diff options
| author | tv <tv@krebsco.de> | 2016-07-07 23:05:06 +0200 |
|---|---|---|
| committer | tv <tv@krebsco.de> | 2016-07-07 23:05:06 +0200 |
| commit | f7d966043d04d73df719cbe6c13e4c1aa16bb7f7 (patch) | |
| tree | 2bf4f994e8bcb15fe2ce16a1fe2d8f742234ab63 | |
| parent | f18ababed59c21615d6659881a01597e18e706d3 (diff) | |
| parent | 6eab08eef60d634324056b58c98a1b2a4fa1ed1f (diff) | |
Merge remote-tracking branch 'prism/master'
| -rw-r--r-- | krebs/3modules/buildbot/master.nix | 11 | ||||
| -rw-r--r-- | lass/1systems/helios.nix | 3 | ||||
| -rw-r--r-- | lass/2configs/nixpkgs.nix | 2 | ||||
| -rw-r--r-- | lass/2configs/websites/domsen.nix | 24 | ||||
| -rw-r--r-- | lass/2configs/websites/fritz.nix | 21 | ||||
| -rw-r--r-- | lass/3modules/ejabberd/config.nix | 4 | ||||
| -rw-r--r-- | lass/3modules/ejabberd/default.nix | 18 |
7 files changed, 46 insertions, 37 deletions
diff --git a/krebs/3modules/buildbot/master.nix b/krebs/3modules/buildbot/master.nix index f23981f44..bd17c3765 100644 --- a/krebs/3modules/buildbot/master.nix +++ b/krebs/3modules/buildbot/master.nix @@ -3,13 +3,14 @@ with config.krebs.lib; let - nixpkgs-1509 = import (pkgs.fetchFromGitHub { - owner = "NixOS"; repo = "nixpkgs-channels"; - rev = "91371c2bb6e20fc0df7a812332d99c38b21a2bda"; - sha256 = "1as1i0j9d2n3iap9b471y4x01561r2s3vmjc5281qinirlr4al73"; + # https://github.com/NixOS/nixpkgs/issues/14026 + nixpkgs-fix = import (pkgs.fetchgit { + url = https://github.com/nixos/nixpkgs; + rev = "e026b5c243ea39810826e68362718f5d703fb5d0"; + sha256 = "87e0724910a6df0371f883f99a8cf42e366fb4119f676f6f74ffb404beca2632"; }) {}; - buildbot = nixpkgs-1509.buildbot; + buildbot = nixpkgs-fix.buildbot; buildbot-master-config = pkgs.writeText "buildbot-master.cfg" '' # -*- python -*- from buildbot.plugins import * diff --git a/lass/1systems/helios.nix b/lass/1systems/helios.nix index 10b00de47..51d2afe84 100644 --- a/lass/1systems/helios.nix +++ b/lass/1systems/helios.nix @@ -26,6 +26,9 @@ with builtins; enable = true; }; } + { + lass.power-action.battery = "BAT1"; + } ]; krebs.build.host = config.krebs.hosts.helios; diff --git a/lass/2configs/nixpkgs.nix b/lass/2configs/nixpkgs.nix index 0021a8615..0f940a369 100644 --- a/lass/2configs/nixpkgs.nix +++ b/lass/2configs/nixpkgs.nix @@ -3,6 +3,6 @@ { krebs.build.source.nixpkgs = { url = https://github.com/lassulus/nixpkgs; - rev = "c78f9ad2f91019648bdcf5a911f86ea3a397d290"; + rev = "446d4c1fc10f53cf97abea1996d067ad93de2ded"; }; } diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 3c33c0702..8a2161e45 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -113,18 +113,18 @@ in { createHome = true; }; - services.phpfpm.phpOptions = '' - extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so - sendmail_path = ${sendmail} -t - ''; - #services.phpfpm.phpIni = pkgs.runCommand "php.ini" { - # options = '' - # extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so - # sendmail_path = "${sendmail} -t -i" - # ''; - #} '' - # cat ${pkgs.php}/etc/php-recommended.ini > $out - # echo "$options" >> $out + #services.phpfpm.phpOptions = '' + # extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so + # sendmail_path = ${sendmail} -t #''; + services.phpfpm.phpIni = pkgs.runCommand "php.ini" { + options = '' + extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so + sendmail_path = "${sendmail} -t -i" + ''; + } '' + cat ${pkgs.php}/etc/php-recommended.ini > $out + echo "$options" >> $out + ''; } diff --git a/lass/2configs/websites/fritz.nix b/lass/2configs/websites/fritz.nix index 0107da739..39f0cce06 100644 --- a/lass/2configs/websites/fritz.nix +++ b/lass/2configs/websites/fritz.nix @@ -74,18 +74,13 @@ in { config.krebs.users.fritz.pubkey ]; - services.phpfpm.phpOptions = '' - extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so - sendmail_path = ${sendmail} -t + services.phpfpm.phpIni = pkgs.runCommand "php.ini" { + options = '' + extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so + sendmail_path = "${sendmail} -t -i" + ''; + } '' + cat ${pkgs.php}/etc/php-recommended.ini > $out + echo "$options" >> $out ''; - - #services.phpfpm.phpIni = pkgs.runCommand "php.ini" { - # options = '' - # extension=${pkgs.phpPackages.apcu}/lib/php/extensions/apcu.so - # sendmail_path = "${sendmail} -t -i" - # ''; - #} '' - # cat ${pkgs.php}/etc/php-recommended.ini > $out - # echo "$options" >> $out - #''; } diff --git a/lass/3modules/ejabberd/config.nix b/lass/3modules/ejabberd/config.nix index 9a4882644..83ca5dc2a 100644 --- a/lass/3modules/ejabberd/config.nix +++ b/lass/3modules/ejabberd/config.nix @@ -10,7 +10,7 @@ in toFile "ejabberd.conf" '' [ {5222, ejabberd_c2s, [ starttls, - {certfile, ${toErlang cfg.certfile}}, + {certfile, ${toErlang cfg.certfile.path}}, {access, c2s}, {shaper, c2s_shaper}, {max_stanza_size, 65536} @@ -27,7 +27,7 @@ in toFile "ejabberd.conf" '' ]} ]}. {s2s_use_starttls, required}. - {s2s_certfile, ${toErlang cfg.s2s_certfile}}. + {s2s_certfile, ${toErlang cfg.s2s_certfile.path}}. {auth_method, internal}. {shaper, normal, {maxrate, 1000}}. {shaper, fast, {maxrate, 50000}}. diff --git a/lass/3modules/ejabberd/default.nix b/lass/3modules/ejabberd/default.nix index c68f32ef0..18c7cd656 100644 --- a/lass/3modules/ejabberd/default.nix +++ b/lass/3modules/ejabberd/default.nix @@ -4,7 +4,12 @@ in { options.lass.ejabberd = { enable = mkEnableOption "lass.ejabberd"; certfile = mkOption { - type = types.str; + type = types.secret-file; + default = { + path = "${cfg.user.home}/ejabberd.pem"; + owner = cfg.user; + source-path = "/var/lib/acme/lassul.us/full.pem"; + }; }; hosts = mkOption { type = with types; listOf str; @@ -17,12 +22,11 @@ in { export EJABBERD_CONFIG_PATH=${shell.escape (import ./config.nix args)} exec ${pkgs.ejabberd}/bin/ejabberdctl \ --logs ${shell.escape cfg.user.home} \ - --spool ${shell.escape cfg.user.home} \ "$@" ''; }; s2s_certfile = mkOption { - type = types.str; + type = types.secret-file; default = cfg.certfile; }; user = mkOption { @@ -36,9 +40,15 @@ in { config = lib.mkIf cfg.enable { environment.systemPackages = [ cfg.pkgs.ejabberdctl ]; + krebs.secret.files = { + ejabberd-certfile = cfg.certfile; + ejabberd-s2s_certfile = cfg.s2s_certfile; + }; + systemd.services.ejabberd = { wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; + requires = [ "secret.service" ]; + after = [ "network.target" "secret.service" ]; serviceConfig = { Type = "oneshot"; RemainAfterExit = "yes"; |