ops/nixos: misc cleanups
This commit is contained in:
parent
daccfa5717
commit
0c458988de
4 changed files with 11 additions and 41 deletions
|
@ -56,7 +56,11 @@ in {
|
||||||
muc = [{
|
muc = [{
|
||||||
domain = "muc.xmpp.lukegb.com";
|
domain = "muc.xmpp.lukegb.com";
|
||||||
}];
|
}];
|
||||||
uploadHttp.domain = "upload.xmpp.lukegb.com";
|
uploadHttp = {
|
||||||
|
domain = "upload.xmpp.lukegb.com";
|
||||||
|
};
|
||||||
|
ssl.cert = "/var/lib/acme/xmpp.lukegb.com/fullchain.pem";
|
||||||
|
ssl.key = "/var/lib/acme/xmpp.lukegb.com/privkey.pem";
|
||||||
|
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
archive_expires_after = "never" -- keep messages forever
|
archive_expires_after = "never" -- keep messages forever
|
||||||
|
|
|
@ -356,10 +356,12 @@ in {
|
||||||
extraNames = [
|
extraNames = [
|
||||||
"lukegb.com"
|
"lukegb.com"
|
||||||
"*.lukegb.com"
|
"*.lukegb.com"
|
||||||
|
"*.int.lukegb.com"
|
||||||
"objdump.zxcvbnm.ninja"
|
"objdump.zxcvbnm.ninja"
|
||||||
];
|
];
|
||||||
reloadOrRestartUnits = [ "pomerium.service" ];
|
reloadOrRestartUnits = [ "pomerium.service" ];
|
||||||
};
|
};
|
||||||
|
users.groups.acme = {};
|
||||||
|
|
||||||
system.stateVersion = "20.09";
|
system.stateVersion = "20.09";
|
||||||
}
|
}
|
||||||
|
|
|
@ -10,6 +10,9 @@ let
|
||||||
format = pkgs.formats.json {};
|
format = pkgs.formats.json {};
|
||||||
|
|
||||||
templatePathDirectories = lib.unique (map (t: dirOf t.destination) config.my.vault.settings.template);
|
templatePathDirectories = lib.unique (map (t: dirOf t.destination) config.my.vault.settings.template);
|
||||||
|
|
||||||
|
# Remove empty lists at the top level because they make Vault implode.
|
||||||
|
cleanedSettings = lib.filterAttrs (n: v: !((builtins.typeOf v) == "list" && (builtins.length v) == 0)) config.my.vault.settings;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options.my.vault = {
|
options.my.vault = {
|
||||||
|
@ -77,7 +80,7 @@ in
|
||||||
|
|
||||||
ReadWritePaths = templatePathDirectories;
|
ReadWritePaths = templatePathDirectories;
|
||||||
|
|
||||||
ExecStart = "${pkgs.vault}/bin/vault agent -config=${format.generate "vault-agent.json" config.my.vault.settings}";
|
ExecStart = "${pkgs.vault}/bin/vault agent -config=${format.generate "vault-agent.json" cleanedSettings}";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -456,45 +456,6 @@ in {
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
services.ddclient = {
|
|
||||||
enable = false;
|
|
||||||
protocol = "cloudflare";
|
|
||||||
domains = ["home.lukegb.com"];
|
|
||||||
zone = "lukegb.com";
|
|
||||||
passwordFile = pkgs.writeText "cloudflare-token" secrets.cloudflareCredentials.token;
|
|
||||||
use = "if";
|
|
||||||
extraConfig = ''
|
|
||||||
if=en-virginmedia
|
|
||||||
daemon=0
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
systemd.services.ddclient.serviceConfig.ExecStart = let
|
|
||||||
ddclient = pkgs.perlPackages.buildPerlPackage rec {
|
|
||||||
pname = "ddclient";
|
|
||||||
version = "3.9.1";
|
|
||||||
src = pkgs.fetchFromGitHub {
|
|
||||||
owner = "ddclient";
|
|
||||||
repo = "ddclient";
|
|
||||||
rev = "11a583b003920f8e15591813598b70061d1a4654";
|
|
||||||
sha256 = "sha256:1xz09vkii3mc2jmfwx9is07i06iiryv51571vdnl4m5mdnvsmlwb";
|
|
||||||
};
|
|
||||||
outputs = [ "out" ];
|
|
||||||
doCheck = false;
|
|
||||||
buildInputs = with pkgs.perlPackages; [ IOSocketSSL DigestSHA1 DataValidateIP JSONPP ];
|
|
||||||
nativeBuildInputs = with pkgs; [ autoreconfHook makeWrapper ];
|
|
||||||
preConfigure = ''
|
|
||||||
touch Makefile.PL
|
|
||||||
'';
|
|
||||||
postInstall = ''
|
|
||||||
patchShebangs $out/bin/ddclient
|
|
||||||
wrapProgram $out/bin/ddclient \
|
|
||||||
--suffix PATH : ${lib.makeBinPath (with pkgs; [ pkgs.iproute ])} \
|
|
||||||
--prefix PERL5LIB : $PERL5LIB
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
RuntimeDirectory = "ddclient";
|
|
||||||
in lib.mkForce "${lib.getBin ddclient}/bin/ddclient -file /run/${RuntimeDirectory}/ddclient.conf";
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
ethtool
|
ethtool
|
||||||
];
|
];
|
||||||
|
|
Loading…
Reference in a new issue