Update hera to 21.11
This commit is contained in:
parent
320dd89e65
commit
619680156a
|
@ -46,7 +46,10 @@ let
|
|||
dbuser = "nextcloud";
|
||||
dbhost = "localhost";
|
||||
defaultPhoneRegion = "DE";
|
||||
} // adminCreds;
|
||||
adminuser = "maralorn";
|
||||
dbpassFile = builtins.toFile "nextcloud-dbpass" adminCreds.dbpass;
|
||||
adminpassFile = builtins.toFile "nextcloud-adminpass" adminCreds.adminpass;
|
||||
};
|
||||
autoUpdateApps = {
|
||||
enable = true;
|
||||
startAt = "20:30";
|
||||
|
|
|
@ -103,11 +103,9 @@ in
|
|||
group = "nginx";
|
||||
user = "maralorn";
|
||||
openDefaultPorts = true;
|
||||
declarative = syncthing.declarativeWith [ "apollo" "zeus" ] "/media" // {
|
||||
cert = pkgs.privatePath "syncthing/hera/cert.pem";
|
||||
key = pkgs.privatePath "syncthing/hera/key.pem";
|
||||
};
|
||||
};
|
||||
cert = pkgs.privatePath "syncthing/hera/cert.pem";
|
||||
key = pkgs.privatePath "syncthing/hera/key.pem";
|
||||
} // syncthing.declarativeWith [ "apollo" "zeus" ] "/media";
|
||||
};
|
||||
boot.kernel.sysctl = { "fs.inotify.max_user_watches" = 204800; };
|
||||
systemd.tmpfiles.rules = [ "Z /media 0770 maralorn nginx - -" ];
|
||||
|
|
|
@ -13,7 +13,13 @@ let
|
|||
in
|
||||
{
|
||||
environment.systemPackages = [ goatcounter-bin ];
|
||||
users.users.goatcounter.isSystemUser = true;
|
||||
users = {
|
||||
users.goatcounter = {
|
||||
isSystemUser = true;
|
||||
group = "goatcounter";
|
||||
};
|
||||
groups.goatcounter = { };
|
||||
};
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
ensureUsers = [{
|
||||
|
|
|
@ -5,7 +5,6 @@ let
|
|||
in
|
||||
{
|
||||
imports = [
|
||||
./signald-module.nix
|
||||
./mautrix-signal-module.nix
|
||||
];
|
||||
|
||||
|
|
|
@ -1,73 +0,0 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.signald;
|
||||
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.signald = {
|
||||
enable = mkEnableOption "Signald, an unofficial daemon for interacting with Signal";
|
||||
|
||||
socketFile = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
example = "/var/run/signald/signald.sock";
|
||||
description = ''
|
||||
When started, signald will create a unix socket at this location. To
|
||||
interact with it, connect to that socket and send new line (\n)
|
||||
terminated JSON strings.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
users.users."signald" = { isSystemUser = true; group = "signald"; };
|
||||
users.groups."signald" = { };
|
||||
systemd.tmpfiles.rules = [ "Z /var/lib/signald 0770 signald signald - -" ];
|
||||
|
||||
systemd.services.signald = {
|
||||
description = "A daemon for interacting with the Signal Private Messenger";
|
||||
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
wants = [ "network-online.target" ];
|
||||
after = [ "network-online.target" ];
|
||||
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
WatchdogSignal = "SIGTERM";
|
||||
WatchdogSec = "60m";
|
||||
Restart = "always";
|
||||
|
||||
PermissionsStartOnly = true;
|
||||
RuntimeDirectory = "signald";
|
||||
|
||||
ProtectSystem = "full";
|
||||
ProtectKernelTunables = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectControlGroups = true;
|
||||
|
||||
DynamicUser = false;
|
||||
Group = "signald";
|
||||
User = "signald";
|
||||
StateDirectory = "signald";
|
||||
UMask = 0007;
|
||||
|
||||
|
||||
ExecStart = ''
|
||||
${pkgs.signald}/bin/signald \
|
||||
${optionalString (cfg.socketFile != null) "--socket ${cfg.socketFile}"} \
|
||||
--data=''${STATE_DIRECTORY} \
|
||||
--database=jdbc:sqlite:''${STATE_DIRECTORY}/signald.db
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
meta.maintainers = with maintainers; [ expipiplus1 ];
|
||||
}
|
||||
|
Loading…
Reference in a new issue