Compare commits
10 Commits
inex/test-
...
flakes
Author | SHA1 | Date |
---|---|---|
Alexander | 94d016e5f5 | |
Inex Code | 132b6724cd | |
Inex Code | 86182f0799 | |
Inex Code | ce3231774e | |
Inex Code | f8223192e5 | |
Alexander | 4c183d5b40 | |
Inex Code | 5e005dc436 | |
Inex Code | 6619760f47 | |
Inex Code | 3b4466b49d | |
Inex Code | 5d9c385d08 |
|
@ -1,4 +1,20 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
let
|
||||||
|
redis-sp-api-srv-name = "sp-api";
|
||||||
|
sp-print-api-token = pkgs.writeShellApplication {
|
||||||
|
name = "sp-print-api-token";
|
||||||
|
runtimeInputs = with pkgs; [ redis ];
|
||||||
|
text = ''
|
||||||
|
hash_token="$(redis-cli -s /run/redis-${redis-sp-api-srv-name}/redis.sock keys "token_repo:tokens:*" | head -n 1)"
|
||||||
|
hash_token="''${hash_token#"token_repo:tokens:"}"
|
||||||
|
|
||||||
|
token="$(redis-cli -s /run/redis-${redis-sp-api-srv-name}/redis.sock HGETALL "token_repo:tokens:$hash_token")"
|
||||||
|
token="$(echo "$token" | sed -n '2p')"
|
||||||
|
|
||||||
|
echo "$token"
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
in
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./selfprivacy-module.nix
|
./selfprivacy-module.nix
|
||||||
|
@ -15,7 +31,7 @@
|
||||||
|
|
||||||
services.selfprivacy-api.enable = true;
|
services.selfprivacy-api.enable = true;
|
||||||
|
|
||||||
services.redis.servers.sp-api = {
|
services.redis.servers.${redis-sp-api-srv-name} = {
|
||||||
enable = true;
|
enable = true;
|
||||||
save = [
|
save = [
|
||||||
[
|
[
|
||||||
|
@ -68,6 +84,7 @@
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
git
|
git
|
||||||
jq
|
jq
|
||||||
|
sp-print-api-token
|
||||||
];
|
];
|
||||||
# consider environment.defaultPackages = lib.mkForce [];
|
# consider environment.defaultPackages = lib.mkForce [];
|
||||||
documentation.enable = false; # no {man,info}-pages & docs, etc to save space
|
documentation.enable = false; # no {man,info}-pages & docs, etc to save space
|
||||||
|
|
16
flake.lock
16
flake.lock
|
@ -2,11 +2,11 @@
|
||||||
"nodes": {
|
"nodes": {
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1708566995,
|
"lastModified": 1716361217,
|
||||||
"narHash": "sha256-e/THimsoxxMAHSbwMKov5f5Yg+utTj6XVGEo24Lhx+0=",
|
"narHash": "sha256-mzZDr00WUiUXVm1ujBVv6A0qRd8okaITyUp4ezYRgc4=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "3cb4ae6689d2aa3f363516234572613b31212b78",
|
"rev": "46397778ef1f73414b03ed553a3368f0e7e33c2f",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -28,11 +28,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1708708748,
|
"lastModified": 1716580438,
|
||||||
"narHash": "sha256-51snbOSHPuqyz0ht7iG+XswqZhDEwdCki12szCsbt78=",
|
"narHash": "sha256-wWKhCiRmjrFgnHUgcxBb2mtBy9uTrY93yxpMYh/wpVY=",
|
||||||
"ref": "refs/heads/master",
|
"ref": "master",
|
||||||
"rev": "3965203d2884653c9f1bd45d531789b9c712e403",
|
"rev": "4f1d44ce74432e745f0be3b192f8cc4ae06fd169",
|
||||||
"revCount": 1184,
|
"revCount": 1304,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api.git"
|
"url": "https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api.git"
|
||||||
},
|
},
|
||||||
|
|
|
@ -9,12 +9,17 @@ let
|
||||||
CLOUDFLARE_ZONE_API_TOKEN=$TOKEN
|
CLOUDFLARE_ZONE_API_TOKEN=$TOKEN
|
||||||
CLOUDFLARE_POLLING_INTERVAL=30
|
CLOUDFLARE_POLLING_INTERVAL=30
|
||||||
'';
|
'';
|
||||||
DESEC = "DESEC_TOKEN=$TOKEN";
|
DESEC = ''
|
||||||
|
DESEC_TOKEN=$TOKEN
|
||||||
|
DESEC_POLLING_INTERVAL=30
|
||||||
|
DESEC_PROPAGATION_TIMEOUT=180
|
||||||
|
DESEC_TTL=3600
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
dnsCredentialsTemplate = dnsCredentialsTemplates.${cfg.dns.provider};
|
dnsCredentialsTemplate = dnsCredentialsTemplates.${cfg.dns.provider};
|
||||||
acme-env-filepath = "/var/lib/selfprivacy/acme-env";
|
acme-env-filepath = "/var/lib/selfprivacy/acme-env";
|
||||||
secrets-filepath = "/etc/selfprivacy/secrets.json";
|
secrets-filepath = "/etc/selfprivacy/secrets.json";
|
||||||
dnsPropagationCheckExceptions = [ "DIGITALOCEAN" ];
|
dnsPropagationCheckExceptions = [ "DIGITALOCEAN" "DESEC" ];
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
users.groups.acmereceivers.members = [ "nginx" ];
|
users.groups.acmereceivers.members = [ "nginx" ];
|
||||||
|
|
Loading…
Reference in New Issue