summaryrefslogtreecommitdiffstats
path: root/krebs/2configs
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2023-09-11 14:55:04 +0200
committertv <tv@krebsco.de>2023-09-11 14:55:04 +0200
commit8fc162ee3d9525a2b45346a1ca8f34ccb5ef971b (patch)
treeaa37724dd0452860d4b9b033332587c8832629e3 /krebs/2configs
parent90b1515dcd5b67a85cd92901fb211764b1fa5f83 (diff)
parent083229d0211096daec08673f743ccc45b1d8a0ac (diff)
Merge remote-tracking branch 'orange/master'
Diffstat (limited to 'krebs/2configs')
-rw-r--r--krebs/2configs/acme.nix2
-rw-r--r--krebs/2configs/cal.nix2
-rw-r--r--krebs/2configs/hotdog-host.nix3
-rw-r--r--krebs/2configs/mastodon.nix6
-rw-r--r--krebs/2configs/news-host.nix3
-rw-r--r--krebs/2configs/reaktor2.nix2
-rw-r--r--krebs/2configs/repo-sync.nix2
-rw-r--r--krebs/2configs/syncthing.nix4
-rw-r--r--krebs/2configs/tor/initrd.nix4
-rw-r--r--krebs/2configs/wiki.nix2
10 files changed, 17 insertions, 13 deletions
diff --git a/krebs/2configs/acme.nix b/krebs/2configs/acme.nix
index 056aa7ae..0b9cb91a 100644
--- a/krebs/2configs/acme.nix
+++ b/krebs/2configs/acme.nix
@@ -24,7 +24,7 @@ in {
path = "/var/lib/step-ca/intermediate_ca.key";
owner.name = "root";
mode = "1444";
- source-path = builtins.toString <secrets> + "/acme_ca.key";
+ source-path = "${config.krebs.secret.directory}/acme_ca.key";
};
services.step-ca = {
enable = true;
diff --git a/krebs/2configs/cal.nix b/krebs/2configs/cal.nix
index a1fe47b5..1a0cdf01 100644
--- a/krebs/2configs/cal.nix
+++ b/krebs/2configs/cal.nix
@@ -108,7 +108,7 @@ in {
krebs.secret.files.calendar = {
path = "/var/lib/radicale/.ssh/id_ed25519";
owner = { name = "radicale"; };
- source-path = "${<secrets/radicale.id_ed25519>}";
+ source-path = "${config.krebs.secret.directory}/radicale.id_ed25519";
};
security.sudo.extraConfig = ''
diff --git a/krebs/2configs/hotdog-host.nix b/krebs/2configs/hotdog-host.nix
index 95d70376..ab2b22b7 100644
--- a/krebs/2configs/hotdog-host.nix
+++ b/krebs/2configs/hotdog-host.nix
@@ -1,6 +1,7 @@
+{ config, ... }:
{
krebs.sync-containers3.containers.hotdog = {
- sshKey = "${toString <secrets>}/hotdog.sync.key";
+ sshKey = "${config.krebs.secret.directory}/hotdog.sync.key";
};
containers.hotdog.bindMounts."/var/lib" = {
hostPath = "/var/lib/sync-containers3/hotdog/state";
diff --git a/krebs/2configs/mastodon.nix b/krebs/2configs/mastodon.nix
index 145b383e..af308b2c 100644
--- a/krebs/2configs/mastodon.nix
+++ b/krebs/2configs/mastodon.nix
@@ -33,8 +33,10 @@
];
environment.systemPackages = [
- (pkgs.writers.writeDashBin "tootctl" ''
- sudo -u mastodon /etc/profiles/per-user/mastodon/bin/mastodon-env /etc/profiles/per-user/mastodon/bin/tootctl "$@"
+ (pkgs.writers.writeDashBin "clear-mastodon-cache" ''
+ mastodon-tootctl media remove --prune-profiles --days=14 --concurrency=30
+ mastodon-tootctl media remove-orphans
+ mastodon-tootctl preview_cards remove --days=14
'')
(pkgs.writers.writeDashBin "create-mastodon-user" ''
set -efu
