mirror of
https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config.git
synced 2024-11-27 05:11:30 +00:00
fix
This commit is contained in:
parent
80dfbf3d5c
commit
a99e80e1fe
|
@ -72,28 +72,36 @@ in
|
|||
EMERGENCY_ACCESS_ALLOWED = cfg.emergencyAccessAllowed;
|
||||
};
|
||||
};
|
||||
systemd.services.bitwarden-secrets = {
|
||||
before = [ "vaultwarden.service" ];
|
||||
requiredBy = [ "vaultwarden.service" ];
|
||||
serviceConfig.Type = "oneshot";
|
||||
path = with pkgs; [ coreutils jq ];
|
||||
script = ''
|
||||
set -o nounset
|
||||
systemd = {
|
||||
services = {
|
||||
vaultwarden.serviceConfig.Slice = "bitwarden.slice";
|
||||
bitwarden-secrets = {
|
||||
before = [ "vaultwarden.service" ];
|
||||
requiredBy = [ "vaultwarden.service" ];
|
||||
serviceConfig.Type = "oneshot";
|
||||
path = with pkgs; [ coreutils jq ];
|
||||
script = ''
|
||||
set -o nounset
|
||||
|
||||
token="$(jq -r '.bitwarden.adminToken' ${secrets-filepath})"
|
||||
if [ "$token" == "null" ]; then
|
||||
# If it's null, empty the contents of the file
|
||||
bitwarden_env=""
|
||||
else
|
||||
bitwarden_env="ADMIN_TOKEN=$token"
|
||||
fi
|
||||
token="$(jq -r '.bitwarden.adminToken' ${secrets-filepath})"
|
||||
if [ "$token" == "null" ]; then
|
||||
# If it's null, empty the contents of the file
|
||||
bitwarden_env=""
|
||||
else
|
||||
bitwarden_env="ADMIN_TOKEN=$token"
|
||||
fi
|
||||
|
||||
install -C -m 0700 -o vaultwarden -g vaultwarden \
|
||||
-d /var/lib/bitwarden
|
||||
install -C -m 0700 -o vaultwarden -g vaultwarden \
|
||||
-d /var/lib/bitwarden
|
||||
|
||||
install -C -m 0600 -o vaultwarden -g vaultwarden -DT \
|
||||
<(printf "%s" "$bitwarden_env") ${bitwarden-env}
|
||||
'';
|
||||
install -C -m 0600 -o vaultwarden -g vaultwarden -DT \
|
||||
<(printf "%s" "$bitwarden_env") ${bitwarden-env}
|
||||
'';
|
||||
};
|
||||
};
|
||||
slices.bitwarden = {
|
||||
description = "Bitwarden service slice";
|
||||
};
|
||||
};
|
||||
services.nginx.virtualHosts."${cfg.subdomain}.${sp.domain}" = {
|
||||
useACMEHost = sp.domain;
|
||||
|
@ -116,12 +124,5 @@ in
|
|||
# NixOS upstream bug? Otherwise, backup-vaultwarden cannot find sqlite DB.
|
||||
systemd.services.backup-vaultwarden.unitConfig.ConditionPathExists =
|
||||
"/var/lib/bitwarden_rs/db.sqlite3";
|
||||
|
||||
systemd = {
|
||||
services.vaultwarden.serviceConfig.Slice = "bitwarden.slice";
|
||||
slices.bitwarden = {
|
||||
description = "Bitwarden service slice";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -34,23 +34,35 @@
|
|||
];
|
||||
};
|
||||
};
|
||||
systemd.services.nextcloud-secrets = {
|
||||
before = [ "nextcloud-setup.service" ];
|
||||
requiredBy = [ "nextcloud-setup.service" ];
|
||||
serviceConfig.Type = "oneshot";
|
||||
path = with pkgs; [ coreutils jq ];
|
||||
script = ''
|
||||
databasePassword=$(jq -re '.modules.nextcloud.databasePassword' ${secrets-filepath})
|
||||
adminPassword=$(jq -re '.modules.nextcloud.adminPassword' ${secrets-filepath})
|
||||
systemd = {
|
||||
services = {
|
||||
phpfpm-nextcloud.serviceConfig.Slice = "nextcloud.slice";
|
||||
nextcloud-setup.serviceConfig.Slice = "nextcloud.slice";
|
||||
nextcloud-cron.serviceConfig.Slice = "nextcloud.slice";
|
||||
nextcloud-update-db.serviceConfig.Slice = "nextcloud.slice";
|
||||
nextcloud-update-plugins.serviceConfig.Slice = "nextcloud.slice";
|
||||
nextcloud-secrets = {
|
||||
before = [ "nextcloud-setup.service" ];
|
||||
requiredBy = [ "nextcloud-setup.service" ];
|
||||
serviceConfig.Type = "oneshot";
|
||||
path = with pkgs; [ coreutils jq ];
|
||||
script = ''
|
||||
databasePassword=$(jq -re '.modules.nextcloud.databasePassword' ${secrets-filepath})
|
||||
adminPassword=$(jq -re '.modules.nextcloud.adminPassword' ${secrets-filepath})
|
||||
|
||||
install -C -m 0440 -o nextcloud -g nextcloud -DT \
|
||||
<(printf "%s\n" "$databasePassword") \
|
||||
${db-pass-filepath}
|
||||
