hosts/plover: update miscellaneous parts of the services

2025-01-31 10:58:02 +00:00 · 2023-10-17 18:32:23 +08:00 · 2023-10-17 18:32:23 +08:00 · e6c4a20b83
commit e6c4a20b83
parent e3bb442154
5 changed files with 9 additions and 10 deletions
--- a/hosts/plover/modules/services/bind.nix
+++ b/hosts/plover/modules/services/bind.nix
@ -177,17 +177,19 @@ in
        domainZone' = zoneFile domain;
        fqdnZone' = zoneFile fqdn;
        secretPath = path: config.sops.secrets."dns/${path}".path;
+        rndc = lib.getExe' config.services.bind.package "rndc";
      in
      lib.mkAfter ''
-        [ -f '${domainZone'}' ] || {
+        # Install the domain zone.
+        {
          install -Dm0600 '${domainZone}' '${domainZone'}'
          replace-secret '#mailboxSecurityKey#' '${secretPath "${domain}/mailbox-security-key"}' '${domainZone'}'
          replace-secret '#mailboxSecurityKeyRecord#' '${secretPath "${domain}/mailbox-security-key-record"}' '${domainZone'}'
+          #${rndc} sync "${domain}" IN external
        }

-        [ -f '${fqdnZone'}' ] || {
-          install -Dm0600 '${fqdnZone}' '${fqdnZone'}'
-        }
+        # Install the internal DNS zones.
+        install -Dm0600 '${fqdnZone}' '${fqdnZone'}'
      '';

    serviceConfig = {
--- a/hosts/plover/modules/services/gitea.nix
+++ b/hosts/plover/modules/services/gitea.nix
@ -151,8 +151,7 @@ in
      lib.mkMerge [
        (lib.mkBefore ''
          # Setting up the appropriate schema for PostgreSQL secure schema usage.
-          ${psql} -tAc "SELECT 1 FROM information_schema.schemata WHERE schema_name='${giteaDatabaseUser}';" \
-            grep -q 1 || ${psql} -tAc "CREATE SCHEMA IF NOT EXISTS AUTHORIZATION ${giteaDatabaseUser};"
+          ${psql} -tAc "CREATE SCHEMA IF NOT EXISTS AUTHORIZATION ${giteaDatabaseUser};"
        '')

        (lib.mkAfter ''
--- a/hosts/plover/modules/services/grafana.nix
+++ b/hosts/plover/modules/services/grafana.nix
@ -10,9 +10,6 @@ let

  vouchDomain = "vouch.${config.networking.domain}";
  vouchSettings = config.services.vouch-proxy.instances."${vouchDomain}".settings;
-
-  certDir = file: "${config.security.acme.certs."${monitoringDomain}".directory}/${file}";
-  inherit (config.services.grafana) settings;
 in
 {
  services.grafana = {
--- a/hosts/plover/modules/services/postgresql.nix
+++ b/hosts/plover/modules/services/postgresql.nix
@ -39,7 +39,7 @@ in
      in
      {
        # Still doing the secure schema usage pattern.
-        search_path = "\"$user\"";
+        search_path = ''"$user"'';

        ssl_cert_file = credsDir "cert.pem";
        ssl_key_file = credsDir "key.pem";
--- a/hosts/plover/modules/services/vaultwarden.nix
+++ b/hosts/plover/modules/services/vaultwarden.nix
@ -162,6 +162,7 @@ in
  services.nginx.upstreams."vaultwarden" = {
    extraConfig = ''
      zone services;
+      keepalive 2;
    '';
    servers = let
      address = config.services.vaultwarden.config.ROCKET_ADDRESS;