about summary refs log tree commit diff
diff options
context:
space:
mode:
authorFranck Cuny <franck@fcuny.net>2023-03-27 17:49:49 -0700
committerFranck Cuny <franck@fcuny.net>2023-03-27 19:11:25 -0700
commita35050d9bc640309a8216b520a9b0350266de74f (patch)
tree5afb8a74db49cd2566fdb9311d1bdff1ab0b00d3
parentmodules/console: fix syntax (diff)
downloadworld-a35050d9bc640309a8216b520a9b0350266de74f.tar.gz
modules/sendsms: gate the unit with a file
To prevent the unit to be triggered multiple times if the host has
already rebooted, we create a gate file when we're done running, and
before running, we check if the file exists.

Enable the service on tahoe.

Don't restart the unit when its definition has changed.
Diffstat (limited to '')
-rw-r--r--flake.lock188
-rw-r--r--flake.nix4
-rw-r--r--hosts/tahoe/secrets/sendsms/config.agebin627 -> 650 bytes
-rw-r--r--hosts/tahoe/services.nix2
-rw-r--r--modules/services/sendsms/default.nix21
-rw-r--r--nix/mkSystem.nix1
6 files changed, 210 insertions, 6 deletions
diff --git a/flake.lock b/flake.lock
index 3fb2155..17cba1c 100644
--- a/flake.lock
+++ b/flake.lock
@@ -21,6 +21,30 @@
         "type": "github"
       }
     },
+    "crane": {
+      "inputs": {
+        "flake-compat": "flake-compat_2",
+        "flake-utils": "flake-utils_3",
+        "nixpkgs": [
+          "sendsms",
+          "nixpkgs"
+        ],
+        "rust-overlay": "rust-overlay"
+      },
+      "locked": {
+        "lastModified": 1668047118,
+        "narHash": "sha256-F4xP7dAU6ca+hYa3qF0CtnwfQJT3YH4qEh/IxO+p9t0=",
+        "owner": "ipetkov",
+        "repo": "crane",
+        "rev": "074825a9e8d6446564e2ae6949ac3feb79aa7397",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ipetkov",
+        "repo": "crane",
+        "type": "github"
+      }
+    },
     "darwin": {
       "inputs": {
         "nixpkgs": [
@@ -78,6 +102,22 @@
         "type": "github"
       }
     },
+    "flake-compat_2": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1650374568,
+        "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "b4a34015c698c7793d592d66adbab377907a2be8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
     "flake-utils": {
       "locked": {
         "lastModified": 1667395993,
@@ -108,6 +148,36 @@
         "type": "github"
       }
     },
+    "flake-utils_3": {
+      "locked": {
+        "lastModified": 1667395993,
+        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils_4": {
+      "locked": {
+        "lastModified": 1667395993,
+        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
     "futils": {
       "locked": {
         "lastModified": 1676283394,
@@ -252,6 +322,21 @@
         "type": "github"
       }
     },
+    "nixpkgs_4": {
+      "locked": {
+        "lastModified": 1668563542,
+        "narHash": "sha256-FrMNezX3v4qLkCg+j1e3Ei/FXOSQP4Chq4OOdttIEns=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "ce89321950381ec845e56c6a6d1340abe5cd7a65",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "nur": {
       "locked": {
         "lastModified": 1677966287,
@@ -296,6 +381,31 @@
         "type": "github"
       }
     },
+    "pre-commit-hooks_2": {
+      "inputs": {
+        "flake-utils": [
+          "sendsms",
+          "flake-utils"
+        ],
+        "nixpkgs": [
+          "sendsms",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1667992213,
+        "narHash": "sha256-8Ens8ozllvlaFMCZBxg6S7oUyynYx2v7yleC5M0jJsE=",
+        "owner": "cachix",
+        "repo": "pre-commit-hooks.nix",
+        "rev": "ebcbfe09d2bd6d15f68de3a0ebb1e4dcb5cd324b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "repo": "pre-commit-hooks.nix",
+        "type": "github"
+      }
+    },
     "root": {
       "inputs": {
         "agenix": "agenix",
@@ -307,7 +417,8 @@
         "nixpkgs": "nixpkgs_3",
         "nur": "nur",
         "pre-commit-hooks": "pre-commit-hooks",
-        "rust": "rust"
+        "rust": "rust",
+        "sendsms": "sendsms"
       }
     },
     "rust": {
@@ -330,6 +441,81 @@
         "repo": "rust-overlay",
         "type": "github"
       }
+    },
+    "rust-overlay": {
+      "inputs": {
+        "flake-utils": [
+          "sendsms",
+          "crane",
+          "flake-utils"
+        ],
+        "nixpkgs": [
+          "sendsms",
+          "crane",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1667487142,
+        "narHash": "sha256-bVuzLs1ZVggJAbJmEDVO9G6p8BH3HRaolK70KXvnWnU=",
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "rev": "cf668f737ac986c0a89e83b6b2e3c5ddbd8cf33b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "type": "github"
+      }
+    },
+    "rust-overlay_2": {
+      "inputs": {
+        "flake-utils": [
+          "sendsms",
+          "flake-utils"
+        ],
+        "nixpkgs": [
+          "sendsms",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1668479979,
+        "narHash": "sha256-UI+JUCBaMpn+5Y1hSePmndbYX5zu0+bavlfzrhPrGEk=",
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "rev": "2342f70f7257046effc031333c4cfdea66c91d82",
+        "type": "github"
+      },
+      "original": {
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "type": "github"
+      }
+    },
+    "sendsms": {
+      "inputs": {
+        "crane": "crane",
+        "flake-utils": "flake-utils_4",
+        "nixpkgs": "nixpkgs_4",
+        "pre-commit-hooks": "pre-commit-hooks_2",
+        "rust-overlay": "rust-overlay_2"
+      },
+      "locked": {
+        "lastModified": 1669084050,
+        "narHash": "sha256-yyCn7MpkFW2UHIbWcqja9IbvUjdlILD7w8zIqdmnPFA=",
+        "ref": "main",
+        "rev": "87c690117ace78b19f1535595cb68aced1fd04b1",
+        "revCount": 6,
+        "type": "git",
+        "url": "https://git.fcuny.net/fcuny/sendsms"
+      },
+      "original": {
+        "ref": "main",
+        "type": "git",
+        "url": "https://git.fcuny.net/fcuny/sendsms"
+      }
     }
   },
   "root": "root",
diff --git a/flake.nix b/flake.nix
index f08ceb7..6179c2e 100644
--- a/flake.nix
+++ b/flake.nix
@@ -54,6 +54,10 @@
         nixpkgs-stable.follows = "nixpkgs";
       };
     };
+
+    sendsms = {
+      url = "git+https://git.fcuny.net/fcuny/sendsms?ref=main";
+    };
   };
 
