mdebray/tvl-depot
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor(tazjin): Additional restricted-eval cleanup

Browse source 
Change-Id: I4baa94f65a16248023b5fb0e2dd305d6984566c8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5690
Reviewed-by: tazjin <tazjin@tvl.su>
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
This commit is contained in:
Vincent Ambo 2022-05-26 16:39:56 +02:00 committed by clbot
parent 48dfefe40d
commit 565993f016
2 changed files with 7 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
users/tazjin/nixos/camden/default.nix
View file

@ -10,25 +10,13 @@ let
extraConfig = "return 301 https://${to}$request_uri;"; extraConfig = "return 301 https://${to}$request_uri;";
}; };
mod = name: depot.path.origSrc + ("/ops/modules/" + name);
in in
lib.fix (self: { lib.fix (self: {
# Disable the current ACME module and use the old one from 19.09 imports = [
# instead, until the various regressions have been sorted out. (mod "quassel.nix")
# TODO(tazjin): Remove this once the new ACME module works. (mod "smtprelay.nix")
disabledModules = [ "security/acme" ]; ];
imports =
let
oldChannel = fetchTarball {
# NixOS 19.09 on 2020-10-04
url = "https://github.com/NixOS/nixpkgs-channels/archive/75f4ba05c63be3f147bcc2f7bd4ba1f029cedcb1.tar.gz";
sha256 = "157c64220lf825ll4c0cxsdwg7cxqdx4z559fdp7kpz0g6p8fhhr";
};
in
[
"${depot.path}/ops/modules/quassel.nix"
"${depot.path}/ops/modules/smtprelay.nix"
"${oldChannel}/nixos/modules/security/acme.nix"
];
# camden is intended to boot unattended, despite having an encrypted # camden is intended to boot unattended, despite having an encrypted
# root partition. # root partition.
@ -201,11 +189,10 @@ lib.fix (self: {
# Provision a TLS certificate outside of nginx to avoid # Provision a TLS certificate outside of nginx to avoid
# nixpkgs#38144 # nixpkgs#38144
security.acme = { security.acme = {
# acceptTerms = true; acceptTerms = true;
certs."tazj.in" = { certs."tazj.in" = {
email = "mail@tazj.in"; email = "mail@tazj.in";
user = "nginx";
group = "nginx"; group = "nginx";
webroot = "/var/lib/acme/acme-challenge"; webroot = "/var/lib/acme/acme-challenge";
extraDomains = { extraDomains = {
@ -222,9 +209,7 @@ lib.fix (self: {
certs."quassel.tazj.in" = { certs."quassel.tazj.in" = {
email = "mail@tazj.in"; email = "mail@tazj.in";
webroot = "/var/lib/acme/challenge-quassel"; webroot = "/var/lib/acme/challenge-quassel";
user = "nginx"; # required because of a bug in the ACME module
group = "quassel"; group = "quassel";
allowKeysForGroup = true;
}; };
}; };

2
users/tazjin/nixos/frog/default.nix
View file

@ -12,7 +12,7 @@ let
in in
lib.fix (self: { lib.fix (self: {
imports = [ imports = [
"${depot.path}/ops/modules/v4l2loopback.nix" (depot.path.origSrc + "/ops/modules/v4l2loopback.nix")
]; ];
boot = { boot = {