patched systemd
that passes secrets in `ExecStartPre`.
This commit is contained in:
parent
e4c39bf857
commit
2e970a22ce
@ -12,6 +12,7 @@ let
|
||||
vno1_root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMiWb7yeSeuFCMZWarKJD6ZSxIlpEHbU++MfpOIy/2kh";
|
||||
};
|
||||
|
||||
|
||||
mountLatest = ({mountpoint, zfs_name}:
|
||||
''
|
||||
set -euo pipefail
|
||||
@ -55,6 +56,19 @@ in {
|
||||
/etc/nixos/hardware-configuration.nix /etc/nixos/zfs.nix
|
||||
];
|
||||
|
||||
#nixpkgs.overlays = [ (self: super: {} ) ];
|
||||
|
||||
nixpkgs.overlays = [ (self: super: {
|
||||
systemd = super.systemd.overrideAttrs (old: {
|
||||
patches = (old.patches or []) ++ [
|
||||
(super.fetchpatch {
|
||||
url = "https://github.com/systemd/systemd/commit/e7f64b896201da4a11da158c35865604cf02062f.patch";
|
||||
sha256 = "sha256-AvBkrD9n5ux1o167yKg1eJK8C300vBS/ks3Gbvy5vjw=";
|
||||
})
|
||||
];
|
||||
});
|
||||
} ) ];
|
||||
|
||||
boot.initrd.network = {
|
||||
enable = true;
|
||||
ssh = {
|
||||
@ -289,6 +303,9 @@ in {
|
||||
virtualHosts."git.jakstys.lt".extraConfig = ''
|
||||
reverse_proxy 127.0.0.1:3000
|
||||
'';
|
||||
virtualHosts."turn.jakstys.lt".extraConfig = ''
|
||||
redir https://jakstys.lt
|
||||
'';
|
||||
virtualHosts."beta.jakstys.lt" = {
|
||||
logFormat = ''
|
||||
output file ${config.services.caddy.logDir}/access-beta.jakstys.lt.log {
|
||||
@ -324,6 +341,11 @@ in {
|
||||
};
|
||||
};
|
||||
|
||||
coturn = {
|
||||
enable = true;
|
||||
static-auth-secret-file = "\${CREDENTIALS_DIRECTORY}/static-auth-secret";
|
||||
};
|
||||
|
||||
postfix = {
|
||||
enable = true;
|
||||
enableSmtp = true;
|
||||
@ -409,6 +431,20 @@ in {
|
||||
};
|
||||
};
|
||||
|
||||
coturn = let
|
||||
cert_dir = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/turn.jakstys.lt/";
|
||||
in {
|
||||
unitConfig.ConditionPathExists = [
|
||||
"${cert_dir}/turn.jakstys.lt.key"
|
||||
"${cert_dir}/turn.jakstys.lt.crt"
|
||||
];
|
||||
serviceConfig.LoadCredential = [
|
||||
"static-auth-secret:/var/src/secrets/turn/static-auth-secret"
|
||||
"tls-key:${cert_dir}/turn.jakstys.lt.key"
|
||||
"tls-cert:${cert_dir}/turn.jakstys.lt.crt"
|
||||
];
|
||||
};
|
||||
|
||||
# https://northernlightlabs.se/2014-07-05/systemd-status-mail-on-unit-failure.html
|
||||
"unit-status-mail@" = let
|
||||
script = pkgs.writeShellScript "unit-status-mail" ''
|
||||
@ -444,6 +480,7 @@ in {
|
||||
};
|
||||
}) backup_paths;
|
||||
|
||||
|
||||
# Do not change
|
||||
system.stateVersion = "22.11";
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user