|||
|
||||
ReadWritePaths = templatePathDirectories;
|
||||
|
||||
ExecStart = "${pkgs.vault}/bin/vault agent -config=${format.generate "vault-agent.json" config.my.vault.settings}";
|
||||
ExecStart = "${pkgs.vault}/bin/vault agent -config=${format.generate "vault-agent.json" cleanedSettings}";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -456,45 +456,6 @@ in {
|
|||
'';
|
||||
};
|
||||
|
||||
services.ddclient = {
|
||||
enable = false;
|
||||
protocol = "cloudflare";
|
||||
domains = ["home.lukegb.com"];
|
||||
zone = "lukegb.com";
|
||||
passwordFile = pkgs.writeText "cloudflare-token" secrets.cloudflareCredentials.token;
|
||||
use = "if";
|
||||
extraConfig = ''
|
||||
if=en-virginmedia
|
||||
daemon=0
|
||||
'';
|
||||
};
|
||||
systemd.services.ddclient.serviceConfig.ExecStart = let
|
||||
ddclient = pkgs.perlPackages.buildPerlPackage rec {
|
||||
pname = "ddclient";
|
||||
version = "3.9.1";
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "ddclient";
|
||||
repo = "ddclient";
|
||||
rev = "11a583b003920f8e15591813598b70061d1a4654";
|
||||
sha256 = "sha256:1xz09vkii3mc2jmfwx9is07i06iiryv51571vdnl4m5mdnvsmlwb";
|
||||
};
|
||||
outputs = [ "out" ];
|
||||
doCheck = false;
|
||||
buildInputs = with pkgs.perlPackages; [ IOSocketSSL DigestSHA1 DataValidateIP JSONPP ];
|
||||
nativeBuildInputs = with pkgs; [ autoreconfHook makeWrapper ];
|
||||
preConfigure = ''
|
||||
touch Makefile.PL
|
||||
'';
|
||||
postInstall = ''
|
||||
patchShebangs $out/bin/ddclient
|
||||
wrapProgram $out/bin/ddclient \
|
||||
--suffix PATH : ${lib.makeBinPath (with pkgs; [ pkgs.iproute ])} \
|
||||
--prefix PERL5LIB : $PERL5LIB
|
||||
'';
|
||||
};
|
||||
RuntimeDirectory = "ddclient";
|
||||
in lib.mkForce "${lib.getBin ddclient}/bin/ddclient -file /run/${RuntimeDirectory}/ddclient.conf";
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
ethtool
|
||||
];
|
||||
|
|
Loading…
Reference in a new issue