ashe
/
nixos-wrapper-pounce
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Separate bind host and external host

Browse Source
main
Ashelyn Dawn 6 months ago
parent 4394402759
commit 2241526e15
No known key found for this signature in database
GPG Key ID: D1980B8C6F349BC1
1 changed files with 25 additions and 18 deletions
Show Stats Download Patch File Download Diff File

43
flake.nix
Unescape Escape View File

@ -178,13 +178,20 @@
'';
};
host = mkOption {
externalHost = mkOption {
type = types.str;
default = "localhost";
example = "example.org";
description = lib.mdDoc ''
Base domain name for Calico to listen at. Each instance will be at a
subdomain of this.
Base domain name Calico will be accessible at. Each instance
will be at a subdomain of this.
'';
};
bindHost = mkOption {
type = types.str;
default = "localhost";
description = lib.mdDoc ''
The IP or host for Calico to bind to.
'';
};
@ -370,7 +377,7 @@
Group = cfg.user;
ExecStart = ''
${pkg}/bin/calico \
-H ${cfg.host} -P ${toString cfg.port} \
-H ${cfg.bindHost} -P ${toString cfg.port} \
-t ${toString cfg.timeout} ${cfg.dataDir}
'';
Restart = "on-failure";
@ -391,22 +398,22 @@
Group = cfg.user;
ExecStart = ''
${pkg}/bin/pounce \
-C ${cfg.certDir}/${name}.${cfg.host}/fullchain.pem \
-K ${cfg.certDir}/${name}.${cfg.host}/privkey.pem \
-U ${cfg.dataDir} -H ${name}.${cfg.host} \
-C ${cfg.certDir}/${name}.${cfg.externalHost}/fullchain.pem \
-K ${cfg.certDir}/${name}.${cfg.externalHost}/privkey.pem \
-U ${cfg.dataDir} -H ${name}.${cfg.externalHost} \
${settingsFormat.generate "${name}.cfg" value.config}
'';
Restart = "on-failure";
} // hardeningFlags;
preStart = ''
mkdir -p ${cfg.certDir}/${name}.${cfg.host}
mkdir -p ${cfg.certDir}/${name}.${cfg.externalHost}
if ${boolToString cfg.generateCerts}; then
if [ ! -f ${cfg.certDir}/${name}.${cfg.host}/fullchain.pem ] || \
[ ! -f ${cfg.certDir}/${name}.${cfg.host}/privkey.pem ]; then
if [ ! -f ${cfg.certDir}/${name}.${cfg.externalHost}/fullchain.pem ] || \
[ ! -f ${cfg.certDir}/${name}.${cfg.externalHost}/privkey.pem ]; then
${pkgs.libressl}/bin/openssl req -x509 -newkey rsa:4096 \
-out ${cfg.certDir}/${name}.${cfg.host}/fullchain.pem \
-keyout ${cfg.certDir}/${name}.${cfg.host}/privkey.pem \
-nodes -sha256 -days 36500 -subj "/CN=${name}.${cfg.host}"
-out ${cfg.certDir}/${name}.${cfg.externalHost}/fullchain.pem \
-keyout ${cfg.certDir}/${name}.${cfg.externalHost}/privkey.pem \
-nodes -sha256 -days 36500 -subj "/CN=${name}.${cfg.externalHost}"
fi
fi
'';
@ -429,7 +436,7 @@
${pkg}/bin/pounce-notify \
${if value.notify.insecure then "-!" else
if value.notify.trust-cert == "" then
"-t ${cfg.certDir}/${name}.${cfg.host}/fullchain.pem"
"-t ${cfg.certDir}/${name}.${cfg.externalHost}/fullchain.pem"
else if value.notify.trust-cert != null then
"-t ${value.notify.trust-cert}" else ""} \
${if value.notify.client-cert != "" then "-c ${value.notify.client-cert}" else ""} \
@ -438,7 +445,7 @@
-u ${value.notify.user} \
${if cfg.networks.${name}.config ? local-pass then
"-w ${cfg.networks.${name}.config.local-pass}" else ""} \
${name}.${cfg.host} \
${name}.${cfg.externalHost} \
${if value.notify.command != "" then "\"${value.notify.command}\"" else
pkgs.writeShellScript "pounce-${name}-notify-script" value.notify.script}
'';
@ -470,7 +477,7 @@
${pkg}/bin/pounce-palaver \
${if value.palaver.insecure then "-!" else
if value.palaver.trust-cert == "" then
"-t ${cfg.certDir}/${name}.${cfg.host}/fullchain.pem"
"-t ${cfg.certDir}/${name}.${cfg.externalHost}/fullchain.pem"
else if value.palaver.trust-cert != null then
"-t ${value.palaver.trust-cert}" else ""} \
${if value.palaver.client-cert != "" then "-c ${value.notify.client-cert}" else ""} \
@ -479,7 +486,7 @@
-u ${value.palaver.user} \
${if cfg.networks.${name}.config ? local-pass then
"-w ${cfg.networks.${name}.config.local-pass}" else ""} \
${name}.${cfg.host} \
${name}.${cfg.externalHost} \
${if value.palaver.noPreviews then "-N" else ""} \
${if value.palaver.noPrivateMessagePreviews then "-N" else ""} \
${if value.palaver.dbPath != "" then "-d ${value.palaver.dbPath}" else ""} \

Write Preview
Loading…
Cancel
Save