diff options
author | Franck Cuny <franck@fcuny.net> | 2023-03-27 17:49:49 -0700 |
---|---|---|
committer | Franck Cuny <franck@fcuny.net> | 2023-03-27 19:11:25 -0700 |
commit | a35050d9bc640309a8216b520a9b0350266de74f (patch) | |
tree | 5afb8a74db49cd2566fdb9311d1bdff1ab0b00d3 | |
parent | modules/console: fix syntax (diff) | |
download | world-a35050d9bc640309a8216b520a9b0350266de74f.tar.gz |
modules/sendsms: gate the unit with a file
To prevent the unit to be triggered multiple times if the host has already rebooted, we create a gate file when we're done running, and before running, we check if the file exists. Enable the service on tahoe. Don't restart the unit when its definition has changed.
Diffstat (limited to '')
-rw-r--r-- | flake.lock | 188 | ||||
-rw-r--r-- | flake.nix | 4 | ||||
-rw-r--r-- | hosts/tahoe/secrets/sendsms/config.age | bin | 627 -> 650 bytes | |||
-rw-r--r-- | hosts/tahoe/services.nix | 2 | ||||
-rw-r--r-- | modules/services/sendsms/default.nix | 21 | ||||
-rw-r--r-- | nix/mkSystem.nix | 1 |
6 files changed, 210 insertions, 6 deletions
diff --git a/flake.lock b/flake.lock index 3fb2155..17cba1c 100644 --- a/flake.lock +++ b/flake.lock @@ -21,6 +21,30 @@ "type": "github" } }, + "crane": { + "inputs": { + "flake-compat": "flake-compat_2", + "flake-utils": "flake-utils_3", + "nixpkgs": [ + "sendsms", + "nixpkgs" + ], + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1668047118, + "narHash": "sha256-F4xP7dAU6ca+hYa3qF0CtnwfQJT3YH4qEh/IxO+p9t0=", + "owner": "ipetkov", + "repo": "crane", + "rev": "074825a9e8d6446564e2ae6949ac3feb79aa7397", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, "darwin": { "inputs": { "nixpkgs": [ @@ -78,6 +102,22 @@ "type": "github" } }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1650374568, + "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-utils": { "locked": { "lastModified": 1667395993, @@ -108,6 +148,36 @@ "type": "github" } }, + "flake-utils_3": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_4": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "futils": { "locked": { "lastModified": 1676283394, @@ -252,6 +322,21 @@ "type": "github" } }, + "nixpkgs_4": { + "locked": { + "lastModified": 1668563542, + "narHash": "sha256-FrMNezX3v4qLkCg+j1e3Ei/FXOSQP4Chq4OOdttIEns=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ce89321950381ec845e56c6a6d1340abe5cd7a65", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "type": "github" + } + }, "nur": { "locked": { "lastModified": 1677966287, @@ -296,6 +381,31 @@ "type": "github" } }, + "pre-commit-hooks_2": { + "inputs": { + "flake-utils": [ + "sendsms", + "flake-utils" + ], + "nixpkgs": [ + "sendsms", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1667992213, + "narHash": "sha256-8Ens8ozllvlaFMCZBxg6S7oUyynYx2v7yleC5M0jJsE=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "ebcbfe09d2bd6d15f68de3a0ebb1e4dcb5cd324b", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, "root": { "inputs": { "agenix": "agenix", @@ -307,7 +417,8 @@ "nixpkgs": "nixpkgs_3", "nur": "nur", "pre-commit-hooks": "pre-commit-hooks", - "rust": "rust" + "rust": "rust", + "sendsms": "sendsms" } }, "rust": { @@ -330,6 +441,81 @@ "repo": "rust-overlay", "type": "github" } + }, + "rust-overlay": { + "inputs": { + "flake-utils": [ + "sendsms", + "crane", + "flake-utils" + ], + "nixpkgs": [ + "sendsms", + "crane", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1667487142, + "narHash": "sha256-bVuzLs1ZVggJAbJmEDVO9G6p8BH3HRaolK70KXvnWnU=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "cf668f737ac986c0a89e83b6b2e3c5ddbd8cf33b", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_2": { + "inputs": { + "flake-utils": [ + "sendsms", + "flake-utils" + ], + "nixpkgs": [ + "sendsms", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1668479979, + "narHash": "sha256-UI+JUCBaMpn+5Y1hSePmndbYX5zu0+bavlfzrhPrGEk=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "2342f70f7257046effc031333c4cfdea66c91d82", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "sendsms": { + "inputs": { + "crane": "crane", + "flake-utils": "flake-utils_4", + "nixpkgs": "nixpkgs_4", + "pre-commit-hooks": "pre-commit-hooks_2", + "rust-overlay": "rust-overlay_2" + }, + "locked": { + "lastModified": 1669084050, + "narHash": "sha256-yyCn7MpkFW2UHIbWcqja9IbvUjdlILD7w8zIqdmnPFA=", + "ref": "main", + "rev": "87c690117ace78b19f1535595cb68aced1fd04b1", + "revCount": 6, + "type": "git", + "url": "https://git.fcuny.net/fcuny/sendsms" + }, + "original": { + "ref": "main", + "type": "git", + "url": "https://git.fcuny.net/fcuny/sendsms" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index f08ceb7..6179c2e 100644 --- a/flake.nix +++ b/flake.nix @@ -54,6 +54,10 @@ nixpkgs-stable.follows = "nixpkgs"; }; }; + + sendsms = { + url = "git+https://git.fcuny.net/fcuny/sendsms?ref=main"; + }; }; # Output config, or config for NixOS system diff --git a/hosts/tahoe/secrets/sendsms/config.age b/hosts/tahoe/secrets/sendsms/config.age index d925f98..ecc0845 100644 --- a/hosts/tahoe/secrets/sendsms/config.age +++ b/hosts/tahoe/secrets/sendsms/config.age Binary files differdiff --git a/hosts/tahoe/services.nix b/hosts/tahoe/services.nix index cdd0342..87a71cf 100644 --- a/hosts/tahoe/services.nix +++ b/hosts/tahoe/services.nix @@ -65,5 +65,7 @@ in "/home/fcuny/media/videos" ]; }; + + sendsms.enable = true; }; } diff --git a/modules/services/sendsms/default.nix b/modules/services/sendsms/default.nix index 9d3491a..dde77ca 100644 --- a/modules/services/sendsms/default.nix +++ b/modules/services/sendsms/default.nix @@ -6,23 +6,36 @@ let in { options.my.services.sendsms = { - enable = lib.mkEnableOption "sendsms configuration"; + enable = lib.mkEnableOption "send SMS when the host reboots"; }; config = lib.mkIf cfg.enable { - systemd.services.sendsms = { - description = "Send an alert when the host has booted"; + systemd.services.sendsms-reboot = { + description = "Send an SMS when the host has booted"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; path = [ pkgs.sendsms ]; + restartIfChanged = false; + + unitConfig = { + # If the gate file exists, it means we've already send the + # message, nothing to do + ConditionPathExists = "!/run/sendsms/reboot"; + }; + serviceConfig = { Type = "oneshot"; ExecStart = "${pkgs.sendsms}/bin/sendsms --config ${secrets."sendsms/config".path} reboot"; + + # Write a gate file so we don't send a message multiple times + ExecStartPost = "${pkgs.coreutils}/bin/touch /run/sendsms/reboot"; + Restart = "on-failure"; # Runtime directory and mode RuntimeDirectory = "sendsms"; RuntimeDirectoryMode = "0755"; + RuntimeDirectoryPreserve = "yes"; # Access write directories UMask = "0027"; @@ -37,7 +50,6 @@ in ProtectSystem = "strict"; ProtectHome = true; PrivateTmp = true; - PrivateDevices = true; PrivateUsers = true; ProtectHostname = true; ProtectClock = true; @@ -45,7 +57,6 @@ in ProtectKernelModules = true; ProtectKernelLogs = true; ProtectControlGroups = true; - RestrictAddressFamilies = [ "AF_INET AF_INET6" ]; LockPersonality = true; MemoryDenyWriteExecute = true; RestrictRealtime = true; diff --git a/nix/mkSystem.nix b/nix/mkSystem.nix index 4debbab..1cb450f 100644 --- a/nix/mkSystem.nix +++ b/nix/mkSystem.nix @@ -17,6 +17,7 @@ inputs.nixpkgs.lib.nixosSystem { overlays = [ inputs.nur.overlay inputs.rust.overlays.default + inputs.sendsms.overlay (final: prev: { tools = import "${self}/tools" { pkgs = prev; inherit naersk; }; |