summaryrefslogtreecommitdiffstats
path: root/lass
diff options
context:
space:
mode:
Diffstat (limited to 'lass')
-rw-r--r--lass/1systems/helios.nix3
-rw-r--r--lass/2configs/nixpkgs.nix2
-rw-r--r--lass/2configs/websites/domsen.nix24
-rw-r--r--lass/2configs/websites/fritz.nix21
-rw-r--r--lass/3modules/ejabberd/config.nix4
-rw-r--r--lass/3modules/ejabberd/default.nix18
6 files changed, 40 insertions, 32 deletions
diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix
index 10b00de47..51d2afe84 100644
--- a/lass/1systems/helios.nix
+++ b/lass/1systems/helios.nix
@@ -26,6 +26,9 @@ with builtins;
enable = true;
};
}
+ {
+ lass.power-action.battery = "BAT1";
+ }
];
krebs.build.host = config.krebs.hosts.helios;
diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix
index 0021a8615..0f940a369 100644
--- a/lass/2configs/nixpkgs.nix
+++ b/lass/2configs/nixpkgs.nix
@@ -3,6 +3,6 @@
{
krebs.build.source.nixpkgs = {
url = https://github.com/lassulus/nixpkgs;
- rev = "c78f9ad2f91019648bdcf5a911f86ea3a397d290";
+ rev = "446d4c1fc10f53cf97abea1996d067ad93de2ded";
};
}
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index 3c33c0702..8a2161e45 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -113,18 +113,18 @@ in {
createHome = true;
};
- services.phpfpm.phpOptions = ''
- extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
- sendmail_path = ${sendmail} -t
- '';
- #services.phpfpm.phpIni = pkgs.runCommand "php.ini" {
- # options = ''
- # extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
- # sendmail_path = "${sendmail} -t -i"
- # '';
- #} ''
- # cat ${pkgs.php}/etc/php-recommended.ini > $out
- # echo "$options" >> $out
+ #services.phpfpm.phpOptions = ''
+ # extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
+ # sendmail_path = ${sendmail} -t
#'';
+ services.phpfpm.phpIni = pkgs.runCommand "php.ini" {
+ options = ''
+ extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
+ sendmail_path = "${sendmail} -t -i"
+ '';
+ } ''
+ cat ${pkgs.php}/etc/php-recommended.ini > $out
+ echo "$options" >> $out
+ '';
}
diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix
index 0107da739..39f0cce06 100644
--- a/lass/2configs/websites/fritz.nix
+++ b/lass/2configs/websites/fritz.nix
@@ -74,18 +74,13 @@ in {
config.krebs.users.fritz.pubkey
];
- services.phpfpm.phpOptions = ''
- extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
- sendmail_path = ${sendmail} -t
+ services.phpfpm.phpIni = pkgs.runCommand "php.ini" {
+ options = ''
+ extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
+ sendmail_path = "${sendmail} -t -i"
+ '';
+ } ''
+ cat ${pkgs.php}/etc/php-recommended.ini > $out
+ echo "$options" >> $out
'';
-
- #services.phpfpm.phpIni = pkgs.runCommand "php.ini" {
- # options = ''
- # extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so
- # sendmail_path = "${sendmail} -t -i"
- # '';
- #} ''
- # cat ${pkgs.php}/etc/php-recommended.ini > $out
- # echo "$options" >> $out
- #'';
}
diff --git a/lass/3modules/ejabberd/config.nix b/lass/3modules/ejabberd/config.nix
index 9a4882644..83ca5dc2a 100644
--- a/lass/3modules/ejabberd/config.nix
+++ b/lass/3modules/ejabberd/config.nix
@@ -10,7 +10,7 @@ in toFile "ejabberd.conf" ''
[
{5222, ejabberd_c2s, [
starttls,
- {certfile, ${toErlang cfg.certfile}},
+ {certfile, ${toErlang cfg.certfile.path}},
{access, c2s},
{shaper, c2s_shaper},
{max_stanza_size, 65536}
@@ -27,7 +27,7 @@ in toFile "ejabberd.conf" ''
]}
]}.
{s2s_use_starttls, required}.
- {s2s_certfile, ${toErlang cfg.s2s_certfile}}.
+ {s2s_certfile, ${toErlang cfg.s2s_certfile.path}}.
{auth_method, internal}.
{shaper, normal, {maxrate, 1000}}.
{shaper, fast, {maxrate, 50000}}.
diff --git a/lass/3modules/ejabberd/default.nix b/lass/3modules/ejabberd/default.nix
index c68f32ef0..18c7cd656 100644
--- a/lass/3modules/ejabberd/default.nix
+++ b/lass/3modules/ejabberd/default.nix
@@ -4,7 +4,12 @@ in {
options.lass.ejabberd = {
enable = mkEnableOption "lass.ejabberd";
certfile = mkOption {
- type = types.str;
+ type = types.secret-file;
+ default = {
+ path = "${cfg.user.home}/ejabberd.pem";
+ owner = cfg.user;
+ source-path = "/var/lib/acme/lassul.us/full.pem";
+ };
};
hosts = mkOption {
type = with types; listOf str;
@@ -17,12 +22,11 @@ in {
export EJABBERD_CONFIG_PATH=${shell.escape (import ./config.nix args)}
exec ${pkgs.ejabberd}/bin/ejabberdctl \
--logs ${shell.escape cfg.user.home} \
- --spool ${shell.escape cfg.user.home} \
"$@"
'';
};
s2s_certfile = mkOption {
- type = types.str;
+ type = types.secret-file;
default = cfg.certfile;
};
user = mkOption {
@@ -36,9 +40,15 @@ in {
config = lib.mkIf cfg.enable {
environment.systemPackages = [ cfg.pkgs.ejabberdctl ];
+ krebs.secret.files = {
+ ejabberd-certfile = cfg.certfile;
+ ejabberd-s2s_certfile = cfg.s2s_certfile;
+ };
+
systemd.services.ejabberd = {
wantedBy = [ "multi-user.target" ];
- after = [ "network.target" ];
+ requires = [ "secret.service" ];
+ after = [ "network.target" "secret.service" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = "yes";