{
myids = ./myids.nix;
secrets = ./secrets.nix;
+ filesWatcher = ./filesWatcher.nix;
webstats = ./webapps/webstats;
diaspora = ./webapps/diaspora.nix;
--- /dev/null
+{ lib, config, pkgs, ... }:
+with lib;
+let
+ cfg = config.services.filesWatcher;
+in
+{
+ options = {
+ services.filesWatcher = with types; mkOption {
+ default = {};
+ description = ''
+ Files to watch and trigger service reload or restart of service
+ when changed.
+ '';
+ type = attrsOf (submodule {
+ options = {
+ restart = mkEnableOption "Restart service rather than reloading it";
+ paths = mkOption {
+ type = listOf str;
+ description = ''
+ Paths to watch that should trigger a reload of the
+ service
+ '';
+ };
+ waitTime = mkOption {
+ type = int;
+ default = 5;
+ description = ''
+ Time to wait before reloading/restarting the service.
+ Set 0 to not wait.
+ '';
+ };
+ };
+ });
+ };
+ };
+
+ config.systemd.services = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair
+ "${name}Watcher" {
+ description = "${name} reloader";
+ after = [ "network.target" ];
+ script = let
+ action = if icfg.restart then "restart" else "reload";
+ in ''
+ # Service may be stopped during file modification (e.g. activationScripts)
+ if ${pkgs.systemd}/bin/systemctl --quiet is-active ${name}.service; then
+ ${pkgs.coreutils}/bin/sleep ${toString icfg.waitTime}
+ ${pkgs.systemd}/bin/systemctl ${action} ${name}.service
+ fi
+ '';
+ serviceConfig = {
+ Type = "oneshot";
+ };
+ }
+ ) cfg;
+ config.systemd.paths = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair
+ "${name}Watcher" {
+ wantedBy = [ "multi-user.target" ];
+ pathConfig.PathChanged = icfg.paths;
+ }
+ ) cfg;
+}
if [ -f /run/keys/secrets.tar ]; then
if [ ! -f ${location}/currentSecrets ] || ! sha512sum -c --status "${location}/currentSecrets"; then
echo "rebuilding secrets"
- rm -rf ${location}
- install -m0750 -o root -g keys -d ${location}
- ${pkgs.gnutar}/bin/tar --strip-components 1 -C ${location} -xf /run/keys/secrets.tar
- sha512sum /run/keys/secrets.tar > ${location}/currentSecrets
- find ${location} -type d -exec chown root:keys {} \; -exec chmod o-rx {} \;
+ TMP=$(${pkgs.coreutils}/bin/mktemp -d)
+ if [ -n "$TMP" ]; then
+ install -m0750 -o root -g keys -d $TMP
+ ${pkgs.gnutar}/bin/tar --strip-components 1 -C $TMP -xf /run/keys/secrets.tar
+ sha512sum /run/keys/secrets.tar > $TMP/currentSecrets
+ find $TMP -type d -exec chown root:keys {} \; -exec chmod o-rx {} \;
+ ${pkgs.rsync}/bin/rsync -O -c -av --delete $TMP/ ${location}
+ rm -rf $TMP
+ fi
fi
fi
'';
};
});
};
+ watchPaths = mkOption {
+ type = listOf string;
+ default = [];
+ description = ''
+ Paths to watch that should trigger a reload of httpd
+ '';
+ };
};
});
};
})
) cfg;
+ config.services.filesWatcher = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair
+ "httpd${icfg.httpdName}" {
+ paths = icfg.watchPaths;
+ waitTime = 5;
+ }
+ ) cfg;
+
config.security.acme.certs = let
typesToManage = attrsets.filterAttrs (k: v: v.enable) cfg;
flatVhosts = lists.flatten (attrsets.mapAttrsToList (k: v:
projects / perso / Immae / Config / Nix / NUR.git / commitdiff
