diff options
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/services/sendsms/default.nix | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/modules/services/sendsms/default.nix b/modules/services/sendsms/default.nix index 9d3491a..dde77ca 100644 --- a/modules/services/sendsms/default.nix +++ b/modules/services/sendsms/default.nix @@ -6,23 +6,36 @@ let in { options.my.services.sendsms = { - enable = lib.mkEnableOption "sendsms configuration"; + enable = lib.mkEnableOption "send SMS when the host reboots"; }; config = lib.mkIf cfg.enable { - systemd.services.sendsms = { - description = "Send an alert when the host has booted"; + systemd.services.sendsms-reboot = { + description = "Send an SMS when the host has booted"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; path = [ pkgs.sendsms ]; + restartIfChanged = false; + + unitConfig = { + # If the gate file exists, it means we've already send the + # message, nothing to do + ConditionPathExists = "!/run/sendsms/reboot"; + }; + serviceConfig = { Type = "oneshot"; ExecStart = "${pkgs.sendsms}/bin/sendsms --config ${secrets."sendsms/config".path} reboot"; + + # Write a gate file so we don't send a message multiple times + ExecStartPost = "${pkgs.coreutils}/bin/touch /run/sendsms/reboot"; + Restart = "on-failure"; # Runtime directory and mode RuntimeDirectory = "sendsms"; RuntimeDirectoryMode = "0755"; + RuntimeDirectoryPreserve = "yes"; # Access write directories UMask = "0027"; @@ -37,7 +50,6 @@ in ProtectSystem = "strict"; ProtectHome = true; PrivateTmp = true; - PrivateDevices = true; PrivateUsers = true; ProtectHostname = true; ProtectClock = true; @@ -45,7 +57,6 @@ in ProtectKernelModules = true; ProtectKernelLogs = true; ProtectControlGroups = true; - RestrictAddressFamilies = [ "AF_INET AF_INET6" ]; LockPersonality = true; MemoryDenyWriteExecute = true; RestrictRealtime = true; |