From a99e80e1fecb1d62e49970325c869cb90f83cc2e Mon Sep 17 00:00:00 2001 From: Inex Code Date: Sat, 27 Jul 2024 02:58:50 +0300 Subject: [PATCH] fix --- sp-modules/bitwarden/module.nix | 53 ++++++++++++++------------- sp-modules/nextcloud/module.nix | 50 +++++++++++++------------ sp-modules/ocserv/module.nix | 6 ++- sp-modules/pleroma/module.nix | 65 +++++++++++++++++---------------- 4 files changed, 92 insertions(+), 82 deletions(-) diff --git a/sp-modules/bitwarden/module.nix b/sp-modules/bitwarden/module.nix index 4146a27..6850d50 100644 --- a/sp-modules/bitwarden/module.nix +++ b/sp-modules/bitwarden/module.nix @@ -72,28 +72,36 @@ in EMERGENCY_ACCESS_ALLOWED = cfg.emergencyAccessAllowed; }; }; - systemd.services.bitwarden-secrets = { - before = [ "vaultwarden.service" ]; - requiredBy = [ "vaultwarden.service" ]; - serviceConfig.Type = "oneshot"; - path = with pkgs; [ coreutils jq ]; - script = '' - set -o nounset + systemd = { + services = { + vaultwarden.serviceConfig.Slice = "bitwarden.slice"; + bitwarden-secrets = { + before = [ "vaultwarden.service" ]; + requiredBy = [ "vaultwarden.service" ]; + serviceConfig.Type = "oneshot"; + path = with pkgs; [ coreutils jq ]; + script = '' + set -o nounset - token="$(jq -r '.bitwarden.adminToken' ${secrets-filepath})" - if [ "$token" == "null" ]; then - # If it's null, empty the contents of the file - bitwarden_env="" - else - bitwarden_env="ADMIN_TOKEN=$token" - fi + token="$(jq -r '.bitwarden.adminToken' ${secrets-filepath})" + if [ "$token" == "null" ]; then + # If it's null, empty the contents of the file + bitwarden_env="" + else + bitwarden_env="ADMIN_TOKEN=$token" + fi - install -C -m 0700 -o vaultwarden -g vaultwarden \ - -d /var/lib/bitwarden + install -C -m 0700 -o vaultwarden -g vaultwarden \ + -d /var/lib/bitwarden - install -C -m 0600 -o vaultwarden -g vaultwarden -DT \ - <(printf "%s" "$bitwarden_env") ${bitwarden-env} - ''; + install -C -m 0600 -o vaultwarden -g vaultwarden -DT \ + <(printf "%s" "$bitwarden_env") ${bitwarden-env} + ''; + }; + }; + slices.bitwarden = { + description = "Bitwarden service slice"; + }; }; services.nginx.virtualHosts."${cfg.subdomain}.${sp.domain}" = { useACMEHost = sp.domain; @@ -116,12 +124,5 @@ in # NixOS upstream bug? Otherwise, backup-vaultwarden cannot find sqlite DB. systemd.services.backup-vaultwarden.unitConfig.ConditionPathExists = "/var/lib/bitwarden_rs/db.sqlite3"; - - systemd = { - services.vaultwarden.serviceConfig.Slice = "bitwarden.slice"; - slices.bitwarden = { - description = "Bitwarden service slice"; - }; - }; }; } diff --git a/sp-modules/nextcloud/module.nix b/sp-modules/nextcloud/module.nix index dad5087..5cc3686 100644 --- a/sp-modules/nextcloud/module.nix +++ b/sp-modules/nextcloud/module.nix @@ -34,23 +34,35 @@ ]; }; }; - systemd.services.nextcloud-secrets = { - before = [ "nextcloud-setup.service" ]; - requiredBy = [ "nextcloud-setup.service" ]; - serviceConfig.Type = "oneshot"; - path = with pkgs; [ coreutils jq ]; - script = '' - databasePassword=$(jq -re '.modules.nextcloud.databasePassword' ${secrets-filepath}) - adminPassword=$(jq -re '.modules.nextcloud.adminPassword' ${secrets-filepath}) + systemd = { + services = { + phpfpm-nextcloud.serviceConfig.Slice = "nextcloud.slice"; + nextcloud-setup.serviceConfig.Slice = "nextcloud.slice"; + nextcloud-cron.serviceConfig.Slice = "nextcloud.slice"; + nextcloud-update-db.serviceConfig.Slice = "nextcloud.slice"; + nextcloud-update-plugins.serviceConfig.Slice = "nextcloud.slice"; + nextcloud-secrets = { + before = [ "nextcloud-setup.service" ]; + requiredBy = [ "nextcloud-setup.service" ]; + serviceConfig.Type = "oneshot"; + path = with pkgs; [ coreutils jq ]; + script = '' + databasePassword=$(jq -re '.modules.nextcloud.databasePassword' ${secrets-filepath}) + adminPassword=$(jq -re '.modules.nextcloud.adminPassword' ${secrets-filepath}) - install -C -m 0440 -o nextcloud -g nextcloud -DT \ - <(printf "%s\n" "$databasePassword") \ - ${db-pass-filepath} + install -C -m 0440 -o nextcloud -g nextcloud -DT \ + <(printf "%s\n" "$databasePassword") \ + ${db-pass-filepath} - install -C -m 0440 -o nextcloud -g nextcloud -DT \ - <(printf "%s\n" "$adminPassword") \ - ${admin-pass-filepath} - ''; + install -C -m 0440 -o nextcloud -g nextcloud -DT \ + <(printf "%s\n" "$adminPassword") \ + ${admin-pass-filepath} + ''; + }; + }; + slices.nextcloud = { + description = "Nextcloud service slice"; + }; }; services.nextcloud = { enable = true; @@ -83,13 +95,5 @@ useACMEHost = sp.domain; forceSSL = true; }; - systemd = { - services = { - phpfpm-nextcloud.serviceConfig.Slice = "nextcloud.slice"; - }; - slices.nextcloud = { - description = "Nextcloud service slice"; - }; - }; }; } diff --git a/sp-modules/ocserv/module.nix b/sp-modules/ocserv/module.nix index f8da4a6..f4d2dc0 100644 --- a/sp-modules/ocserv/module.nix +++ b/sp-modules/ocserv/module.nix @@ -75,10 +75,12 @@ in proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict"; ''; }; - systemd.services.ocserv.unitConfig.ConditionPathExists = [ cert key ]; systemd = { services = { - ocserv.serviceConfig.Slice = "ocserv.slice"; + ocserv = { + unitConfig.ConditionPathExists = [ cert key ]; + serviceConfig.Slice = "ocserv.slice"; + }; }; slices.ocserv = { description = "ocserv service slice"; diff --git a/sp-modules/pleroma/module.nix b/sp-modules/pleroma/module.nix index 172aa31..f345e5d 100644 --- a/sp-modules/pleroma/module.nix +++ b/sp-modules/pleroma/module.nix @@ -68,28 +68,7 @@ in ]; }; }; - systemd.services.pleroma-secrets = { - before = [ "pleroma.service" ]; - requiredBy = [ "pleroma.service" ]; - serviceConfig.Type = "oneshot"; - path = with pkgs; [ coreutils jq ]; - script = '' - set -o nounset - password="$(jq -re '.databasePassword' ${secrets-filepath})" - filecontents=$(cat <<- EOF - import Config - config :pleroma, Pleroma.Repo, - password: "$password" - EOF - ) - - install -C -m 0700 -o pleroma -g pleroma -d /var/lib/pleroma - - install -C -m 0600 -o pleroma -g pleroma -DT \ - <(printf "%s" "$filecontents") ${secrets-exs} - ''; - }; environment.etc."setup.psql".text = '' CREATE USER pleroma; CREATE DATABASE pleroma OWNER pleroma; @@ -105,8 +84,40 @@ in isSystemUser = true; group = "pleroma"; }; - # seems to be an upstream nixpkgs/nixos bug (missing hexdump) - systemd.services.pleroma.path = [ pkgs.util-linux ]; + systemd = { + services = { + pleroma-secrets = { + before = [ "pleroma.service" ]; + requiredBy = [ "pleroma.service" ]; + serviceConfig.Type = "oneshot"; + path = with pkgs; [ coreutils jq ]; + script = '' + set -o nounset + + password="$(jq -re '.databasePassword' ${secrets-filepath})" + filecontents=$(cat <<- EOF + import Config + config :pleroma, Pleroma.Repo, + password: "$password" + EOF + ) + + install -C -m 0700 -o pleroma -g pleroma -d /var/lib/pleroma + + install -C -m 0600 -o pleroma -g pleroma -DT \ + <(printf "%s" "$filecontents") ${secrets-exs} + ''; + }; + pleroma = { + # seems to be an upstream nixpkgs/nixos bug (missing hexdump) + path = [ pkgs.util-linux ]; + serviceConfig.Slice = "pleroma.slice"; + }; + }; + slices.pleroma = { + description = "Pleroma service slice"; + }; + }; services.nginx.virtualHosts."${cfg.subdomain}.${sp.domain}" = { useACMEHost = sp.domain; root = "/var/www/${cfg.subdomain}.${sp.domain}"; @@ -126,13 +137,5 @@ in }; }; }; - systemd = { - services = { - pleroma.serviceConfig.Slice = "pleroma.slice"; - }; - slices.pleroma = { - description = "Pleroma service slice"; - }; - }; }; }