From 20e0a7e0b1006b78fc43b57678c790d6087e55f6 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 24 Dec 2021 00:48:23 +0100 Subject: tv charybdis: add group --- tv/3modules/charybdis/default.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'tv/3modules/charybdis/default.nix') diff --git a/tv/3modules/charybdis/default.nix b/tv/3modules/charybdis/default.nix index 9c5ce2731..1917ab75d 100644 --- a/tv/3modules/charybdis/default.nix +++ b/tv/3modules/charybdis/default.nix @@ -84,7 +84,10 @@ in { users.users.${cfg.user.name} = { inherit (cfg.user) home name uid; createHome = true; + group = cfg.user.name; isSystemUser = true; }; + + users.groups.${cfg.user.name} = {}; }; } -- cgit v1.2.3 From d4b12744d5dab07f3dc60182a86e32f775d3fe4b Mon Sep 17 00:00:00 2001 From: tv Date: Sat, 25 Dec 2021 11:41:15 +0100 Subject: tv charybdis: use LoadCredential --- tv/3modules/charybdis/default.nix | 43 ++++++++++++++------------------------- 1 file changed, 15 insertions(+), 28 deletions(-) (limited to 'tv/3modules/charybdis/default.nix') diff --git a/tv/3modules/charybdis/default.nix b/tv/3modules/charybdis/default.nix index 1917ab75d..96aae702a 100644 --- a/tv/3modules/charybdis/default.nix +++ b/tv/3modules/charybdis/default.nix @@ -15,22 +15,12 @@ in { type = types.path; }; ssl_dh_params = mkOption { - type = types.secret-file; - default = { - name = "charybdis-ssl_dh_params"; - path = "${cfg.user.home}/dh.pem"; - owner = cfg.user; - source-path = toString + "/charybdis.dh.pem"; - }; + type = types.absolute-pathname; + default = toString + "/charybdis.dh.pem"; }; ssl_private_key = mkOption { - type = types.secret-file; - default = { - name = "charybdis-ssl_private_key"; - path = "${cfg.user.home}/ssl.key.pem"; - owner = cfg.user; - source-path = toString + "/charybdis.key.pem"; - }; + type = types.absolute-pathname; + default = toString + "/charybdis.key.pem"; }; sslport = mkOption { type = types.int; @@ -46,22 +36,13 @@ in { }; config = lib.mkIf cfg.enable { - krebs.secret.files.charybdis-ssl_dh_params = cfg.ssl_dh_params; - krebs.secret.files.charybdis-ssl_private_key = cfg.ssl_private_key; - environment.etc."charybdis-ircd.motd".text = cfg.motd; + krebs.systemd.services.charybdis = {}; + systemd.services.charybdis = { wantedBy = [ "multi-user.target" ]; - after = [ - config.krebs.secret.files.charybdis-ssl_dh_params.service - config.krebs.secret.files.charybdis-ssl_private_key.service - "network-online.target" - ]; - partOf = [ - config.krebs.secret.files.charybdis-ssl_dh_params.service - config.krebs.secret.files.charybdis-ssl_private_key.service - ]; + after = [ "network-online.target" ]; environment = { BANDB_DBPATH = "${cfg.user.home}/ban.db"; }; @@ -70,14 +51,20 @@ in { User = cfg.user.name; PrivateTmp = true; Restart = "always"; - ExecStartPre = - "${pkgs.coreutils}/bin/ln -s /etc/charybdis-ircd.motd /tmp/ircd.motd"; + ExecStartPre = [ + "${pkgs.coreutils}/bin/ln -s /etc/charybdis-ircd.motd /tmp/ircd.motd" + "${pkgs.coreutils}/bin/ln -s \${CREDENTIALS_DIRECTORY} /tmp/credentials" + ]; ExecStart = toString [ "${pkgs.charybdis}/bin/charybdis" "-configfile ${import ./config.nix args}" "-foreground" "-logfile /dev/stderr" ]; + LoadCredential = [ + "ssl_dh_params:${cfg.ssl_dh_params}" + "ssl_private_key:${cfg.ssl_private_key}" + ]; }; }; -- cgit v1.2.3