lilly/LillyOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4f23e5e540e81e1783a9720b6c907464568bacd1
LillyOS/hosts/lillyserver/systemd.nix

84 lines
2.5 KiB
Nix
Raw Blame History

{ pkgs, ... }:
let
crowdsec-service = "crowdsec-prefix";
tailscale-cloudflare-dns-sync-service = "tailscale-cloudflare-dns-sync";
certbot-generic-cert-service = "certbot-renew";
in
{
systemd.services = {
${crowdsec-service} = {
enable = true;
description = "Get IPv6 Prefix to add to Crowdsec Whitelist";
serviceConfig = {
Type = "oneshot";
ExecStart = "/mnt/lilly-ssd/appdata/crowdsec/crowdsec-prefix-change-script/checkprefix.sh";
WorkingDirectory = "/mnt/lilly-ssd/appdata/crowdsec/crowdsec-prefix-change-script";
};
};
${tailscale-cloudflare-dns-sync-service} = {
enable = true;
description = "Start the tailscale-cloudflare-dns-sync Docker container";
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.docker}/bin/docker start tailscale-cloudflare-dns-sync";
};
};
${certbot-generic-cert-service} = {
enable = true;
description = "Renew Let's Encrypt certificates using Certbot in Docker";
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
serviceConfig = {
Type = "oneshot";
ExecStart = ''${pkgs.docker}/bin/docker \
run --rm --name certbot-renew \
-v /mnt/lilly-ssd/secrets/certificates/etc:/etc/letsencrypt \
-v /mnt/lilly-ssd/secrets/certificates/var:/var/lib/letsencrypt \
-v /mnt/lilly-ssd/secrets/certificates/cf-credentials:/cf-credentials:ro \
-v /mnt/lilly-ssd/secrets/certificates/id_ed25519_certshare:/openwrt_private_key:ro \
certbot/dns-cloudflare renew \
--dns-cloudflare \
--dns-cloudflare-credentials /cf-credentials
'';
};
};
};
systemd.timers = {
${crowdsec-service} = {
enable = true;
description = "Run Crowdsec-Prefix check regularly.";
timerConfig = {
OnCalendar = "*:0/5";
Persistent = true;
};
wantedBy = [ "timers.target" ];
};
${tailscale-cloudflare-dns-sync-service} = {
enable = true;
description = "Run tailscale-cloudflare-dns-sync every 10 minutes";
timerConfig = {
OnBootSec = "10min";
OnUnitActiveSec = "10min";
Persistent = true;
};
wantedBy = [ "timers.target" ];
};
${certbot-generic-cert-service} = {
enable = true;
description = "Weekly renewal of Let's Encrypt certificates";
timerConfig = {
OnCalendar = "weekly";
Persistent = true;
};
wantedBy = [ "timers.target" ];
};
};
}
Reference in New Issue View Git Blame Copy Permalink