diff options
Diffstat (limited to 'lass')
-rw-r--r-- | lass/1systems/helios.nix | 3 | ||||
-rw-r--r-- | lass/2configs/nixpkgs.nix | 2 | ||||
-rw-r--r-- | lass/2configs/websites/domsen.nix | 24 | ||||
-rw-r--r-- | lass/2configs/websites/fritz.nix | 21 | ||||
-rw-r--r-- | lass/3modules/ejabberd/config.nix | 4 | ||||
-rw-r--r-- | lass/3modules/ejabberd/default.nix | 18 |
6 files changed, 40 insertions, 32 deletions
diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix index 10b00de47..51d2afe84 100644 --- a/lass/1systems/helios.nix +++ b/lass/1systems/helios.nix @@ -26,6 +26,9 @@ with builtins; enable = true; }; } + { + lass.power-action.battery = "BAT1"; + } ]; krebs.build.host = config.krebs.hosts.helios; diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 0021a8615..0f940a369 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs = { url = https://github.com/lassulus/nixpkgs; - rev = "c78f9ad2f91019648bdcf5a911f86ea3a397d290"; + rev = "446d4c1fc10f53cf97abea1996d067ad93de2ded"; }; } diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 3c33c0702..8a2161e45 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -113,18 +113,18 @@ in { createHome = true; }; - services.phpfpm.phpOptions = '' - extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so - sendmail_path = ${sendmail} -t - ''; - #services.phpfpm.phpIni = pkgs.runCommand "php.ini" { - # options = '' - # extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so - # sendmail_path = "${sendmail} -t -i" - # ''; - #} '' - # cat ${pkgs.php}/etc/php-recommended.ini > $out - # echo "$options" >> $out + #services.phpfpm.phpOptions = '' + # extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so + # sendmail_path = ${sendmail} -t #''; + services.phpfpm.phpIni = pkgs.runCommand "php.ini" { + options = '' + extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so + sendmail_path = "${sendmail} -t -i" + ''; + } '' + cat ${pkgs.php}/etc/php-recommended.ini > $out + echo "$options" >> $out + ''; } diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix index 0107da739..39f0cce06 100644 --- a/lass/2configs/websites/fritz.nix +++ b/lass/2configs/websites/fritz.nix @@ -74,18 +74,13 @@ in { config.krebs.users.fritz.pubkey ]; - services.phpfpm.phpOptions = '' - extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so - sendmail_path = ${sendmail} -t + services.phpfpm.phpIni = pkgs.runCommand "php.ini" { + options = '' + extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so + sendmail_path = "${sendmail} -t -i" + ''; + } '' + cat ${pkgs.php}/etc/php-recommended.ini > $out + echo "$options" >> $out ''; - - #services.phpfpm.phpIni = pkgs.runCommand "php.ini" { - # options = '' - # extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so - # sendmail_path = "${sendmail} -t -i" - # ''; - #} '' - # cat ${pkgs.php}/etc/php-recommended.ini > $out - # echo "$options" >> $out - #''; } diff --git a/lass/3modules/ejabberd/config.nix b/lass/3modules/ejabberd/config.nix index 9a4882644..83ca5dc2a 100644 --- a/lass/3modules/ejabberd/config.nix +++ b/lass/3modules/ejabberd/config.nix @@ -10,7 +10,7 @@ in toFile "ejabberd.conf" '' [ {5222, ejabberd_c2s, [ starttls, - {certfile, ${toErlang cfg.certfile}}, + {certfile, ${toErlang cfg.certfile.path}}, {access, c2s}, {shaper, c2s_shaper}, {max_stanza_size, 65536} @@ -27,7 +27,7 @@ in toFile "ejabberd.conf" '' ]} ]}. {s2s_use_starttls, required}. - {s2s_certfile, ${toErlang cfg.s2s_certfile}}. + {s2s_certfile, ${toErlang cfg.s2s_certfile.path}}. {auth_method, internal}. {shaper, normal, {maxrate, 1000}}. {shaper, fast, {maxrate, 50000}}. diff --git a/lass/3modules/ejabberd/default.nix b/lass/3modules/ejabberd/default.nix index c68f32ef0..18c7cd656 100644 --- a/lass/3modules/ejabberd/default.nix +++ b/lass/3modules/ejabberd/default.nix @@ -4,7 +4,12 @@ in { options.lass.ejabberd = { enable = mkEnableOption "lass.ejabberd"; certfile = mkOption { - type = types.str; + type = types.secret-file; + default = { + path = "${cfg.user.home}/ejabberd.pem"; + owner = cfg.user; + source-path = "/var/lib/acme/lassul.us/full.pem"; + }; }; hosts = mkOption { type = with types; listOf str; @@ -17,12 +22,11 @@ in { export EJABBERD_CONFIG_PATH=${shell.escape (import ./config.nix args)} exec ${pkgs.ejabberd}/bin/ejabberdctl \ --logs ${shell.escape cfg.user.home} \ - --spool ${shell.escape cfg.user.home} \ "$@" ''; }; s2s_certfile = mkOption { - type = types.str; + type = types.secret-file; default = cfg.certfile; }; user = mkOption { @@ -36,9 +40,15 @@ in { config = lib.mkIf cfg.enable { environment.systemPackages = [ cfg.pkgs.ejabberdctl ]; + krebs.secret.files = { + ejabberd-certfile = cfg.certfile; + ejabberd-s2s_certfile = cfg.s2s_certfile; + }; + systemd.services.ejabberd = { wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; + requires = [ "secret.service" ]; + after = [ "network.target" "secret.service" ]; serviceConfig = { Type = "oneshot"; RemainAfterExit = "yes"; |