   # Output config, or config for NixOS system
diff --git a/hosts/tahoe/secrets/sendsms/config.age b/hosts/tahoe/secrets/sendsms/config.age
index d925f98..ecc0845 100644
--- a/hosts/tahoe/secrets/sendsms/config.age
+++ b/hosts/tahoe/secrets/sendsms/config.age
Binary files differdiff --git a/hosts/tahoe/services.nix b/hosts/tahoe/services.nix
index cdd0342..87a71cf 100644
--- a/hosts/tahoe/services.nix
+++ b/hosts/tahoe/services.nix
@@ -65,5 +65,7 @@ in
         "/home/fcuny/media/videos"
       ];
     };
+
+    sendsms.enable = true;
   };
 }
diff --git a/modules/services/sendsms/default.nix b/modules/services/sendsms/default.nix
index 9d3491a..dde77ca 100644
--- a/modules/services/sendsms/default.nix
+++ b/modules/services/sendsms/default.nix
@@ -6,23 +6,36 @@ let
 in
 {
   options.my.services.sendsms = {
-    enable = lib.mkEnableOption "sendsms configuration";
+    enable = lib.mkEnableOption "send SMS when the host reboots";
   };
 
   config = lib.mkIf cfg.enable {
-    systemd.services.sendsms = {
-      description = "Send an alert when the host has booted";
+    systemd.services.sendsms-reboot = {
+      description = "Send an SMS when the host has booted";
       after = [ "network.target" ];
       wantedBy = [ "multi-user.target" ];
       path = [ pkgs.sendsms ];
+      restartIfChanged = false;
+
+      unitConfig = {
+        # If the gate file exists, it means we've already send the
+        # message, nothing to do
+        ConditionPathExists = "!/run/sendsms/reboot";
+      };
+
       serviceConfig = {
         Type = "oneshot";
         ExecStart = "${pkgs.sendsms}/bin/sendsms --config ${secrets."sendsms/config".path} reboot";
+
+        # Write a gate file so we don't send a message multiple times
+        ExecStartPost = "${pkgs.coreutils}/bin/touch /run/sendsms/reboot";
+
         Restart = "on-failure";
 
         # Runtime directory and mode
         RuntimeDirectory = "sendsms";
         RuntimeDirectoryMode = "0755";
+        RuntimeDirectoryPreserve = "yes";
 
         # Access write directories
         UMask = "0027";
@@ -37,7 +50,6 @@ in
         ProtectSystem = "strict";
         ProtectHome = true;
         PrivateTmp = true;
-        PrivateDevices = true;
         PrivateUsers = true;
         ProtectHostname = true;
         ProtectClock = true;
@@ -45,7 +57,6 @@ in
         ProtectKernelModules = true;
         ProtectKernelLogs = true;
         ProtectControlGroups = true;
-        RestrictAddressFamilies = [ "AF_INET AF_INET6" ];
         LockPersonality = true;
         MemoryDenyWriteExecute = true;
         RestrictRealtime = true;
diff --git a/nix/mkSystem.nix b/nix/mkSystem.nix
index 4debbab..1cb450f 100644
--- a/nix/mkSystem.nix
+++ b/nix/mkSystem.nix
@@ -17,6 +17,7 @@ inputs.nixpkgs.lib.nixosSystem {
         overlays = [
           inputs.nur.overlay
           inputs.rust.overlays.default
+          inputs.sendsms.overlay
           (final: prev:
             {
               tools = import "${self}/tools" { pkgs = prev; inherit naersk; };