ops/nixos: misc cleanups

This commit is contained in:
Luke Granger-Brown 2022-03-11 03:27:58 +00:00
parent daccfa5717
commit 0c458988de
4 changed files with 11 additions and 41 deletions

View file

@ -56,7 +56,11 @@ in {
muc = [{ muc = [{
domain = "muc.xmpp.lukegb.com"; domain = "muc.xmpp.lukegb.com";
}]; }];
uploadHttp.domain = "upload.xmpp.lukegb.com"; uploadHttp = {
domain = "upload.xmpp.lukegb.com";
};
ssl.cert = "/var/lib/acme/xmpp.lukegb.com/fullchain.pem";
ssl.key = "/var/lib/acme/xmpp.lukegb.com/privkey.pem";
extraConfig = '' extraConfig = ''
archive_expires_after = "never" -- keep messages forever archive_expires_after = "never" -- keep messages forever

View file

@ -356,10 +356,12 @@ in {
extraNames = [ extraNames = [
"lukegb.com" "lukegb.com"
"*.lukegb.com" "*.lukegb.com"
"*.int.lukegb.com"
"objdump.zxcvbnm.ninja" "objdump.zxcvbnm.ninja"
]; ];
reloadOrRestartUnits = [ "pomerium.service" ]; reloadOrRestartUnits = [ "pomerium.service" ];
}; };
users.groups.acme = {};
system.stateVersion = "20.09"; system.stateVersion = "20.09";
} }

View file

@ -10,6 +10,9 @@ let
format = pkgs.formats.json {}; format = pkgs.formats.json {};
templatePathDirectories = lib.unique (map (t: dirOf t.destination) config.my.vault.settings.template); templatePathDirectories = lib.unique (map (t: dirOf t.destination) config.my.vault.settings.template);
# Remove empty lists at the top level because they make Vault implode.
cleanedSettings = lib.filterAttrs (n: v: !((builtins.typeOf v) == "list" && (builtins.length v) == 0)) config.my.vault.settings;
in in
{ {
options.my.vault = { options.my.vault = {
@ -77,7 +80,7 @@ in
ReadWritePaths = templatePathDirectories; ReadWritePaths = templatePathDirectories;
ExecStart = "${pkgs.vault}/bin/vault agent -config=${format.generate "vault-agent.json" config.my.vault.settings}"; ExecStart = "${pkgs.vault}/bin/vault agent -config=${format.generate "vault-agent.json" cleanedSettings}";
}; };
}; };

View file

@ -456,45 +456,6 @@ in {
''; '';
}; };
services.ddclient = {
enable = false;
protocol = "cloudflare";
domains = ["home.lukegb.com"];
zone = "lukegb.com";
passwordFile = pkgs.writeText "cloudflare-token" secrets.cloudflareCredentials.token;
use = "if";
extraConfig = ''
if=en-virginmedia
daemon=0
'';
};
systemd.services.ddclient.serviceConfig.ExecStart = let
ddclient = pkgs.perlPackages.buildPerlPackage rec {
pname = "ddclient";
version = "3.9.1";
src = pkgs.fetchFromGitHub {
owner = "ddclient";
repo = "ddclient";
rev = "11a583b003920f8e15591813598b70061d1a4654";
sha256 = "sha256:1xz09vkii3mc2jmfwx9is07i06iiryv51571vdnl4m5mdnvsmlwb";
};
outputs = [ "out" ];
doCheck = false;
buildInputs = with pkgs.perlPackages; [ IOSocketSSL DigestSHA1 DataValidateIP JSONPP ];
nativeBuildInputs = with pkgs; [ autoreconfHook makeWrapper ];
preConfigure = ''
touch Makefile.PL
'';
postInstall = ''
patchShebangs $out/bin/ddclient
wrapProgram $out/bin/ddclient \
--suffix PATH : ${lib.makeBinPath (with pkgs; [ pkgs.iproute ])} \
--prefix PERL5LIB : $PERL5LIB
'';
};
RuntimeDirectory = "ddclient";
in lib.mkForce "${lib.getBin ddclient}/bin/ddclient -file /run/${RuntimeDirectory}/ddclient.conf";
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
ethtool ethtool
]; ];