1
0
Fork 0

afws: move more code into module file, use new reload mechanism

This commit is contained in:
Sebastien Bourdeauducq 2023-04-08 17:49:03 +08:00
parent 0640cfad04
commit 5223d9fd89
2 changed files with 10 additions and 20 deletions

View File

@ -20,10 +20,20 @@ in
User = "afws";
Group = "afws";
ExecStart = "${afws}/bin/afws_server";
ExecReload = "${pkgs.coreutils}/bin/kill -USR1 $MAINPID";
};
path = [ pkgs.nix pkgs.git ];
};
security.acme.certs."afws.m-labs.hk".postRun =
''
mkdir -p /var/lib/afws/cert
cp cert.pem /var/lib/afws/cert
cp key.pem /var/lib/afws/cert
chown -R afws:afws /var/lib/afws/cert
'';
security.acme.certs."afws.m-labs.hk".reloadServices = [ "afws.service" ];
users.users.afws = {
name = "afws";
group = "afws";

View File

@ -529,26 +529,6 @@ in
};
};
services.afws.enable = true;
security.acme.certs."afws.m-labs.hk".postRun =
''
# ensure initial state
mkdir -p /var/lib/afws/cert-new /var/lib/afws/cert-current
ln -sf /var/lib/afws/cert-current /var/lib/afws/cert
# populate new directory
cp cert.pem /var/lib/afws/cert-new
cp key.pem /var/lib/afws/cert-new
chown afws:afws /var/lib/afws/cert-new/*
# atomic replace
ln -s /var/lib/afws/cert-new /var/lib/afws/tmp
mv -T /var/lib/afws/tmp /var/lib/afws/cert
rm -rf /var/lib/afws/cert-current
cp -a /var/lib/afws/cert-new /var/lib/afws/cert-current
ln -s /var/lib/afws/cert-current /var/lib/afws/tmp
mv -T /var/lib/afws/tmp /var/lib/afws/cert
rm -rf /var/lib/afws/cert-new
'';
nix.extraOptions = ''
secret-key-files = /etc/nixos/secret/nixbld.m-labs.hk-1