about summary refs log tree commit diff
diff options
context:
space:
mode:
authorFranck Cuny <franck@fcuny.net>2023-03-27 17:49:49 -0700
committerFranck Cuny <franck@fcuny.net>2023-03-27 19:11:25 -0700
commita35050d9bc640309a8216b520a9b0350266de74f (patch)
tree5afb8a74db49cd2566fdb9311d1bdff1ab0b00d3
parentmodules/console: fix syntax (diff)
downloadworld-a35050d9bc640309a8216b520a9b0350266de74f.tar.gz
modules/sendsms: gate the unit with a file
To prevent the unit to be triggered multiple times if the host has
already rebooted, we create a gate file when we're done running, and
before running, we check if the file exists.

Enable the service on tahoe.

Don't restart the unit when its definition has changed.
-rw-r--r--flake.lock188
-rw-r--r--flake.nix4
-rw-r--r--hosts/tahoe/secrets/sendsms/config.agebin627 -> 650 bytes
-rw-r--r--hosts/tahoe/services.nix2
-rw-r--r--modules/services/sendsms/default.nix21
-rw-r--r--nix/mkSystem.nix1
6 files changed, 210 insertions, 6 deletions
diff --git a/flake.lock b/flake.lock
index 3fb2155..17cba1c 100644
--- a/flake.lock
+++ b/flake.lock
@@ -21,6 +21,30 @@
         "type": "github"
       }
     },
+    "crane": {
+      "inputs": {
+        "flake-compat": "flake-compat_2",
+        "flake-utils": "flake-utils_3",
+        "nixpkgs": [
+          "sendsms",
+          "nixpkgs"
+        ],
+        "rust-overlay": "rust-overlay"
+      },
+      "locked": {
+        "lastModified": 1668047118,
+        "narHash": "sha256-F4xP7dAU6ca+hYa3qF0CtnwfQJT3YH4qEh/IxO+p9t0=",
+        "owner": "ipetkov",
+        "repo": "crane",
+        "rev": "074825a9e8d6446564e2ae6949ac3feb79aa7397",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ipetkov",
+        "repo": "crane",
+        "type": "github"
+      }
+    },
     "darwin": {
       "inputs": {
         "nixpkgs": [
@@ -78,6 +102,22 @@
         "type": "github"
       }
     },
+    "flake-compat_2": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1650374568,
+        "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "b4a34015c698c7793d592d66adbab377907a2be8",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
     "flake-utils": {
       "locked": {
         "lastModified": 1667395993,
@@ -108,6 +148,36 @@
         "type": "github"
       }
     },
+    "flake-utils_3": {
+      "locked": {
+        "lastModified": 1667395993,
+        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flake-utils_4": {
+      "locked": {
+        "lastModified": 1667395993,
+        "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
     "futils": {
       "locked": {
         "lastModified": 1676283394,
@@ -252,6 +322,21 @@
         "type": "github"
       }
     },
+    "nixpkgs_4": {
+      "locked": {
+        "lastModified": 1668563542,
+        "narHash": "sha256-FrMNezX3v4qLkCg+j1e3Ei/FXOSQP4Chq4OOdttIEns=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "ce89321950381ec845e56c6a6d1340abe5cd7a65",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "nur": {
       "locked": {
         "lastModified": 1677966287,
@@ -296,6 +381,31 @@
         "type": "github"
       }
     },
+    "pre-commit-hooks_2": {
+      "inputs": {
+        "flake-utils": [
+          "sendsms",
+          "flake-utils"
+        ],
+        "nixpkgs": [
+          "sendsms",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1667992213,
+        "narHash": "sha256-8Ens8ozllvlaFMCZBxg6S7oUyynYx2v7yleC5M0jJsE=",
+        "owner": "cachix",
+        "repo": "pre-commit-hooks.nix",
+        "rev": "ebcbfe09d2bd6d15f68de3a0ebb1e4dcb5cd324b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "repo": "pre-commit-hooks.nix",
+        "type": "github"
+      }
+    },
     "root": {
       "inputs": {
         "agenix": "agenix",
@@ -307,7 +417,8 @@
         "nixpkgs": "nixpkgs_3",
         "nur": "nur",
         "pre-commit-hooks": "pre-commit-hooks",
-        "rust": "rust"
+        "rust": "rust",
+        "sendsms": "sendsms"
       }
     },
     "rust": {
@@ -330,6 +441,81 @@
         "repo": "rust-overlay",
         "type": "github"
       }
+    },
+    "rust-overlay": {
+      "inputs": {
+        "flake-utils": [
+          "sendsms",
+          "crane",
+          "flake-utils"
+        ],
+        "nixpkgs": [
+          "sendsms",
+          "crane",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1667487142,
+        "narHash": "sha256-bVuzLs1ZVggJAbJmEDVO9G6p8BH3HRaolK70KXvnWnU=",
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "rev": "cf668f737ac986c0a89e83b6b2e3c5ddbd8cf33b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "type": "github"
+      }
+    },
+    "rust-overlay_2": {
+      "inputs": {
+        "flake-utils": [
+          "sendsms",
+          "flake-utils"
+        ],
+        "nixpkgs": [
+          "sendsms",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1668479979,
+        "narHash": "sha256-UI+JUCBaMpn+5Y1hSePmndbYX5zu0+bavlfzrhPrGEk=",
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "rev": "2342f70f7257046effc031333c4cfdea66c91d82",
+        "type": "github"
+      },
+      "original": {
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "type": "github"
+      }
+    },
+    "sendsms": {
+      "inputs": {
+        "crane": "crane",
+        "flake-utils": "flake-utils_4",
+        "nixpkgs": "nixpkgs_4",
+        "pre-commit-hooks": "pre-commit-hooks_2",
+        "rust-overlay": "rust-overlay_2"
+      },
+      "locked": {
+        "lastModified": 1669084050,
+        "narHash": "sha256-yyCn7MpkFW2UHIbWcqja9IbvUjdlILD7w8zIqdmnPFA=",
+        "ref": "main",
+        "rev": "87c690117ace78b19f1535595cb68aced1fd04b1",
+        "revCount": 6,
+        "type": "git",
+        "url": "https://git.fcuny.net/fcuny/sendsms"
+      },
+      "original": {
+        "ref": "main",
+        "type": "git",
+        "url": "https://git.fcuny.net/fcuny/sendsms"
+      }
     }
   },
   "root": "root",
diff --git a/flake.nix b/flake.nix
index f08ceb7..6179c2e 100644
--- a/flake.nix
+++ b/flake.nix
@@ -54,6 +54,10 @@
         nixpkgs-stable.follows = "nixpkgs";
       };
     };
+
+    sendsms = {
+      url = "git+https://git.fcuny.net/fcuny/sendsms?ref=main";
+    };
   };
 
