c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity

c3d2-web: fix telme10 startup

This commit is contained in:
Sandro - 2023-06-23 18:13:03 +02:00
parent 424242fe84
commit 11111118af
Signed by: sandro
GPG Key ID: 3AF5A43A3EECC2E5
1 changed files with 38 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
hosts/c3d2-web/default.nix
View File

@ -130,42 +130,46 @@ in
language = "de";
};
systemd.services = {
# lets agate access the tls certs
agate = {
requires = [ "agate-keys.service" ];
after = [ "agate-keys.service" ];
serviceConfig = {
Group = "keys";
systemd = {
packages = with pkgs; [ telme10 ];
services = {
# lets agate access the tls certs
agate = {
requires = [ "agate-keys.service" ];
after = [ "agate-keys.service" ];
serviceConfig = {
Group = "keys";
};
};
agate-keys = {
path = with pkgs; [ openssl ];
script =
let
stateDir = "/var/lib/agate/certificates";
in
''
mkdir -p ${stateDir}
openssl x509 \
-in /var/lib/acme/www.c3d2.de/cert.pem \
-out ${stateDir}/cert.der \
-outform DER
openssl rsa \
-in /var/lib/acme/www.c3d2.de/key.pem \
-out ${stateDir}/key.der \
-outform DER
chown root:keys ${stateDir}/*
chmod 0640 ${stateDir}/*
'';
serviceConfig = {
Type = "oneshot";
};
};
telme10 = {
serviceConfig.AmbientCapabilities = "CAP_NET_BIND_SERVICE";
};
};
agate-keys = {
path = with pkgs; [ openssl ];
script =
let
stateDir = "/var/lib/agate/certificates";
in
''
mkdir -p ${stateDir}
openssl x509 \
-in /var/lib/acme/www.c3d2.de/cert.pem \
-out ${stateDir}/cert.der \
-outform DER
openssl rsa \
-in /var/lib/acme/www.c3d2.de/key.pem \
-out ${stateDir}/key.der \
-outform DER
chown root:keys ${stateDir}/*
chmod 0640 ${stateDir}/*
'';
serviceConfig = {
Type = "oneshot";
};
};
telm10 = {
path = with pkgs; [ telme10 ];
serviceConfig.AmbientCapabilities = "CAP_NET_BIND_SERVICE";
};
sockets.telme10.wantedBy = [ "sockets.target" ];
};
users = {