ambroisie/nix-config
ambroisie/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

nixos: services: lohr: migrate to tmpfiles

Browse source 
This is better than a custom script.
This commit is contained in:
Bruno BELANYI 2024-03-09 22:00:17 +01:00
parent 5d3160fb0d
commit 6140e1c8f9
1 changed files with 19 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
modules/nixos/services/lohr/default.nix
View file

@ -59,21 +59,6 @@ in
"LOHR_HOME=${lohrHome}" "LOHR_HOME=${lohrHome}"
"LOHR_CONFIG=" "LOHR_CONFIG="
]; ];
ExecStartPre = lib.mkIf (cfg.sshKeyFile != null) ''+${
pkgs.writeScript "copy-ssh-key" ''
#!${pkgs.bash}/bin/bash
# Ensure the key is not there
mkdir -p '${lohrHome}/.ssh'
rm -f '${lohrHome}/.ssh/id_ed25519'
# Move the key into place
cp ${cfg.sshKeyFile} '${lohrHome}/.ssh/id_ed25519'
# Fix permissions
chown -R lohr:lohr '${lohrHome}/.ssh'
chmod -R 0700 '${lohrHome}/.ssh'
''
}'';
ExecStart = ExecStart =
let let
configFile = settingsFormat.generate "lohr-config.yaml" cfg.setting; configFile = settingsFormat.generate "lohr-config.yaml" cfg.setting;
@ -103,5 +88,24 @@ in
inherit (cfg) port; inherit (cfg) port;
}; };
}; };
# SSH key provisioning
systemd.tmpfiles.settings."10-lohr" = lib.mkIf (cfg.sshKeyFile != null) {
"${lohrHome}/.ssh" = {
d = {
user = "lohr";
group = "lohr";
mode = "0700";
};
};
"${lohrHome}/.ssh/id_ed25519" = {
"f+" = {
user = "lohr";
group = "lohr";
mode = "0700";
argument = cfg.sshKeyFile;
};
};
};
}; };
} }