afws: move more code into module file, use new reload mechanism
This commit is contained in:
parent
0640cfad04
commit
5223d9fd89
@ -20,10 +20,20 @@ in
|
|||||||
User = "afws";
|
User = "afws";
|
||||||
Group = "afws";
|
Group = "afws";
|
||||||
ExecStart = "${afws}/bin/afws_server";
|
ExecStart = "${afws}/bin/afws_server";
|
||||||
|
ExecReload = "${pkgs.coreutils}/bin/kill -USR1 $MAINPID";
|
||||||
};
|
};
|
||||||
path = [ pkgs.nix pkgs.git ];
|
path = [ pkgs.nix pkgs.git ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
security.acme.certs."afws.m-labs.hk".postRun =
|
||||||
|
''
|
||||||
|
mkdir -p /var/lib/afws/cert
|
||||||
|
cp cert.pem /var/lib/afws/cert
|
||||||
|
cp key.pem /var/lib/afws/cert
|
||||||
|
chown -R afws:afws /var/lib/afws/cert
|
||||||
|
'';
|
||||||
|
security.acme.certs."afws.m-labs.hk".reloadServices = [ "afws.service" ];
|
||||||
|
|
||||||
users.users.afws = {
|
users.users.afws = {
|
||||||
name = "afws";
|
name = "afws";
|
||||||
group = "afws";
|
group = "afws";
|
||||||
|
@ -529,26 +529,6 @@ in
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
services.afws.enable = true;
|
services.afws.enable = true;
|
||||||
security.acme.certs."afws.m-labs.hk".postRun =
|
|
||||||
''
|
|
||||||
# ensure initial state
|
|
||||||
mkdir -p /var/lib/afws/cert-new /var/lib/afws/cert-current
|
|
||||||
ln -sf /var/lib/afws/cert-current /var/lib/afws/cert
|
|
||||||
|
|
||||||
# populate new directory
|
|
||||||
cp cert.pem /var/lib/afws/cert-new
|
|
||||||
cp key.pem /var/lib/afws/cert-new
|
|
||||||
chown afws:afws /var/lib/afws/cert-new/*
|
|
||||||
|
|
||||||
# atomic replace
|
|
||||||
ln -s /var/lib/afws/cert-new /var/lib/afws/tmp
|
|
||||||
mv -T /var/lib/afws/tmp /var/lib/afws/cert
|
|
||||||
rm -rf /var/lib/afws/cert-current
|
|
||||||
cp -a /var/lib/afws/cert-new /var/lib/afws/cert-current
|
|
||||||
ln -s /var/lib/afws/cert-current /var/lib/afws/tmp
|
|
||||||
mv -T /var/lib/afws/tmp /var/lib/afws/cert
|
|
||||||
rm -rf /var/lib/afws/cert-new
|
|
||||||
'';
|
|
||||||
|
|
||||||
nix.extraOptions = ''
|
nix.extraOptions = ''
|
||||||
secret-key-files = /etc/nixos/secret/nixbld.m-labs.hk-1
|
secret-key-files = /etc/nixos/secret/nixbld.m-labs.hk-1
|
||||||
|
Loading…
Reference in New Issue
Block a user