From 96c67858300b5ae169c821ec405f6cbaa0d54ebc Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone <exarkun@twistedmatrix.com> Date: Mon, 4 Nov 2019 19:01:19 -0500 Subject: [PATCH] Use the `script` feature --- nixos/modules/issuer.nix | 61 ++++++++++++++++++++-------------------- 1 file changed, 30 insertions(+), 31 deletions(-) diff --git a/nixos/modules/issuer.nix b/nixos/modules/issuer.nix index 4587d9df..10368e4d 100644 --- a/nixos/modules/issuer.nix +++ b/nixos/modules/issuer.nix @@ -96,37 +96,36 @@ in { # over TLS and require a certificate. lib.optional cfg.tls "cert-${cfg.domain}"; - serviceConfig = { - ExecStart = - let - # Compute the right command line arguments to pass to it. The - # signing key is only supplied when using the Ristretto issuer. - issuerArgs = - if cfg.issuer == "Trivial" - then "--issuer Trivial" - else "--issuer Ristretto --signing-key ${cfg.ristrettoSigningKey}"; - databaseArgs = - if cfg.database == "Memory" - then "--database Memory" - else "--database SQLite3 --database-path ${cfg.databasePath}"; - httpsArgs = - if cfg.tls - then - "--https-port 443 " + - "--https-certificate-path ${certroot}/${cfg.domain}/cert.pem " + - "--https-certificate-chain-path ${certroot}/${cfg.domain}/chain.pem " + - "--https-key-path ${certroot}/${cfg.domain}/privkey.pem" - else - # Only for automated testing. - "--http-port 80"; - in - "${cfg.package}/bin/PaymentServer-exe ${issuerArgs} ${databaseArgs} ${httpsArgs}"; - Type = "simple"; - # It really shouldn't ever exit on its own! If it does, it's a bug - # we'll have to fix. Restart it and hope it doesn't happen too much - # before we can fix whatever the issue is. - Restart = "always"; - }; + # It really shouldn't ever exit on its own! If it does, it's a bug + # we'll have to fix. Restart it and hope it doesn't happen too much + # before we can fix whatever the issue is. + serviceConfig.Restart = "always"; + serviceConfig.Type = "simple"; + + script = + let + # Compute the right command line arguments to pass to it. The + # signing key is only supplied when using the Ristretto issuer. + issuerArgs = + if cfg.issuer == "Trivial" + then "--issuer Trivial" + else "--issuer Ristretto --signing-key ${cfg.ristrettoSigningKey}"; + databaseArgs = + if cfg.database == "Memory" + then "--database Memory" + else "--database SQLite3 --database-path ${cfg.databasePath}"; + httpsArgs = + if cfg.tls + then + "--https-port 443 " + + "--https-certificate-path ${certroot}/${cfg.domain}/cert.pem " + + "--https-certificate-chain-path ${certroot}/${cfg.domain}/chain.pem " + + "--https-key-path ${certroot}/${cfg.domain}/privkey.pem" + else + # Only for automated testing. + "--http-port 80"; + in + "${cfg.package}/bin/PaymentServer-exe ${issuerArgs} ${databaseArgs} ${httpsArgs}"; }; # Certificate renewal. We must declare that we *require* it in our -- GitLab