diff options
author | Franck Cuny <franck@fcuny.net> | 2023-03-27 17:49:49 -0700 |
---|---|---|
committer | Franck Cuny <franck@fcuny.net> | 2023-03-27 19:11:25 -0700 |
commit | a35050d9bc640309a8216b520a9b0350266de74f (patch) | |
tree | 5afb8a74db49cd2566fdb9311d1bdff1ab0b00d3 /modules | |
parent | modules/console: fix syntax (diff) | |
download | world-a35050d9bc640309a8216b520a9b0350266de74f.tar.gz |
modules/sendsms: gate the unit with a file
To prevent the unit to be triggered multiple times if the host has already rebooted, we create a gate file when we're done running, and before running, we check if the file exists. Enable the service on tahoe. Don't restart the unit when its definition has changed.
Diffstat (limited to 'modules')
-rw-r--r-- | modules/services/sendsms/default.nix | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/modules/services/sendsms/default.nix b/modules/services/sendsms/default.nix index 9d3491a..dde77ca 100644 --- a/modules/services/sendsms/default.nix +++ b/modules/services/sendsms/default.nix @@ -6,23 +6,36 @@ let in { options.my.services.sendsms = { - enable = lib.mkEnableOption "sendsms configuration"; + enable = lib.mkEnableOption "send SMS when the host reboots"; }; config = lib.mkIf cfg.enable { - systemd.services.sendsms = { - description = "Send an alert when the host has booted"; + systemd.services.sendsms-reboot = { + description = "Send an SMS when the host has booted"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; path = [ pkgs.sendsms ]; + restartIfChanged = false; + + unitConfig = { + # If the gate file exists, it means we've already send the + # message, nothing to do + ConditionPathExists = "!/run/sendsms/reboot"; + }; + serviceConfig = { Type = "oneshot"; ExecStart = "${pkgs.sendsms}/bin/sendsms --config ${secrets."sendsms/config".path} reboot"; + + # Write a gate file so we don't send a message multiple times + ExecStartPost = "${pkgs.coreutils}/bin/touch /run/sendsms/reboot"; + Restart = "on-failure"; # Runtime directory and mode RuntimeDirectory = "sendsms"; RuntimeDirectoryMode = "0755"; + RuntimeDirectoryPreserve = "yes"; # Access write directories UMask = "0027"; @@ -37,7 +50,6 @@ in ProtectSystem = "strict"; ProtectHome = true; PrivateTmp = true; - PrivateDevices = true; PrivateUsers = true; ProtectHostname = true; ProtectClock = true; @@ -45,7 +57,6 @@ in ProtectKernelModules = true; ProtectKernelLogs = true; ProtectControlGroups = true; - RestrictAddressFamilies = [ "AF_INET AF_INET6" ]; LockPersonality = true; MemoryDenyWriteExecute = true; RestrictRealtime = true; |