install -C -m 0440 -o nextcloud -g nextcloud -DT \
|
||||
<(printf "%s\n" "$databasePassword") \
|
||||
${db-pass-filepath}
|
||||
|
||||
install -C -m 0440 -o nextcloud -g nextcloud -DT \
|
||||
<(printf "%s\n" "$adminPassword") \
|
||||
${admin-pass-filepath}
|
||||
'';
|
||||
install -C -m 0440 -o nextcloud -g nextcloud -DT \
|
||||
<(printf "%s\n" "$adminPassword") \
|
||||
${admin-pass-filepath}
|
||||
'';
|
||||
};
|
||||
};
|
||||
slices.nextcloud = {
|
||||
description = "Nextcloud service slice";
|
||||
};
|
||||
};
|
||||
services.nextcloud = {
|
||||
enable = true;
|
||||
|
@ -83,13 +95,5 @@
|
|||
useACMEHost = sp.domain;
|
||||
forceSSL = true;
|
||||
};
|
||||
systemd = {
|
||||
services = {
|
||||
phpfpm-nextcloud.serviceConfig.Slice = "nextcloud.slice";
|
||||
};
|
||||
slices.nextcloud = {
|
||||
description = "Nextcloud service slice";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -75,10 +75,12 @@ in
|
|||
proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
|
||||
'';
|
||||
};
|
||||
systemd.services.ocserv.unitConfig.ConditionPathExists = [ cert key ];
|
||||
systemd = {
|
||||
services = {
|
||||
ocserv.serviceConfig.Slice = "ocserv.slice";
|
||||
ocserv = {
|
||||
unitConfig.ConditionPathExists = [ cert key ];
|
||||
serviceConfig.Slice = "ocserv.slice";
|
||||
};
|
||||
};
|
||||
slices.ocserv = {
|
||||
description = "ocserv service slice";
|
||||
|
|
|
@ -68,28 +68,7 @@ in
|
|||
];
|
||||
};
|
||||
};
|
||||
systemd.services.pleroma-secrets = {
|
||||
before = [ "pleroma.service" ];
|
||||
requiredBy = [ "pleroma.service" ];
|
||||
serviceConfig.Type = "oneshot";
|
||||
path = with pkgs; [ coreutils jq ];
|
||||
script = ''
|
||||
set -o nounset
|
||||
|
||||
password="$(jq -re '.databasePassword' ${secrets-filepath})"
|
||||
filecontents=$(cat <<- EOF
|
||||
import Config
|
||||
config :pleroma, Pleroma.Repo,
|
||||
password: "$password"
|
||||
EOF
|
||||
)
|
||||
|
||||
install -C -m 0700 -o pleroma -g pleroma -d /var/lib/pleroma
|
||||
|
||||
install -C -m 0600 -o pleroma -g pleroma -DT \
|
||||
<(printf "%s" "$filecontents") ${secrets-exs}
|
||||
'';
|
||||
};
|
||||
environment.etc."setup.psql".text = ''
|
||||
CREATE USER pleroma;
|
||||
CREATE DATABASE pleroma OWNER pleroma;
|
||||
|
@ -105,8 +84,40 @@ in
|
|||
isSystemUser = true;
|
||||
group = "pleroma";
|
||||
};
|
||||
# seems to be an upstream nixpkgs/nixos bug (missing hexdump)
|
||||
systemd.services.pleroma.path = [ pkgs.util-linux ];
|
||||
systemd = {
|
||||
services = {
|
||||
pleroma-secrets = {
|
||||
before = [ "pleroma.service" ];
|
||||
requiredBy = [ "pleroma.service" ];
|
||||
serviceConfig.Type = "oneshot";
|
||||
path = with pkgs; [ coreutils jq ];
|
||||
script = ''
|
||||
set -o nounset
|
||||
|
||||
password="$(jq -re '.databasePassword' ${secrets-filepath})"
|
||||
filecontents=$(cat <<- EOF
|
||||
import Config
|
||||
config :pleroma, Pleroma.Repo,
|
||||
password: "$password"
|
||||
EOF
|
||||
)
|
||||
|
||||
install -C -m 0700 -o pleroma -g pleroma -d /var/lib/pleroma
|
||||
|
||||
install -C -m 0600 -o pleroma -g pleroma -DT \
|
||||
<(printf "%s" "$filecontents") ${secrets-exs}
|
||||
'';
|
||||
};
|
||||
pleroma = {
|
||||
# seems to be an upstream nixpkgs/nixos bug (missing hexdump)
|
||||
path = [ pkgs.util-linux ];
|
||||
serviceConfig.Slice = "pleroma.slice";
|
||||
};
|
||||
};
|
||||
slices.pleroma = {
|
||||
description = "Pleroma service slice";
|
||||
};
|
||||
};
|
||||
services.nginx.virtualHosts."${cfg.subdomain}.${sp.domain}" = {
|
||||
useACMEHost = sp.domain;
|
||||
root = "/var/www/${cfg.subdomain}.${sp.domain}";
|
||||
|
@ -126,13 +137,5 @@ in
|
|||
};
|
||||
};
|
||||
};
|
||||
systemd = {
|
||||
services = {
|
||||
pleroma.serviceConfig.Slice = "pleroma.slice";
|
||||
};
|
||||
slices.pleroma = {
|
||||
description = "Pleroma service slice";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue