diff options
Diffstat (limited to 'krebs/3modules')
| -rw-r--r-- | krebs/3modules/ci.nix | 2 | ||||
| -rw-r--r-- | krebs/3modules/default.nix | 2 | ||||
| -rw-r--r-- | krebs/3modules/external/default.nix | 25 | ||||
| -rw-r--r-- | krebs/3modules/external/mic92.nix | 20 | ||||
| -rw-r--r-- | krebs/3modules/hidden-ssh.nix | 6 | ||||
| -rw-r--r-- | krebs/3modules/nin/default.nix | 111 | ||||
| -rw-r--r-- | krebs/3modules/reaktor2.nix | 12 | ||||
| -rw-r--r-- | krebs/3modules/realwallpaper.nix | 19 | ||||
| -rw-r--r-- | krebs/3modules/syncthing.nix | 206 |
9 files changed, 51 insertions, 352 deletions
diff --git a/krebs/3modules/ci.nix b/krebs/3modules/ci.nix index 7695667f..50db0b97 100644 --- a/krebs/3modules/ci.nix +++ b/krebs/3modules/ci.nix @@ -52,7 +52,7 @@ let "${url}", workdir='${name}-${elemAt(splitString "." url) 1}', branches=True, project='${name}', - pollinterval=10 + pollinterval=100 ) ) '') repo.urls) diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 6f06f451..f3180722 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -50,7 +50,6 @@ let ./secret.nix ./setuid.nix ./shadow.nix - ./syncthing.nix ./tinc.nix ./tinc_graphs.nix ./urlwatch.nix @@ -103,7 +102,6 @@ let { krebs = import ./krebs { inherit config; }; } { krebs = import ./lass { inherit config; }; } { krebs = import ./makefu { inherit config; }; } - { krebs = import ./nin { inherit config; }; } { krebs = import ./external/palo.nix { inherit config; }; } { krebs = import ./external/mic92.nix { inherit config; }; } { krebs = import ./tv { inherit config; }; } diff --git a/krebs/3modules/external/default.nix b/krebs/3modules/external/default.nix index 1d73fade..b437456e 100644 --- a/krebs/3modules/external/default.nix +++ b/krebs/3modules/external/default.nix @@ -373,6 +373,30 @@ in { syncthing.id = "22NLFY5-QMRM3BH-76QIBYI-OPMKVGM-DU4FNZI-3KN2POF-V4WIC6M-2SFFUAC"; nets = {}; }; + catalonia = { + owner = config.krebs.users.xkey; + nets = { + retiolum = { + ip4.addr = "10.243.13.12"; + aliases = [ "catalonia.r" ]; + tinc.pubkey = '' + -----BEGIN RSA PUBLIC KEY----- + MIICCgKCAgEAug+nej8/spuRHdzcfBYAuzUVoiq4YufmJqXSshvgf4aqjeVEt91Y + gT6iBN8IKnMjYk3bAS7MxmgiyVE17MQlaQi0RSYY47M8I9TvCYtWX/FcXuP9e6CA + VcalDUNpy2qNB+yEE8gMa8vDA3smKk/iK47jTtpWoPtvejLK/SCi8RdlYjKlOErE + Yl9mCniGD1WEYgdrjf6Nl7av6uuGYNibivIMkB2JyGwGGmzvP+oBFi2Cwarw8K2e + FK2VGrAfkgiP5rTPACHseoeCsJtRLozgzYzmS5M9XhP5ZoPkbtR/pL5btCwoCTlZ + HotmLVg4DezbPjNOBB9gtJF4UuzQjSPNY6K1VvvLOhDwXdyln82LuNcm9l+cy9y3 + mGeSvqOouBugDqie6OpkF0KrRwlGQVwzwtnDohGd/5f7TbiPf1QjC+JP/m4mxZl3 + zE0BCOct9b4hUc/CFto71CPlytSbTsMhfJAn8JxttGvsWIAj+dQ0iuLXfLDflWt6 + sImmnOo28YInvFx6pKoxTwcV1AVrPWn5TSePhZM50dmzs0exltOISFECDhpPabU3 + ZymRCze8fH9Z3SHxfxTlTZV7IaW2kpyyBe1KsWpM46gLPk5icX+Xc6mdGwbdGBpf + vDZ+BoHCjq9FfQrAu1+E83yCYyu+3fWrLSgYyrqjg0gPcCcnb1g6hqECAwEAAQ== + -----END RSA PUBLIC KEY----- + ''; + }; + }; + }; }; users = { ciko = { @@ -421,6 +445,7 @@ in { mail = "xq@shackspace.de"; pubkey = ssh-for "xq"; }; + xkey = {}; miaoski = { }; filly = { diff --git a/krebs/3modules/external/mic92.nix b/krebs/3modules/external/mic92.nix index a748b145..23ab4f68 100644 --- a/krebs/3modules/external/mic92.nix +++ b/krebs/3modules/external/mic92.nix @@ -144,24 +144,24 @@ in { }; }; }; - idontcare = { + herbert = { owner = config.krebs.users.Mic92; nets = rec { retiolum = { addrs = [ - config.krebs.hosts.idontcare.nets.retiolum.ip4.addr - config.krebs.hosts.idontcare.nets.retiolum.ip6.addr + config.krebs.hosts.herbert.nets.retiolum.ip4.addr + config.krebs.hosts.herbert.nets.retiolum.ip6.addr ]; ip4.addr = "10.243.29.177"; - aliases = [ "idontcare.r" ]; + aliases = [ "herbert.r" ]; tinc.pubkey = '' -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAxmmbQLVXcnCU9Vg9TCoJxfq/RyNfzaTj8XJsn4Kpo3CvQOwFzL6O - qZnbG55WjPjPumuFgtUdHA/G8mgtrTVaIRbVE9ck2l2wWFzMWxORzuvDbMh5xP8A - OW2Z2qjlH6O9GTBCzpYyHuyBWCjtiN4x9zEqxkIsBARKOylAoy3zQIiiQF0d72An - lqKFi9vYUU90zo9rP8BTzx2ZsEWb28xhHUlwf1+vgaOHI1jI99gnr12dVYl/i/Hb - O28gDUogfpP/5pWFAHJ+53ZscHo8/Y7imjiKgGXmOHywoXOsKQ67M6ROEU/0xPnw - jKmq2p7zTJk2mDhphjePi5idd5yKNX5Q3wIDAQAB + MIIBCgKCAQEA7ZINr8YxVwHtcOR+ySpc9UjnJWsFXlOyu3CnrJ8IrY+mPA25UmNZ + stXd8QbJuxpad9HyPs294uW8UmXttEZzIwAlikVHasM5IQHVltudTTFvv7s3YFWd + /lgpHbo8zOA2mafx+Sr02Fy/lHjk6BTf8IOzdJIpUHZL/P+FUl9baBwGLmtbEvPh + fbvtf5QryBjJ9nRnb+wsPVpeFE/LncIMK/bYQsyE01T5QDu/muAaeYPbgm6FqaQH + OJ4oEHsarWBvU1qzgz/IRz0BHHeTrbbP3AG/glTwL02Z1mtTXSjME7cfk7ZRM5Cj + jXAqnqu2m1B08Kii+zYp4BPZDmPLT5gq+QIDAQAB -----END RSA PUBLIC KEY----- ''; }; diff --git a/krebs/3modules/hidden-ssh.nix b/krebs/3modules/hidden-ssh.nix index 2d697e49..f497de45 100644 --- a/krebs/3modules/hidden-ssh.nix +++ b/krebs/3modules/hidden-ssh.nix @@ -19,6 +19,10 @@ let type = types.str; default = "irc.freenode.org"; }; + message = mkOption { + type = types.str; + default = "SSH Hidden Service at "; + }; }; imp = let @@ -50,7 +54,7 @@ let ${pkgs.irc-announce}/bin/irc-announce \ ${cfg.server} 6667 ${config.krebs.build.host.name}-ssh \ \${cfg.channel} \ - "SSH Hidden Service at $(cat ${hiddenServiceDir}/hostname)" + "${cfg.message}$(cat ${hiddenServiceDir}/hostname)" ''; PrivateTmp = "true"; User = "tor"; diff --git a/krebs/3modules/nin/default.nix b/krebs/3modules/nin/default.nix deleted file mode 100644 index 1531a2c8..00000000 --- a/krebs/3modules/nin/default.nix +++ /dev/null @@ -1,111 +0,0 @@ -{ config, ... }: - -with import <stockholm/lib>; - -{ - hosts = mapAttrs (_: recursiveUpdate { - owner = config.krebs.users.nin; - ci = true; - }) { - hiawatha = { - cores = 2; - nets = { - retiolum = { - ip4.addr = "10.243.132.96"; - ip6.addr = "42:0000:0000:0000:0000:0000:0000:2342"; - aliases = [ - "hiawatha.