From 9d6c8cc6384a9574e1e30dd1b39e0e180367d288 Mon Sep 17 00:00:00 2001 From: Illia Chub Date: Tue, 23 Mar 2021 14:51:28 +0200 Subject: [PATCH 1/2] Added mountpoint definition for volumes --- nixos-infect | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/nixos-infect b/nixos-infect index 0e1d2c5..a8a353d 100755 --- a/nixos-infect +++ b/nixos-infect @@ -127,7 +127,10 @@ EOF { imports = [ ]; boot.loader.grub.device = "$grubdev"; - fileSystems."/" = { device = "$rootfsdev"; fsType = "ext4"; }; + fileSystems = { + "/" = { device = "$rootfsdev"; fsType = "ext4"; }; + "/var" = { device = "/dev/sdb"; fsType = "ext4" }; + }; } EOF From cfdee451dd1f84094378d1a93d5f6b8046e4de2f Mon Sep 17 00:00:00 2001 From: Illia Chub Date: Wed, 31 Mar 2021 10:47:21 +0300 Subject: [PATCH 2/2] Added certificate resolution redundancy. Implemented nginx config reload on resolve success --- nixos-infect | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/nixos-infect b/nixos-infect index a8a353d..f61e0e7 100755 --- a/nixos-infect +++ b/nixos-infect @@ -48,6 +48,7 @@ makeConf() { ./social/pleroma-module.nix ./social/pleroma.nix ./letsencrypt/acme.nix + ./letsencrypt/resolve.nix ./backup/restic.nix ./passmgr/bitwarden.nix ./webserver/nginx.nix @@ -254,6 +255,27 @@ EOF }; }; } +EOF + cat > /etc/nixos/letsencrypt/resolve.nix << EOF +{ pkgs, ... }: +{ + systemd = { + services = { + "acme-$DOMAIN" = { + serviceConfig = { + StartLimitBurst = 5; + StartLimitIntervalSec = 5; + Restart = "on-failure"; + }; + }; + "nginx-config-reload" = { + serviceConfig = { + After = [ "acme-$DOMAIN.service" ]; + }; + }; + }; + }; +} EOF cat > /etc/nixos/backup/restic.nix << EOF @@ -311,6 +333,7 @@ EOF { services.nginx = { enable = true; + enableReload = true; recommendedGzipSettings = true; recommendedOptimisation = true; recommendedProxySettings = true;