From 5223d9fd891114663aa256311d208232adab6533 Mon Sep 17 00:00:00 2001 From: Sebastien Bourdeauducq Date: Sat, 8 Apr 2023 17:49:03 +0800 Subject: [PATCH] afws: move more code into module file, use new reload mechanism --- nixbld-etc-nixos/afws-module.nix | 10 ++++++++++ nixbld-etc-nixos/configuration.nix | 20 -------------------- 2 files changed, 10 insertions(+), 20 deletions(-) diff --git a/nixbld-etc-nixos/afws-module.nix b/nixbld-etc-nixos/afws-module.nix index 98260513..1410b5a8 100644 --- a/nixbld-etc-nixos/afws-module.nix +++ b/nixbld-etc-nixos/afws-module.nix @@ -20,10 +20,20 @@ in User = "afws"; Group = "afws"; ExecStart = "${afws}/bin/afws_server"; + ExecReload = "${pkgs.coreutils}/bin/kill -USR1 $MAINPID"; }; path = [ pkgs.nix pkgs.git ]; }; + security.acme.certs."afws.m-labs.hk".postRun = + '' + mkdir -p /var/lib/afws/cert + cp cert.pem /var/lib/afws/cert + cp key.pem /var/lib/afws/cert + chown -R afws:afws /var/lib/afws/cert + ''; + security.acme.certs."afws.m-labs.hk".reloadServices = [ "afws.service" ]; + users.users.afws = { name = "afws"; group = "afws"; diff --git a/nixbld-etc-nixos/configuration.nix b/nixbld-etc-nixos/configuration.nix index 2363d428..2fada3bb 100644 --- a/nixbld-etc-nixos/configuration.nix +++ b/nixbld-etc-nixos/configuration.nix @@ -529,26 +529,6 @@ in }; }; services.afws.enable = true; - security.acme.certs."afws.m-labs.hk".postRun = - '' - # ensure initial state - mkdir -p /var/lib/afws/cert-new /var/lib/afws/cert-current - ln -sf /var/lib/afws/cert-current /var/lib/afws/cert - - # populate new directory - cp cert.pem /var/lib/afws/cert-new - cp key.pem /var/lib/afws/cert-new - chown afws:afws /var/lib/afws/cert-new/* - - # atomic replace - ln -s /var/lib/afws/cert-new /var/lib/afws/tmp - mv -T /var/lib/afws/tmp /var/lib/afws/cert - rm -rf /var/lib/afws/cert-current - cp -a /var/lib/afws/cert-new /var/lib/afws/cert-current - ln -s /var/lib/afws/cert-current /var/lib/afws/tmp - mv -T /var/lib/afws/tmp /var/lib/afws/cert - rm -rf /var/lib/afws/cert-new - ''; nix.extraOptions = '' secret-key-files = /etc/nixos/secret/nixbld.m-labs.hk-1