foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-02-07 12:19:07 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

hosts/plover: update miscellaneous parts of the services

Browse Source
This commit is contained in:
Gabriel Arazas 2023-10-17 18:32:23 +08:00
parent e3bb442154
commit e6c4a20b83
No known key found for this signature in database
GPG Key ID: ADE0C41DAB221FCC
5 changed files with 9 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
hosts/plover/modules/services/bind.nix
View File

@ -177,17 +177,19 @@ in
domainZone' = zoneFile domain; domainZone' = zoneFile domain;
fqdnZone' = zoneFile fqdn; fqdnZone' = zoneFile fqdn;
secretPath = path: config.sops.secrets."dns/${path}".path; secretPath = path: config.sops.secrets."dns/${path}".path;
rndc = lib.getExe' config.services.bind.package "rndc";
in in
lib.mkAfter '' lib.mkAfter ''
[ -f '${domainZone'}' ] || { # Install the domain zone.
{
install -Dm0600 '${domainZone}' '${domainZone'}' install -Dm0600 '${domainZone}' '${domainZone'}'
replace-secret '#mailboxSecurityKey#' '${secretPath "${domain}/mailbox-security-key"}' '${domainZone'}' replace-secret '#mailboxSecurityKey#' '${secretPath "${domain}/mailbox-security-key"}' '${domainZone'}'
replace-secret '#mailboxSecurityKeyRecord#' '${secretPath "${domain}/mailbox-security-key-record"}' '${domainZone'}' replace-secret '#mailboxSecurityKeyRecord#' '${secretPath "${domain}/mailbox-security-key-record"}' '${domainZone'}'
#${rndc} sync "${domain}" IN external
} }
[ -f '${fqdnZone'}' ] || { # Install the internal DNS zones.
install -Dm0600 '${fqdnZone}' '${fqdnZone'}' install -Dm0600 '${fqdnZone}' '${fqdnZone'}'
}
''; '';
serviceConfig = { serviceConfig = {

3
hosts/plover/modules/services/gitea.nix
View File

@ -151,8 +151,7 @@ in
lib.mkMerge [ lib.mkMerge [
(lib.mkBefore '' (lib.mkBefore ''
# Setting up the appropriate schema for PostgreSQL secure schema usage. # Setting up the appropriate schema for PostgreSQL secure schema usage.
${psql} -tAc "SELECT 1 FROM information_schema.schemata WHERE schema_name='${giteaDatabaseUser}';" \ ${psql} -tAc "CREATE SCHEMA IF NOT EXISTS AUTHORIZATION ${giteaDatabaseUser};"
grep -q 1 || ${psql} -tAc "CREATE SCHEMA IF NOT EXISTS AUTHORIZATION ${giteaDatabaseUser};"
'') '')
(lib.mkAfter '' (lib.mkAfter ''

3
hosts/plover/modules/services/grafana.nix
View File

@ -10,9 +10,6 @@ let
vouchDomain = "vouch.${config.networking.domain}"; vouchDomain = "vouch.${config.networking.domain}";
vouchSettings = config.services.vouch-proxy.instances."${vouchDomain}".settings; vouchSettings = config.services.vouch-proxy.instances."${vouchDomain}".settings;
certDir = file: "${config.security.acme.certs."${monitoringDomain}".directory}/${file}";
inherit (config.services.grafana) settings;
in in
{ {
services.grafana = { services.grafana = {

2
hosts/plover/modules/services/postgresql.nix
View File

@ -39,7 +39,7 @@ in
in in
{ {
# Still doing the secure schema usage pattern. # Still doing the secure schema usage pattern.
search_path = "\"$user\""; search_path = ''"$user"'';
ssl_cert_file = credsDir "cert.pem"; ssl_cert_file = credsDir "cert.pem";
ssl_key_file = credsDir "key.pem"; ssl_key_file = credsDir "key.pem";

1
hosts/plover/modules/services/vaultwarden.nix
View File

@ -162,6 +162,7 @@ in
services.nginx.upstreams."vaultwarden" = { services.nginx.upstreams."vaultwarden" = {
extraConfig = '' extraConfig = ''
zone services; zone services;
keepalive 2;
''; '';
servers = let servers = let
address = config.services.vaultwarden.config.ROCKET_ADDRESS; address = config.services.vaultwarden.config.ROCKET_ADDRESS;