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAucIe5yLzKJ8F982XRpZT6CvyXuPrtnNTmw/E/T6Oyq88m/OVHh6o - Viho1XAlJZZwqNniItD0AQB98uFB3+3yA7FepnwwC+PEceIfBG4bTDNyYD3ZCsAB - iWpmRar9SQ7LFnoZ6X2lYaJkUD9afmvXqJJLR5MClnRQo5OSqXaFdp7ryWinHP7E - UkPSNByu4LbQ9CnBEW8mmCVZSBLb8ezxg3HpJSigmUcJgiDBJ6aj22BsZ5L+j1Sr - lvUuaCr8WOS41AYsD5dbTYk7EG42tU5utrOS6z5yHmhbA5r8Ro2OFi/R3Td68BIJ - yw/m8sfItBCvjJSMEpKHEDfGMBCfQKltCwIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFizK5kauDlnjm/IzyzLi+W4hLKqjSWMkfuxzLwg6egx"; - }; - axon= { - cores = 2; - nets = { - retiolum = { - ip4.addr = "10.243.134.66"; - ip6.addr = "42:0000:0000:0000:0000:0000:0000:1379"; - aliases = [ - "axon.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIECgKCBAEA89h5SLDQL/ENM//3SMzNkVnW4dBdg1GOXs/SdRCTcgygJC0TzsAo - glfQhfS+OhFSC/mXAjP8DnN7Ys6zXzMfJgH7TgVRJ8tCo5ETehICA19hMjMFINLj - KZhhthPuX7u2Jr4uDMQ0eLJnKVHF4PmHnkA+JGcOqO7VSkgcqPvqPMnJFcMkGWvH - L3KAz1KGPHZWrAB2NBDrD/bOZj4L39nS4nJIYVOraP7ze1GTTC7s/0CnZj3qwS5j - VdUYgAR+bdxlWm1B1PPOjkslP6UOklQQK4SjK3ceLYb2yM7BVICeznjWCbkbMACY - PUSvdxyiD7nZcLvuM3cJ1M45zUK+tAHHDB5FFUUAZ+YY/Xml4+JOINekpQdGQqkN - X4VsdRGKpjqi+OXNP4ktDcVkl8uALmNR6TFfAEwQJdjgcMxgJGW9PkqvPl3Mqgoh - m89lHPpO0Cpf40o6lZRG42gH1OR7Iy1M234uA08a3eFf+IQutHaOBt/Oi0YeiaQp - OtJHmWtpsQRz24/m+uroSUtKZ63sESli28G1jP73Qv7CiB8KvSX0Z4zKJOV/CyaT - LLguAyeWdNLtVg4bGRd7VExoWA+Rd9YKHCiE5duhETZk0Hb9WZmgPdM7A0RBb+1H - /F9BPKSZFl2e42VEsy8yNmBqO8lL7DVbAjLhtikTpPLcyjNeqN99a8jFX4c5nhIK - MVsSLKsmNGQq+dylXMbErsGu3P/OuCZ4mRkC32Kp4qwJ+JMrJc8+ZbhKl6Fhwu0w - 7DwwoUaRoMqtr2AwR+X67eJsYiOVo5EkqBo6DrWIM6mO2GrWHg5LTBIShn08q/Nm - ofPK2TmLdfqBycUR0kRCCPVi82f9aElmg3pzzPJnLAn9JLL43q6l+sefvtr9sTs3 - 1co6m8k5mO8zTb8BCmX2nFMkCopuHeF1nQ33y6woq0D8WsXHfHtbPwN9eYRVrbBF - 29YBp5E+Q1pQB+0rJ4A5N1I3VUKhDGKc72pbQc8cYoAbDXA+RKYbsFOra5z585dt - 4HQXpwj3a/JGJYRT6FVbJp4p8PjwAtN9VkpXNl4//3lXQdDD6aQ6ssXaKxVAp2Xj - FjPjx6J6ok4mRvofKNAREt4eZUdDub34bff6G0zI7Vls9t4ul0uHsJ6+ic3CG+Yl - buLfOkDp4hVCAlMPQ2NJfWKSggoVao7OTBPTMB3NiM56YOPptfZgu2ttDRTyuQ7p - hrOwutxoy/abH3hA8bWj1+C23vDtQ2gj0r16SWxpPdb3sselquzKp9NIvtyRVfnG - yYZTWRHg9mahMC2P0/wWAQVjKb0LnTib4lSe21uqFkWzp+3/Uu+hiwP5xGez/NIi - ahyL7t0D9r9y+i1RPjYWypgyR568fiGheQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF4ubHA2pQzV4tQq9D1zRTD1xOSR6xZM3z6te+5A1ekc"; - }; - onondaga = { - cores = 1; - nets = { - retiolum = { - ip4.addr = "10.243.132.55"; - ip6.addr = "42:0000:0000:0000:0000:0000:0000:1357"; - aliases = [ - "onondaga.r" - "cgit.onondaga.r" - ]; - tinc.pubkey = '' - -----BEGIN RSA PUBLIC KEY----- - MIIBCgKCAQEAqj6NPhRVsr8abz9FFx9+ld3amfxN7SRNccbksUOqkufGS0vaupFR - OWsgj4Qmt3lQ82YVt5yjx0FZHkAsenCEKM3kYoIb4nipT0e1MWkQ7plVveMfGkiu - htaJ1aCbI2Adxfmk4YbyAr8k3G+Zl9t7gTikBRh7cf5PMiu2JhGUZHzx9urR0ieH - xyashZFjl4TtIy4q6QTiyST9kfzteh8k7CJ72zfYkdHl9dPlr5Nk22zH9xPkyzmO - kCNeknuDqKeTT9erNtRLk6pjEcyutt0y2/Uq6iZ38z5qq9k4JzcMuQ3YPpNy8bxn - hVuk2qBu6kBTUW3iLchoh0d4cfFLWLx1SQIDAQAB - -----END RSA PUBLIC KEY----- - ''; - }; - }; - ssh.privkey.path = <secrets/ssh.id_ed25519>; - ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGmQk7AXsYLzjUrOjsuhZ3+gT7FjhPtjwxv5XnuU8GJO"; - }; - - }; - users = { - nin = { - mail = "nin@axon.r"; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl4jHl2dya9Tecot7AcHuk57FiPN0lo8eDa03WmTOCCU7gEJLgpi/zwLxY/K4eXsDgOt8LJwddicgruX2WgIYD3LnwtuN40/U9QqqdBIv/5sYZTcShAK2jyPj0vQJlVUpL7DLxxRH+t4lWeRw/1qaAAVt9jEVbzT5RH233E6+SbXxfnQDhDwOXwD1qfM10BOGh63iYz8/loXG1meb+pkv3HTf5/D7x+/y1XvWRPKuJ2Ml33p2pE3cTd+Tie1O8CREr45I9JOIOKUDQk1klFL5NNXnaQ9h1FRCsnQuoGztoBq8ed6XXL/b8mQ0lqJMxHIoCuDN/HBZYJ0z+1nh8X6XH nin@axon"; - }; - nin_h = { - mail = "nin@hiawatha.r"; - pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDicZLUPEVNX7SgqYWcjPo0UESRizEfIvVVbiwa1aApA8x25u/5R3sevcgbIpLHYKDMl5tebny9inr6G2zqB6oq/pocQjHxrPnuLzqjvqeSpbjQjlNWJ9GaHT5koTXZHdkEXGL0vfv1SRDNWUiK0rNymr3GXab4DyrnRnuNl/G1UtLf4Zka94YUD0SSPdS9y6knnRrUWKjGMFBZEbNSgHqMGATPQP9VDwKHIO2OWGfiBAJ4nj/MWj+BxHDleCMY9zbym8yY7p/0PLaUe9eIyLC8MftJ5suuMmASlj+UGWgnqUxWxsMHax9y7CTAc23r1NNCXN5LC6/facGt0rEQrdrTizBgOA1FSHAPCl5f0DBEgWBrRuygEcAueuGWvI8/uvtvQQZLhosDbXEfs/3vm2xoYBe7wH4NZHm+d2LqgIcPXehH9hVQsl6pczngTCJt0Q/6tIMffjhDHeYf6xbe/n3AqFT0PylUSvOw/H5iHws3R6rxtgnOio7yTJ4sq0NMzXCtBY6LYPGnkwf0oKsgB8KavZVnxzF8B1TD4nNi0a7ma7bd1LMzI/oGE6i8kDMROgisIECOcoe8YYJZXIne/wimhhRKZAsd+VrKUo4SzNIavCruCodGAVh2vfrqRJD+HD/aWH7Vr1fCEexquaxeKpRtKGIPW9LRCcEsTilqpZdAiw== nin@hiawatha"; - }; - }; -} diff --git a/krebs/3modules/reaktor2.nix b/krebs/3modules/reaktor2.nix index 837a9bea..fcc453fa 100644 --- a/krebs/3modules/reaktor2.nix +++ b/krebs/3modules/reaktor2.nix @@ -45,6 +45,10 @@ with import <stockholm/lib>; default = self.config.port == "6697"; type = types.bool; }; + API.listen = mkOption { + default = null; + type = types.nullOr types.str; + }; }; })); }; @@ -65,9 +69,11 @@ with import <stockholm/lib>; ExecStart = let configFile = pkgs.writeJSON configFileName configValue; configFileName = "${cfg.systemd-service-name}.config.json"; - configValue = recursiveUpdate { - logTime = false; - } (removeAttrs cfg ["_module"]); + configValue = stripAttr ( + recursiveUpdate { + logTime = false; + } (removeAttrs cfg ["_module"]) + ); in "${pkgs.reaktor2}/bin/reaktor ${configFile}"; Restart = "always"; RestartSec = "30"; diff --git a/krebs/3modules/realwallpaper.nix b/krebs/3modules/realwallpaper.nix index a83758cc..cfa8a65b 100644 --- a/krebs/3modules/realwallpaper.nix +++ b/krebs/3modules/realwallpaper.nix @@ -17,21 +17,6 @@ let default = "/var/realwallpaper/"; }; - nightmap = mkOption { - type = types.str; - default = "http://eoimages.gsfc.nasa.gov/images/imagerecords/55000/55167/earth_lights_lrg.jpg"; - }; - - daymap = mkOption { - type = types.str; - default = "https://www.nnvl.noaa.gov/images/globaldata/SnowIceCover_Daily.png"; - }; - - cloudmap = mkOption { - type = types.str; - default = "http://home.megapass.co.kr/~holywatr/cloud_data/clouds_2048.jpg"; - }; - marker = mkOption { type = types.str; default = "http://graph.r/marker.json"; @@ -60,6 +45,7 @@ let path = with pkgs; [ xplanet imagemagick + inkscape curl file jq @@ -67,9 +53,6 @@ let environment = { working_dir = cfg.workingDir; - nightmap_url = cfg.nightmap; - daymap_url = cfg.daymap; - cloudmap_url = cfg.cloudmap; marker_url = cfg.marker; }; diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix deleted file mode 100644 index 799ed7ed..00000000 --- a/krebs/3modules/syncthing.nix +++ /dev/null @@ -1,206 +0,0 @@ -{ config, pkgs, ... }: with import <stockholm/lib>; - -let - - kcfg = config.krebs.syncthing; - scfg = config.services.syncthing; - - devices = mapAttrsToList (name: peer: { - name = name; - deviceID = peer.id; - addresses = peer.addresses; - }) kcfg.peers; - - folders = mapAttrsToList ( _: folder: { - inherit (folder) path id type; - devices = map (peer: { deviceId = kcfg.peers.${peer}.id; }) folder.peers; - rescanIntervalS = folder.rescanInterval; - fsWatcherEnabled = folder.watch; - fsWatcherDelayS = folder.watchDelay; - ignoreDelete = folder.ignoreDelete; - ignorePerms = folder.ignorePerms; - }) kcfg.folders; - - getApiKey = pkgs.writeDash "getAPIKey" '' - ${pkgs.libxml2}/bin/xmllint \ - --xpath 'string(configuration/gui/apikey)'\ - ${scfg.configDir}/config.xml - ''; - - updateConfig = pkgs.writeDash "merge-syncthing-config" '' - set -efu - - # XXX this assumes the GUI address to be "IPv4 address and port" - host=${shell.escape (elemAt (splitString ":" scfg.guiAddress) 0)} - port=${shell.escape (elemAt (splitString ":" scfg.guiAddress) 1)} - - # wait for service to restart - ${pkgs.untilport}/bin/untilport "$host" "$port" - - API_KEY=$(${getApiKey}) - - _curl() { - ${pkgs.curl}/bin/curl \ - -Ss \ - -H "X-API-Key: $API_KEY" \ - "http://$host:$port/rest""$@" - } - - old_config=$(_curl /system/config) - new_config=${shell.escape (toJSON { - inherit devices folders; - })} - new_config=$(${pkgs.jq}/bin/jq -en \ - --argjson old_config "$old_config" \ - --argjson new_config "$new_config" \ - ' - $old_config * $new_config - ${optionalString (!kcfg.overridePeers) '' - * { devices: $old_config.devices } - ''} - ${optionalString (!kcfg.overrideFolders) '' - * { folders: $old_config.folders } - ''} - ' - ) - echo $new_config | _curl /system/config -d @- - _curl /system/restart -X POST - ''; - -in - -{ - options.krebs.syncthing = { - - enable = mkEnableOption "syncthing-init"; - - cert = mkOption { - type = types.nullOr types.absolute-pathname; - default = null; - }; - - key = mkOption { - type = types.nullOr types.absolute-pathname; - default = null; - }; - - overridePeers = mkOption { - type = types.bool; - default = true; - description = '' - Whether to delete the peers which are not configured via the peers option - ''; - }; - peers = mkOption { - default = {}; - type = types.attrsOf (types.submodule ({ - options = { - - # TODO make into addr + port submodule - addresses = mkOption { - type = types.listOf types.str; - default = []; - }; - - #TODO check - id = mkOption { - type = types.str; - }; - - }; - })); - }; - - overrideFolders = mkOption { - type = types.bool; - default = true; - description = '' - Whether to delete the folders which are not configured via the peers option - ''; - }; - folders = mkOption { - default = {}; - type = types.attrsOf (types.submodule ({ config, ... }: { - options = { - - path = mkOption { - type = types.absolute-pathname; - default = config._module.args.name; - }; - - id = mkOption { - type = types.str; - default = config._module.args.name; - }; - - peers = mkOption { - type = types.listOf types.str; - default = []; - }; - - rescanInterval = mkOption { - type = types.int; - default = 3600; - }; - - type = mkOption { - type = types.enum [ "sendreceive" "sendonly" "receiveonly" ]; - default = "sendreceive"; - }; - - watch = mkOption { - type = types.bool; - default = true; - }; - - watchDelay = mkOption { - type = types.int; - default = 10; - }; - - ignoreDelete = mkOption { - type = types.bool; - default = false; - }; - - ignorePerms = mkOption { - type = types.bool; - default = true; - }; - - }; - })); - }; - }; - - config = mkIf kcfg.enable { - - systemd.services.syncthing = mkIf (kcfg.cert != null || kcfg.key != null) { - serviceConfig.PermissionsStartOnly = mkDefault true; - preStart = '' - ${optionalString (kcfg.cert != null) '' - cp ${toString kcfg.cert} ${scfg.configDir}/cert.pem - chown ${scfg.user}:${scfg.group} ${scfg.configDir}/cert.pem - chmod 400 ${scfg.configDir}/cert.pem - ''} - ${optionalString (kcfg.key != null) '' - cp ${toString kcfg.key} ${scfg.configDir}/key.pem - chown ${scfg.user}:${scfg.group} ${scfg.configDir}/key.pem - chmod 400 ${scfg.configDir}/key.pem - ''} - ''; - }; - - systemd.services.syncthing-init = { - after = [ "syncthing.service" ]; - wantedBy = [ "multi-user.target" ]; - - serviceConfig = { - User = scfg.user; - RemainAfterExit = true; - Type = "oneshot"; - ExecStart = updateConfig; - }; - }; - }; -} |