diff options
author | Franck Cuny <franck@fcuny.net> | 2023-08-21 17:43:56 -0700 |
---|---|---|
committer | Franck Cuny <franck@fcuny.net> | 2023-08-21 17:43:56 -0700 |
commit | 33082a3d589d2d086d6fceef5eac3096f5ef17f0 (patch) | |
tree | 4c352dbb19eb5f0615966e78118b42aa7c993894 /modules/services | |
parent | add a couple of github actions (diff) | |
download | world-33082a3d589d2d086d6fceef5eac3096f5ef17f0.tar.gz |
remove custom tools
Diffstat (limited to 'modules/services')
-rw-r--r-- | modules/services/default.nix | 1 | ||||
-rw-r--r-- | modules/services/sendsms/default.nix | 72 |
2 files changed, 0 insertions, 73 deletions
diff --git a/modules/services/default.nix b/modules/services/default.nix index 77cf853..1aeeff1 100644 --- a/modules/services/default.nix +++ b/modules/services/default.nix @@ -4,6 +4,5 @@ imports = [ ./backup ./monitoring - ./sendsms ]; } diff --git a/modules/services/sendsms/default.nix b/modules/services/sendsms/default.nix deleted file mode 100644 index dde77ca..0000000 --- a/modules/services/sendsms/default.nix +++ /dev/null @@ -1,72 +0,0 @@ -# send SMS based on actions -{ pkgs, config, lib, ... }: -let - cfg = config.my.services.sendsms; - secrets = config.age.secrets; -in -{ - options.my.services.sendsms = { - enable = lib.mkEnableOption "send SMS when the host reboots"; - }; - - config = lib.mkIf cfg.enable { - systemd.services.sendsms-reboot = { - description = "Send an SMS when the host has booted"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - path = [ pkgs.sendsms ]; - restartIfChanged = false; - - unitConfig = { - # If the gate file exists, it means we've already send the - # message, nothing to do - ConditionPathExists = "!/run/sendsms/reboot"; - }; - - serviceConfig = { - Type = "oneshot"; - ExecStart = "${pkgs.sendsms}/bin/sendsms --config ${secrets."sendsms/config".path} reboot"; - - # Write a gate file so we don't send a message multiple times - ExecStartPost = "${pkgs.coreutils}/bin/touch /run/sendsms/reboot"; - - Restart = "on-failure"; - - # Runtime directory and mode - RuntimeDirectory = "sendsms"; - RuntimeDirectoryMode = "0755"; - RuntimeDirectoryPreserve = "yes"; - - # Access write directories - UMask = "0027"; - - # Capabilities - CapabilityBoundingSet = ""; - - # Security - NoNewPrivileges = true; - - # Sandboxing - ProtectSystem = "strict"; - ProtectHome = true; - PrivateTmp = true; - PrivateUsers = true; - ProtectHostname = true; - ProtectClock = true; - ProtectKernelTunables = true; - ProtectKernelModules = true; - ProtectKernelLogs = true; - ProtectControlGroups = true; - LockPersonality = true; - MemoryDenyWriteExecute = true; - RestrictRealtime = true; - RestrictSUIDSGID = true; - PrivateMounts = true; - - # System Call Filtering - SystemCallArchitectures = "native"; - SystemCallFilter = "~@clock @cpu-emulation @debug @keyring @memlock @module @mount @obsolete @raw-io @reboot @setuid @swap"; - }; - }; - }; -} |