commit dcfa51c3786f11de0f5fab34814c090c84833faf · dunkirk.sh/core

+9 -6
flake.nix
···

       279
       279
        
                       description = "Internal address for inter-service communication";

     

       280
       280
        
                     };

     

       281
       281
        
       

     

       282
       282
       -
                     secret = mkOption {

     

       283
       283
       -
                       type = types.str;

     

       284
       284
       -
                       example = "super-secret-key";

     

       285
       285
       -
                       description = "Secret key provided by appview (required)";

     

       282
       282
       +
                     secretFile = mkOption {

     

       283
       283
       +
                       type = lib.types.path;

     

       284
       284
       +
                       example = "KNOT_SERVER_SECRET=<hash>";

     

       285
       285
       +
                       description = "File containing secret key provided by appview (required)";

     

       286
       286
        
                     };

     

       287
       287
        
       

     

       288
       288
        
                     dbPath = mkOption {

     
···

       359
       359
        
                       "APPVIEW_ENDPOINT=${config.services.tangled-knotserver.appviewEndpoint}"

     

       360
       360
        
                       "KNOT_SERVER_INTERNAL_LISTEN_ADDR=${config.services.tangled-knotserver.server.internalListenAddr}"

     

       361
       361
        
                       "KNOT_SERVER_LISTEN_ADDR=${config.services.tangled-knotserver.server.listenAddr}"

     

       362
       362
       -
                       "KNOT_SERVER_SECRET=${config.services.tangled-knotserver.server.secret}"

     

       363
       362
        
                       "KNOT_SERVER_HOSTNAME=${config.services.tangled-knotserver.server.hostname}"

     

       364
       363
        
                     ];

     

       364
       364
       +
                     EnvironmentFile = config.services.tangled-knotserver.server.secretFile;

     

       365
       365
        
                     ExecStart = "${self.packages.${pkgs.system}.knotserver}/bin/knotserver";

     

       366
       366
        
                     Restart = "always";

     

       367
       367
        
                   };

     
···

       384
       384
        
                 virtualisation.cores = 2;

     

       385
       385
        
                 services.getty.autologinUser = "root";

     

       386
       386
        
                 environment.systemPackages = with pkgs; [curl vim git];

     

       387
       387
       +
                 systemd.tmpfiles.rules = [

     

       388
       388
       +
                   "w /var/lib/knotserver/secret 0660 git git - KNOT_SERVER_SECRET=6995e040e80e2d593b5e5e9ca611a70140b9ef8044add0a28b48b1ee34aa3e85"

     

       389
       389
       +
                 ];

     

       387
       390
        
                 services.tangled-knotserver = {

     

       388
       391
        
                   enable = true;

     

       389
       392
        
                   server = {

     

       390
       390
       -
                     secret = "6995e040e80e2d593b5e5e9ca611a70140b9ef8044add0a28b48b1ee34aa3e85";

     

       393
       393
       +
                     secretFile = "/var/lib/knotserver/secret";

     

       391
       394
        
                     hostname = "localhost:6000";

     

       392
       395
        
                     listenAddr = "0.0.0.0:6000";

     

       393
       396
        
                   };