gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore(ci): flake update

Browse source 
syncplay module was updated
This commit is contained in:
arcnmx 2024-09-07 11:37:53 -07:00
parent ce248c901a
commit 725a981d23
5 changed files with 19 additions and 69 deletions
Download patch file Download diff file Expand all files Collapse all files

24
flake.lock generated
View file

@ -7,11 +7,11 @@
]
},
"locked": {
"lastModified": 1725134751,
"narHash": "sha256-yzASTNj/pXP1DQurf50a/1M5kevI70TwhUGhYPlX3BA=",
"lastModified": 1725576462,
"narHash": "sha256-yQwN6aO63V7TlFohZ2y1HqbRiA787W4MEbE4FqcC4vQ=",
"owner": "arcnmx",
"repo": "nixexprs",
"rev": "7b85606acedd55b167016dc08a331ffece563dab",
"rev": "02731f711e232ef0ffa5d7707b1a91a7dfb0cdb8",
"type": "github"
},
"original": {
@ -160,11 +160,11 @@
]
},
"locked": {
"lastModified": 1725180166,
"narHash": "sha256-fzssXuGR/mCeGbzM1ExaTqDz7QDGta3WA4jJsZyRruo=",
"lastModified": 1725694918,
"narHash": "sha256-+HsjshXpqNiJHLaJaK0JnIicJ/a1NquKcfn4YZ3ILgg=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "471e3eb0a114265bcd62d11d58ba8d3421ee68eb",
"rev": "aaebdea769a5c10f1c6e50ebdf5924c1a13f0cda",
"type": "github"
},
"original": {
@ -190,11 +190,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1725103162,
"narHash": "sha256-Ym04C5+qovuQDYL/rKWSR+WESseQBbNAe5DsXNx5trY=",
"lastModified": 1725634671,
"narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "12228ff1752d7b7624a54e9c1af4b222b3c1073b",
"rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c",
"type": "github"
},
"original": {
@ -267,11 +267,11 @@
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1725201042,
"narHash": "sha256-lj5pxOwidP0W//E7IvyhbhXrnEUW99I07+QpERnzTS4=",
"lastModified": 1725540166,
"narHash": "sha256-htc9rsTMSAY5ek+DB3tpntdD/es0eam2hJgO92bWSys=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "5db5921e40ae382d6716dce591ea23b0a39d96f7",
"rev": "d9d781523a1463965cd1e1333a306e70d9feff07",
"type": "github"
},
"original": {

52
modules/nixos/syncplay.nix
View file

@ -7,51 +7,14 @@
}: let
inherit (gensokyo-zone.lib) mkAlmostOptionDefault;
inherit (lib.options) mkOption;
inherit (lib.modules) mkIf mkMerge;
inherit (lib.modules) mkIf;
cfg = config.services.syncplay;
acme = config.security.acme.certs.${cfg.useACMECert};
acmeDir = acme.directory;
in {
options.services.syncplay = with lib.types; {
openFirewall = mkOption {
type = bool;
default = false;
};
useACMECert = mkOption {
type = nullOr str;
default = null;
};
};
config.services.syncplay = {
certDir = let
certDir = pkgs.linkFarm "syncplay-certs" [
{
name = "privkey.pem";
path = "${acmeDir}/key.pem";
}
rec {
name = "cert.pem";
path = "${acmeDir}/${name}";
}
rec {
name = "chain.pem";
path = "${acmeDir}/${name}";
}
];
in
mkIf (cfg.useACMECert != null) (mkAlmostOptionDefault certDir);
};
config.users = mkIf cfg.enable {
users.syncplay = mkIf (cfg.user == "syncplay") {
group = mkAlmostOptionDefault cfg.group;
isSystemUser = true;
home = mkAlmostOptionDefault "/var/lib/syncplay";
};
groups.syncplay =
mkIf (cfg.group == "syncplay") {
};
};
config.networking.firewall = mkIf cfg.enable {
@ -59,23 +22,14 @@ in {
};
config.systemd.services.syncplay = mkIf cfg.enable {
wants = mkIf (cfg.useACMECert != null) ["acme-finished-${cfg.useACMECert}.target"];
after = mkIf (cfg.useACMECert != null) ["acme-${cfg.useACMECert}.service"];
wants = mkIf (cfg.useACMEHost != null) ["acme-finished-${cfg.useACMEHost}.target"];
after = mkIf (cfg.useACMEHost != null) ["acme-selfsigned-${cfg.useACMEHost}.service"];
confinement = {
enable = mkAlmostOptionDefault true;
packages = config.systemd.services.syncplay.path;
};
path = mkIf (cfg.passwordFile != null || cfg.saltFile != null) [pkgs.coreutils];
serviceConfig = {
StateDirectory = mkAlmostOptionDefault "syncplay";
BindReadOnlyPaths = mkMerge [
(mkIf (cfg.useACMECert != null) [
"${acmeDir}"
])
(mkIf (cfg.certDir != null) [
"${cfg.certDir}"
])
];
NoNewPrivileges = true;
PrivateDevices = true;
PrivateMounts = true;

2
nixos/k8s.nix
View file

@ -55,7 +55,7 @@ in {
};
kubelet = {
extraOpts = "--fail-swap-on=false";
clusterDns = "10.43.0.2";
clusterDns = ["10.43.0.2"];
};
};

7
nixos/syncplay.nix
View file

@ -8,14 +8,13 @@
in {
sops.secrets = let
sopsFile = mkDefault ./secrets/syncplay.yaml;
owner = cfg.user;
in
mkIf cfg.enable {
syncplay-password = {
inherit sopsFile owner;
inherit sopsFile;
};
syncplay-salt = {
inherit sopsFile owner;
inherit sopsFile;
};
};
@ -24,8 +23,6 @@ in {
extraArgs = [
"--disable-ready"
];
user = mkDefault "syncplay";
group = mkDefault "syncplay";
saltFile = mkDefault config.sops.secrets.syncplay-salt.path;
passwordFile = mkDefault config.sops.secrets.syncplay-password.path;
};

3
systems/hakurei/nixos.nix
View file

@ -106,7 +106,6 @@ in {
];
};
syncplay = {
inherit (syncplay) group;
domain = "syncplay.${config.networking.domain}";
extraDomainNames = [
"syncplay.local.${config.networking.domain}"
@ -425,7 +424,7 @@ in {
};
services.syncplay = {
openFirewall = true;
useACMECert = "syncplay";
useACMEHost = "syncplay";
};
services.tailscale.advertiseExitNode = true;