forked from M-Labs/it-infra
afws: move more code into module file, use new reload mechanism
This commit is contained in:
parent
0640cfad04
commit
5223d9fd89
@ -20,10 +20,20 @@ in
|
||||
User = "afws";
|
||||
Group = "afws";
|
||||
ExecStart = "${afws}/bin/afws_server";
|
||||
ExecReload = "${pkgs.coreutils}/bin/kill -USR1 $MAINPID";
|
||||
};
|
||||
path = [ pkgs.nix pkgs.git ];
|
||||
};
|
||||
|
||||
security.acme.certs."afws.m-labs.hk".postRun =
|
||||
''
|
||||
mkdir -p /var/lib/afws/cert
|
||||
cp cert.pem /var/lib/afws/cert
|
||||
cp key.pem /var/lib/afws/cert
|
||||
chown -R afws:afws /var/lib/afws/cert
|
||||
'';
|
||||
security.acme.certs."afws.m-labs.hk".reloadServices = [ "afws.service" ];
|
||||
|
||||
users.users.afws = {
|
||||
name = "afws";
|
||||
group = "afws";
|
||||
|
@ -529,26 +529,6 @@ in
|
||||
};
|
||||
};
|
||||
services.afws.enable = true;
|
||||
security.acme.certs."afws.m-labs.hk".postRun =
|
||||
''
|
||||
# ensure initial state
|
||||
mkdir -p /var/lib/afws/cert-new /var/lib/afws/cert-current
|
||||
ln -sf /var/lib/afws/cert-current /var/lib/afws/cert
|
||||
|
||||
# populate new directory
|
||||
cp cert.pem /var/lib/afws/cert-new
|
||||
cp key.pem /var/lib/afws/cert-new
|
||||
chown afws:afws /var/lib/afws/cert-new/*
|
||||
|
||||
# atomic replace
|
||||
ln -s /var/lib/afws/cert-new /var/lib/afws/tmp
|
||||
mv -T /var/lib/afws/tmp /var/lib/afws/cert
|
||||
rm -rf /var/lib/afws/cert-current
|
||||
cp -a /var/lib/afws/cert-new /var/lib/afws/cert-current
|
||||
ln -s /var/lib/afws/cert-current /var/lib/afws/tmp
|
||||
mv -T /var/lib/afws/tmp /var/lib/afws/cert
|
||||
rm -rf /var/lib/afws/cert-new
|
||||
'';
|
||||
|
||||
nix.extraOptions = ''
|
||||
secret-key-files = /etc/nixos/secret/nixbld.m-labs.hk-1
|
||||
|
Loading…
Reference in New Issue
Block a user