From 0c458988de695215a34b8e81692562845b70e947 Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Fri, 11 Mar 2022 03:27:58 +0000 Subject: [PATCH] ops/nixos: misc cleanups --- ops/nixos/bvm-prosody/default.nix | 6 ++++- ops/nixos/etheroute-lon01/default.nix | 2 ++ ops/nixos/lib/vault-agent.nix | 5 +++- ops/nixos/swann/default.nix | 39 --------------------------- 4 files changed, 11 insertions(+), 41 deletions(-) diff --git a/ops/nixos/bvm-prosody/default.nix b/ops/nixos/bvm-prosody/default.nix index aa68a956c3..e9d693fcbf 100644 --- a/ops/nixos/bvm-prosody/default.nix +++ b/ops/nixos/bvm-prosody/default.nix @@ -56,7 +56,11 @@ in { muc = [{ domain = "muc.xmpp.lukegb.com"; }]; - uploadHttp.domain = "upload.xmpp.lukegb.com"; + uploadHttp = { + domain = "upload.xmpp.lukegb.com"; + }; + ssl.cert = "/var/lib/acme/xmpp.lukegb.com/fullchain.pem"; + ssl.key = "/var/lib/acme/xmpp.lukegb.com/privkey.pem"; extraConfig = '' archive_expires_after = "never" -- keep messages forever diff --git a/ops/nixos/etheroute-lon01/default.nix b/ops/nixos/etheroute-lon01/default.nix index b4ab0713b5..cb933da0a6 100644 --- a/ops/nixos/etheroute-lon01/default.nix +++ b/ops/nixos/etheroute-lon01/default.nix @@ -356,10 +356,12 @@ in { extraNames = [ "lukegb.com" "*.lukegb.com" + "*.int.lukegb.com" "objdump.zxcvbnm.ninja" ]; reloadOrRestartUnits = [ "pomerium.service" ]; }; + users.groups.acme = {}; system.stateVersion = "20.09"; } diff --git a/ops/nixos/lib/vault-agent.nix b/ops/nixos/lib/vault-agent.nix index c092b03c85..354ad30c51 100644 --- a/ops/nixos/lib/vault-agent.nix +++ b/ops/nixos/lib/vault-agent.nix @@ -10,6 +10,9 @@ let format = pkgs.formats.json {}; templatePathDirectories = lib.unique (map (t: dirOf t.destination) config.my.vault.settings.template); + + # Remove empty lists at the top level because they make Vault implode. + cleanedSettings = lib.filterAttrs (n: v: !((builtins.typeOf v) == "list" && (builtins.length v) == 0)) config.my.vault.settings; in { options.my.vault = { @@ -77,7 +80,7 @@ in ReadWritePaths = templatePathDirectories; - ExecStart = "${pkgs.vault}/bin/vault agent -config=${format.generate "vault-agent.json" config.my.vault.settings}"; + ExecStart = "${pkgs.vault}/bin/vault agent -config=${format.generate "vault-agent.json" cleanedSettings}"; }; }; diff --git a/ops/nixos/swann/default.nix b/ops/nixos/swann/default.nix index ebbcb53ca9..caf8ed0c0b 100644 --- a/ops/nixos/swann/default.nix +++ b/ops/nixos/swann/default.nix @@ -456,45 +456,6 @@ in { ''; }; - services.ddclient = { - enable = false; - protocol = "cloudflare"; - domains = ["home.lukegb.com"]; - zone = "lukegb.com"; - passwordFile = pkgs.writeText "cloudflare-token" secrets.cloudflareCredentials.token; - use = "if"; - extraConfig = '' - if=en-virginmedia - daemon=0 - ''; - }; - systemd.services.ddclient.serviceConfig.ExecStart = let - ddclient = pkgs.perlPackages.buildPerlPackage rec { - pname = "ddclient"; - version = "3.9.1"; - src = pkgs.fetchFromGitHub { - owner = "ddclient"; - repo = "ddclient"; - rev = "11a583b003920f8e15591813598b70061d1a4654"; - sha256 = "sha256:1xz09vkii3mc2jmfwx9is07i06iiryv51571vdnl4m5mdnvsmlwb"; - }; - outputs = [ "out" ]; - doCheck = false; - buildInputs = with pkgs.perlPackages; [ IOSocketSSL DigestSHA1 DataValidateIP JSONPP ]; - nativeBuildInputs = with pkgs; [ autoreconfHook makeWrapper ]; - preConfigure = '' - touch Makefile.PL - ''; - postInstall = '' - patchShebangs $out/bin/ddclient - wrapProgram $out/bin/ddclient \ - --suffix PATH : ${lib.makeBinPath (with pkgs; [ pkgs.iproute ])} \ - --prefix PERL5LIB : $PERL5LIB - ''; - }; - RuntimeDirectory = "ddclient"; - in lib.mkForce "${lib.getBin ddclient}/bin/ddclient -file /run/${RuntimeDirectory}/ddclient.conf"; - environment.systemPackages = with pkgs; [ ethtool ];