   # Output config, or config for NixOS system
diff --git a/hosts/tahoe/secrets/sendsms/config.age b/hosts/tahoe/secrets/sendsms/config.age
index d925f98..ecc0845 100644
--- a/hosts/tahoe/secrets/sendsms/config.age
+++ b/hosts/tahoe/secrets/sendsms/config.age
Binary files differdiff --git a/hosts/tahoe/services.nix b/hosts/tahoe/services.nix
index cdd0342..87a71cf 100644
--- a/hosts/tahoe/services.nix
+++ b/hosts/tahoe/services.nix
@@ -65,5 +65,7 @@ in
         "/home/fcuny/media/videos"
       ];
     };
+
+    sendsms.enable = true;
   };
 }
diff --git a/modules/services/sendsms/default.nix b/modules/services/sendsms/default.nix
index 9d3491a..dde77ca 100644
--- a/modules/services/sendsms/default.nix
+++ b/modules/services/sendsms/default.nix
@@ -6,23 +6,36 @@ let
 in
 {
   options.my.services.sendsms = {
-    enable = lib.mkEnableOption "sendsms configuration";
+    enable = lib.mkEnableOption "send SMS when the host reboots";
   };
 
   config = lib.mkIf cfg.enable {
-    systemd.services.sendsms = {
-      description = "Send an alert when the host has booted";
+    systemd.services.sendsms-reboot = {
+      description = "Send an SMS when the host has booted";
       after = [ "network.target" ];
       wantedBy = [ "multi-user.target" ];
       path = [ pkgs.sendsms ];
+      restartIfChanged = false;
+
+      unitConfig = {
+        # If the gate file exists, it means we've already send the
+        # message, nothing to do
+        ConditionPathExists = "!/run/sendsms/reboot";
+      };
+
       serviceConfig = {
         Type = "oneshot";
         ExecStart = "${pkgs.sendsms}/bin/sendsms --config ${secrets."sendsms/config".path} reboot";
+
+        # Write a gate file so we don't send a message multiple times
+        ExecStartPost = "${pkgs.coreutils}/bin/touch /run/sendsms/reboot";
+
         Restart = "on-failure";
 
         # Runtime directory and mode
         RuntimeDirectory = "sendsms";
         RuntimeDirectoryMode = "0755";
+        RuntimeDirectoryPreserve = "yes";
 
         # Access write directories
         UMask = "0027";
@@ -37,7 +50,6 @@ in
         ProtectSystem = "strict";
         ProtectHome = true;
         PrivateTmp = true;
-        PrivateDevices = true;
         PrivateUsers = true;
         ProtectHostname = true;
         ProtectClock = true;
@@ -45,7 +57,6 @@ in
         ProtectKernelModules = true;
         ProtectKernelLogs = true;
         ProtectControlGroups = true;
-        RestrictAddressFamilies = [ "AF_INET AF_INET6" ];
         LockPersonality = true;
         MemoryDenyWriteExecute = true;
         RestrictRealtime = true;
diff --git a/nix/mkSystem.nix b/nix/mkSystem.nix
index 4debbab..1cb450f 100644
--- a/nix/mkSystem.nix
+++ b/nix/mkSystem.nix
@@ -17,6 +17,7 @@ inputs.nixpkgs.lib.nixosSystem {
         overlays = [
           inputs.nur.overlay
           inputs.rust.overlays.default
+          inputs.sendsms.overlay
           (final: prev:
             {
               tools = import "${self}/tools" { pkgs = prev; inherit naersk; };