mdebray/tvl-depot
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
tvl-depot/ops/modules/irccat.nix
sterni 58f795d7c3 fix(ops/modules/irccat): only start after network is online 
I've discovered that it is possible for irccat to fail enough times to
run into the restart limit before network is online after booting.

Change-Id: Ia54a46d56bdc765a825fee50e7bdc8206718edc0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12790
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: sterni <sternenseemann@systemli.org>
2024-11-15 14:53:59 +00:00

64 lines
2 KiB
Nix
Raw Blame History

{ depot, config, lib, pkgs, ... }:
let
cfg = config.services.depot.irccat;
description = "irccat - forward messages to IRC";
# irccat expects to read its configuration from the *current
# directory*, and its configuration contains secrets.
#
# To make this work we construct the JSON configuration file and
# then recursively merge it with an on-disk secret using jq on
# service launch.
configJson = pkgs.writeText "irccat.json" (builtins.toJSON cfg.config);
# Right now, merging configuration file with secrets and running the main
# application needs to happen both in ExecStart=, due to
# https://github.com/systemd/systemd/issues/19604#issuecomment-989279884
mergeAndLaunch = pkgs.writeShellScript "merge-irccat-config" ''
if [ ! -f "$CREDENTIALS_DIRECTORY/secrets" ]; then
echo "irccat secrets file is missing"
exit 1
fi
# jq's * is the recursive merge operator
${pkgs.jq}/bin/jq -s '.[0] * .[1]' ${configJson} "$CREDENTIALS_DIRECTORY/secrets" \
> /var/lib/irccat/irccat.json
exec ${depot.third_party.irccat}/bin/irccat
'';
in
{
options.services.depot.irccat = {
enable = lib.mkEnableOption description;
config = lib.mkOption {
type = lib.types.attrsOf lib.types.anything; # varying value types
description = "Configuration structure (unchecked!)";
};
secretsFile = lib.mkOption {
type = lib.types.str;
description = "Path to the secrets file to be merged";
default = config.age.secretsDir + "/irccat";
};
};
config = lib.mkIf cfg.enable {
systemd.services.irccat = {
inherit description;
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
serviceConfig = {
ExecStart = "${mergeAndLaunch}";
DynamicUser = true;
StateDirectory = "irccat";
WorkingDirectory = "/var/lib/irccat";
LoadCredential = "secrets:${cfg.secretsFile}";
Restart = "always";
};
};
};
}
Reference in a new issue View git blame Copy permalink