diff --git a/hosts/nodens/spec.nix b/hosts/nodens/spec.nix index 65586e03..35727c5e 100644 --- a/hosts/nodens/spec.nix +++ b/hosts/nodens/spec.nix @@ -123,10 +123,10 @@ enable = true; serve = true; openFirewall = 4432; - credentials = [ - "key:${config.age.secrets."nyaw.key".path}" - "cert:${config.age.secrets."nyaw.cert".path}" - ]; + # credentials = [ + # "key:${config.age.secrets."nyaw.key".path}" + # "cert:${config.age.secrets."nyaw.cert".path}" + # ]; configFile = config.age.secrets.hyst-us.path; }; }; diff --git a/modules/hysteria.nix b/modules/hysteria.nix index 8f2d5416..c8a2c6f5 100644 --- a/modules/hysteria.nix +++ b/modules/hysteria.nix @@ -89,7 +89,7 @@ in { Type = "simple"; DynamicUser = true; - ExecStart = "${lib.getExe' opts.package "hysteria"} ${binSuffix} --disable-update-check -c $\{CREDENTIALS_DIRECTORY}/config.yaml"; + ExecStart = "${lib.getExe' opts.package "hysteria"} ${binSuffix} -c $\{CREDENTIALS_DIRECTORY}/config.yaml"; LoadCredential = [ "config.yaml:${opts.configFile}" ] ++ opts.credentials; Environment = [ "HYSTERIA_DISABLE_UPDATE_CHECK=1" ]; AmbientCapabilities = [ diff --git a/repack/reuse-cert.nix b/repack/reuse-cert.nix index 5f2d7aee..8cb91d27 100644 --- a/repack/reuse-cert.nix +++ b/repack/reuse-cert.nix @@ -45,25 +45,25 @@ reIf ( ) { } nameCondPair) // { caddy.serviceConfig.EnvironmentFile = config.age.secrets.porkbun-api.path; - hysteria-only.serviceConfig.LoadCredential = [ - "crt:${config.age.secrets."nyaw.cert".path}" - "key:${config.age.secrets."nyaw.key".path}" - ]; - # hysteria-only.serviceConfig.LoadCredential = - # lib.mkIf (builtins.any (i: i.serve) (lib.attrValues config.services.hysteria.instances)) - # ( - # map - # ( - # s: - # s - # + ":" - # + "/var/lib/caddy/certificates/acme-v02.api.letsencrypt.org-directory/nyaw.xyz/nyaw.xyz.${s}" - # ) - # [ - # "key" - # "crt" - # ] - # ); + # hysteria-only.serviceConfig.LoadCredential = [ + # "crt:${config.age.secrets."nyaw.cert".path}" + # "key:${config.age.secrets."nyaw.key".path}" + # ]; + hysteria-only.serviceConfig.LoadCredential = + lib.mkIf (builtins.any (i: i.serve) (lib.attrValues config.services.hysteria.instances)) + ( + map + ( + s: + s + + ":" + + "/var/lib/caddy/certificates/acme-v02.api.letsencrypt.org-directory/nyaw.xyz/nyaw.xyz.${s}" + ) + [ + "key" + "crt" + ] + ); }; } ) diff --git a/util.nu b/util.nu index 486bf0e0..0bb5f187 100644 --- a/util.nu +++ b/util.nu @@ -71,10 +71,11 @@ export def d [ log info "copy closure complete"; return [$per, $per_node_addr, $out_path]; - } | par-each {|| {name: $in.0, addr: $in.1, path: $in.2}} | each {|i| - log info $'deploying ($i.path)(char newline)-> ($i.name) | ($i.addr)' - ssh -t $'ssh://($i.addr)' $'sudo ($i.path)/bin/switch-to-configuration ($mode)' - } + } + | par-each {|| {name: $in.0, addr: $in.1, path: $in.2}} | each {|i| + log info $'deploying ($i.path)(char newline)-> ($i.name) | ($i.addr)' + ssh -t $'ssh://($i.addr)' $'sudo ($i.path)/bin/switch-to-configuration ($mode)' + } } }