diff --git a/krebs/2configs/news-host.nix b/krebs/2configs/news-host.nix
index 71793e51..81922ef8 100644
--- a/krebs/2configs/news-host.nix
+++ b/krebs/2configs/news-host.nix
@@ -1,5 +1,6 @@
+{ config, ... }:
{
krebs.sync-containers3.containers.news = {
- sshKey = "${toString <secrets>}/news.sync.key";
+ sshKey = "${config.krebs.secret.directory}/news.sync.key";
};
}
diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix
index 0f7ab0ad..bc5bfc0f 100644
--- a/krebs/2configs/reaktor2.nix
+++ b/krebs/2configs/reaktor2.nix
@@ -486,7 +486,7 @@ in {
services.nginx.virtualHosts."agenda.r" = {
serverAliases = [ "kri.r" ];
locations."= /index.html".extraConfig = ''
- alias ./agenda.html;
+ alias ${./agenda.html};
'';
locations."/agenda.json".extraConfig = ''
proxy_set_header Host $host;
diff --git a/krebs/2configs/repo-sync.nix b/krebs/2configs/repo-sync.nix
index 1b72924a..a488fdfe 100644
--- a/krebs/2configs/repo-sync.nix
+++ b/krebs/2configs/repo-sync.nix
@@ -98,7 +98,7 @@ in {
krebs.secret.files.konsens = {
path = "/var/lib/konsens/.ssh/id_ed25519";
owner = konsens-user;
- source-path = "${<secrets/konsens.id_ed25519>}";
+ source-path = "${config.krebs.secret.directory}/konsens.id_ed25519>";
};
imports = [
diff --git a/krebs/2configs/syncthing.nix b/krebs/2configs/syncthing.nix
index 59178516..90ae66f6 100644
--- a/krebs/2configs/syncthing.nix
+++ b/krebs/2configs/syncthing.nix
@@ -10,8 +10,8 @@ in {
services.syncthing = {
enable = true;
configDir = "/var/lib/syncthing";
- key = toString <secrets/syncthing.key>;
- cert = toString <secrets/syncthing.cert>;
+ key = "${config.krebs.secret.directory}/syncthing.key";
+ cert = "${config.krebs.secret.directory}/syncthing.cert";
# workaround for infinite recursion on unstable, remove in 23.11
} // (if builtins.hasAttr "settings" options.services.syncthing then
{ settings.devices = mk_peers used_peers; }
diff --git a/krebs/2configs/tor/initrd.nix b/krebs/2configs/tor/initrd.nix
index 98ed039b..21c46a0a 100644
--- a/krebs/2configs/tor/initrd.nix
+++ b/krebs/2configs/tor/initrd.nix
@@ -13,12 +13,12 @@
config.krebs.users.makefu.pubkey
config.krebs.users.tv.pubkey
];
- hostKeys = [ <secrets/initrd/openssh_host_ecdsa_key> ];
+ hostKeys = [ "${config.krebs.secret.directory}/initrd/openssh_host_ecdsa_key" ];
};
boot.initrd.availableKernelModules = [ "e1000e" ];
boot.initrd.secrets = {
- "/etc/tor/onion/bootup" = <secrets/initrd>;
+ "/etc/tor/onion/bootup" = "${config.krebs.secret.directory}/initrd";
};
boot.initrd.extraUtilsCommands = ''
diff --git a/krebs/2configs/wiki.nix b/krebs/2configs/wiki.nix
index a227ceb4..4b0bf976 100644
--- a/krebs/2configs/wiki.nix
+++ b/krebs/2configs/wiki.nix
@@ -96,7 +96,7 @@ in
krebs.secret.files.gollum = {
path = "${config.services.gollum.stateDir}/.ssh/id_ed25519";
owner = { name = "gollum"; };
- source-path = "${<secrets/gollum.id_ed25519>}";
+ source-path = "${config.krebs.secret.directory}/gollum.id_ed25519";
};
security.sudo.extraConfig = ''