nixos: services: lohr: migrate to tmpfiles

This is better than a custom script.
flake: bump inputs
2024-03-09 22:02:54 +01:00 · 2024-03-09 22:02:54 +01:00
3 changed files with 33 additions and 48 deletions
--- a/flake.lock
+++ b/flake.lock
@ -73,11 +73,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1706830856,
-        "narHash": "sha256-a0NYyp+h9hlb7ddVz4LUn1vT/PLwqfrWYcHMvFB1xYg=",
+        "lastModified": 1709336216,
+        "narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "b253292d9c0a5ead9bc98c4e9a26c6312e27d69f",
+        "rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2",
        "type": "github"
      },
      "original": {
@ -136,11 +136,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1709204054,
-        "narHash": "sha256-U1idK0JHs1XOfSI1APYuXi4AEADf+B+ZU4Wifc0pBHk=",
+        "lastModified": 1709988192,
+        "narHash": "sha256-qxwIkl85P0I1/EyTT+NJwzbXdOv86vgZxcv4UKicjK8=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "2f3367769a93b226c467551315e9e270c3f78b15",
+        "rev": "b0b0c3d94345050a7f86d1ebc6c56eea4389d030",
        "type": "github"
      },
      "original": {
@ -152,11 +152,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1709150264,
-        "narHash": "sha256-HofykKuisObPUfj0E9CJVfaMhawXkYx3G8UIFR/XQ38=",
+        "lastModified": 1709703039,
+        "narHash": "sha256-6hqgQ8OK6gsMu1VtcGKBxKQInRLHtzulDo9Z5jxHEFY=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "9099616b93301d5cf84274b184a3a5ec69e94e08",
+        "rev": "9df3e30ce24fd28c7b3e2de0d986769db5d6225d",
        "type": "github"
      },
      "original": {
@ -168,11 +168,11 @@
    },
    "nur": {
      "locked": {
-        "lastModified": 1709206595,
-        "narHash": "sha256-lBU/gE7DiJCNkJGPVUms0zA0hxzDVgENIXfebj1oeLc=",
+        "lastModified": 1710013455,
+        "narHash": "sha256-qzOpU4APTso6JLA+/F4zlO/yL8++n/CsUpmxbQAsy/4=",
        "owner": "nix-community",
        "repo": "NUR",
-        "rev": "fbe8df1c13fd8e63e35c2c4654104661eb1fbbed",
+        "rev": "cf1e9b0e085368cc489c765f285f1d07c2ec8d36",
        "type": "github"
      },
      "original": {
--- a/modules/nixos/services/lohr/default.nix
+++ b/modules/nixos/services/lohr/default.nix
@ -59,21 +59,6 @@ in
          "LOHR_HOME=${lohrHome}"
          "LOHR_CONFIG="
        ];
-        ExecStartPre = lib.mkIf (cfg.sshKeyFile != null) ''+${
-          pkgs.writeScript "copy-ssh-key" ''
-            #!${pkgs.bash}/bin/bash
-            # Ensure the key is not there
-            mkdir -p '${lohrHome}/.ssh'
-            rm -f '${lohrHome}/.ssh/id_ed25519'
-
-            # Move the key into place
-            cp ${cfg.sshKeyFile} '${lohrHome}/.ssh/id_ed25519'
-
-            # Fix permissions
-            chown -R lohr:lohr '${lohrHome}/.ssh'
-            chmod -R 0700 '${lohrHome}/.ssh'
-          ''
-        }'';
        ExecStart =
          let
            configFile = settingsFormat.generate "lohr-config.yaml" cfg.setting;
@ -103,5 +88,24 @@ in
        inherit (cfg) port;
      };
    };
+
+    # SSH key provisioning
+    systemd.tmpfiles.settings."10-lohr" = lib.mkIf (cfg.sshKeyFile != null) {
+      "${lohrHome}/.ssh" = {
+        d = {
+          user = "lohr";
+          group = "lohr";
+          mode = "0700";
+        };
+      };
+      "${lohrHome}/.ssh/id_ed25519" = {
+        "f+" = {
+          user = "lohr";
+          group = "lohr";
+          mode = "0700";
+          argument = cfg.sshKeyFile;
+        };
+      };
+    };
  };
 }
--- a/modules/nixos/services/vikunja/default.nix
+++ b/modules/nixos/services/vikunja/default.nix
@ -30,8 +30,6 @@ in
      frontendScheme = "https";
      frontendHostname = vikunjaDomain;

-      setupNginx = false;
-
      database = {
        type = "postgres";
        user = "vikunja";
@ -61,28 +59,11 @@ in
    # This is a weird setup
    my.services.nginx.virtualHosts = {
      ${subdomain} = {
-        # Serve the root for the web-ui
-        root = config.services.vikunja.package-frontend;
-
-        extraConfig = {
-          locations = {
-            "/" = {
-              tryFiles = "try_files $uri $uri/ /";
-            };
-
-            # Serve the API through a UNIX socket
-            "~* ^/(api|dav|\\.well-known)/" = {
-              proxyPass = "http://unix:${socketPath}";
-              extraConfig = ''
-                client_max_body_size 20M;
-              '';
-            };
-          };
-        };
+        socket = socketPath;
      };
    };

-    systemd.services.vikunja-api = {
+    systemd.services.vikunja = {
      serviceConfig = {
        # Use a system user to simplify using the CLI
        DynamicUser = lib.mkForce false;
Author	SHA1	Message	Date
Bruno BELANYI	e59c277cdd	nixos: services: lohr: migrate to tmpfiles All checks were successful ci/woodpecker/push/check Pipeline was successful Details This is better than a custom script.	2024-03-09 22:02:54 +01:00
Bruno BELANYI	09a675471e	flake: bump inputs And fix the breaking changes in Vikunja (which actually make my configuration simpler).	2024-03-09 22:02:54 +01:00