summaryrefslogtreecommitdiffstats
path: root/makefu/2configs/deployment/google-muell.nix
diff options
context:
space:
mode:
authorlassulus <lass@blue.r>2018-09-18 15:47:03 +0200
committerlassulus <lass@blue.r>2018-09-18 15:47:03 +0200
commit245994cc7ace5a323c476ccc50fd4026b9353dc4 (patch)
treecf4a3d85c768bd1ca18913d17c67e07bcab95db7 /makefu/2configs/deployment/google-muell.nix
parent1466d3e86abc4d85af6efe5a964df788cf0e36cc (diff)
parent8a756c7333e0e7c4a0433d68775f8d7c1a53b8b0 (diff)
Merge remote-tracking branch 'gum/master'
Diffstat (limited to 'makefu/2configs/deployment/google-muell.nix')
-rw-r--r--makefu/2configs/deployment/google-muell.nix11
1 files changed, 7 insertions, 4 deletions
diff --git a/makefu/2configs/deployment/google-muell.nix b/makefu/2configs/deployment/google-muell.nix
index f23789ee5..235cc1546 100644
--- a/makefu/2configs/deployment/google-muell.nix
+++ b/makefu/2configs/deployment/google-muell.nix
@@ -5,7 +5,10 @@ let
home = "/var/lib/ampel";
sec = "${toString <secrets>}/google-muell.json";
ampelsec = "${home}/google-muell.json";
- esp = "192.168.1.23";
+ cred = "${toString <secrets>}/google-muell-creds.json";
+ # TODO: generate this credential file locally
+ ampelcred = "${home}/google-muell-creds.json";
+ esp = "192.168.8.204";
sleepval = "1800";
in {
users.users.ampel = {
@@ -21,10 +24,10 @@ in {
serviceConfig = {
User = "ampel";
ExecStartPre = pkgs.writeDash "copy-ampel-secrets" ''
- cp ${sec} ${ampelsec}
- chown ampel ${ampelsec}
+ install -m600 -o ampel ${sec} ${ampelsec}
+ install -m600 -o ampel ${cred} ${ampelcred}
'';
- ExecStart = "${pkg}/bin/google-muell --esp=${esp} --client-secrets=${ampelsec} --credential-path=${home}/google-muell-creds.json --sleepval=${sleepval}";
+ ExecStart = "${pkg}/bin/google-muell --esp=${esp} --client-secrets=${ampelsec} --credential-path=${ampelcred} --sleepval=${sleepval}";
PermissionsStartOnly = true;
Restart = "always";
RestartSec = 10;