mirror of https://gitlab.com/curben/blog
post(nixos): update syntax to 21.05
- https://nixos.org/manual/nixos/stable/release-notes.html#sec-release-21.05
This commit is contained in:
Ming Di Leom
parent
ad4b53a5c3
commit
8c2e000d8d
|
|
@ -110,6 +110,8 @@ Combining with the previous user configs, I ended up with:
|
|||
tor = {
|
||||
home = "/var/lib/tor";
|
||||
createHome = true;
|
||||
group = "tor";
|
||||
uid = config.ids.uids.tor;
|
||||
};
|
||||
};
|
||||
|
||||
|
|
@ -121,7 +123,7 @@ Combining with the previous user configs, I ended up with:
|
|||
members = [ "caddyTor" ];
|
||||
};
|
||||
tor = {
|
||||
members = [ "tor" ];
|
||||
gid = config.ids.gids.tor;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
@ -568,24 +570,23 @@ Since [unattended upgrade](#Unattended-upgrade) is executed on 00:00, I delay ga
|
|||
services.tor = {
|
||||
enable = true;
|
||||
enableGeoIP = false;
|
||||
hiddenServices = {
|
||||
relay.onionServices = {
|
||||
proxy = {
|
||||
version = 3;
|
||||
map = [
|
||||
{
|
||||
port = "80";
|
||||
toHost = "[::1]";
|
||||
toPort = "8080";
|
||||
}
|
||||
];
|
||||
map = [{
|
||||
port = 80;
|
||||
target = {
|
||||
addr = "[::1]";
|
||||
port = 8080;
|
||||
};
|
||||
}];
|
||||
};
|
||||
};
|
||||
extraConfig =
|
||||
''
|
||||
ClientUseIPv4 0
|
||||
ClientUseIPv6 1
|
||||
ClientPreferIPv6ORPort 1
|
||||
'';
|
||||
settings = {
|
||||
ClientUseIPv4 = false;
|
||||
ClientUseIPv6 = true;
|
||||
ClientPreferIPv6ORPort = true;
|
||||
};
|
||||
};
|
||||
|
||||
## I2P Eepsite
|
||||
|
|
|
|||
|
|
@ -111,10 +111,8 @@ in {
|
|||
after = [ "network-online.target" ];
|
||||
wants = [ "network-online.target" ]; # systemd-networkd-wait-online.service
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
# 21.03+
|
||||
# https://github.com/NixOS/nixpkgs/pull/97512
|
||||
# startLimitIntervalSec = 14400;
|
||||
# startLimitBurst = 10;
|
||||
startLimitIntervalSec = 14400;
|
||||
startLimitBurst = 10;
|
||||
serviceConfig = {
|
||||
ExecStart = "${cfg.package}/bin/caddy run --config ${cfg.config} --adapter ${cfg.adapter}";
|
||||
ExecReload = "${cfg.package}/bin/caddy reload --config ${cfg.config} --adapter ${cfg.adapter}";
|
||||
|
|
@ -122,8 +120,10 @@ in {
|
|||
User = "caddyProxy";
|
||||
Group = "caddyProxy";
|
||||
Restart = "on-abnormal";
|
||||
StartLimitIntervalSec = 14400;
|
||||
StartLimitBurst = 10;
|
||||
# < 20.09
|
||||
# https://github.com/NixOS/nixpkgs/pull/97512
|
||||
# StartLimitIntervalSec = 14400;
|
||||
# StartLimitBurst = 10;
|
||||
NoNewPrivileges = true;
|
||||
LimitNPROC = 512;
|
||||
LimitNOFILE = 1048576;
|
||||
|
|
|
|||
|
|
@ -79,6 +79,8 @@ in {
|
|||
wantedBy = [ "multi-user.target" ];
|
||||
environment = mkIf (versionAtLeast config.system.stateVersion "17.09" && !isCaddy2)
|
||||
{ CADDYPATH = cfg.dataDir; };
|
||||
startLimitIntervalSec = 14400;
|
||||
startLimitBurst = 10;
|
||||
serviceConfig = {
|
||||
ExecStart = if isCaddy2 then ''
|
||||
${cfg.package}/bin/caddy run --config ${cfg.config} --adapter ${cfg.adapter}
|
||||
|
|
@ -94,8 +96,6 @@ in {
|
|||
User = "caddy";
|
||||
Group = "caddy";
|
||||
Restart = "on-abnormal";
|
||||
StartLimitIntervalSec = 14400;
|
||||
StartLimitBurst = 10;
|
||||
NoNewPrivileges = true;
|
||||
LimitNPROC = 512;
|
||||
LimitNOFILE = 1048576;
|
||||
|
|
|
|||
|
|
@ -159,10 +159,8 @@ in {
|
|||
after = [ "network-online.target" ];
|
||||
wants = [ "network-online.target" ]; # systemd-networkd-wait-online.service
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
# 21.03+
|
||||
# https://github.com/NixOS/nixpkgs/pull/97512
|
||||
# startLimitIntervalSec = 14400;
|
||||
# startLimitBurst = 10;
|
||||
startLimitIntervalSec = 14400;
|
||||
startLimitBurst = 10;
|
||||
serviceConfig = {
|
||||
ExecStart = "${cfg.package}/bin/caddy run --config ${cfg.config} --adapter ${cfg.adapter}";
|
||||
ExecReload = "${cfg.package}/bin/caddy reload --config ${cfg.config} --adapter ${cfg.adapter}";
|
||||
|
|
@ -170,8 +168,6 @@ in {
|
|||
User = "caddyI2p";
|
||||
Group = "caddyI2p";
|
||||
Restart = "on-abnormal";
|
||||
StartLimitIntervalSec = 14400;
|
||||
StartLimitBurst = 10;
|
||||
NoNewPrivileges = true;
|
||||
LimitNPROC = 512;
|
||||
LimitNOFILE = 1048576;
|
||||
|
|
|
|||
|
|
@ -39,24 +39,23 @@ The first step is to bring up a Tor hidden service to get an onion address. Add
|
|||
services.tor = {
|
||||
enable = true;
|
||||
enableGeoIP = false;
|
||||
hiddenServices = {
|
||||
relay.onionServices = {
|
||||
myOnion = {
|
||||
version = 3;
|
||||
map = [
|
||||
{
|
||||
port = "80";
|
||||
toHost = "[::1]";
|
||||
toPort = "8080";
|
||||
}
|
||||
];
|
||||
map = [{
|
||||
port = 80;
|
||||
target = {
|
||||
addr = "[::1]";
|
||||
port = 8080;
|
||||
};
|
||||
}];
|
||||
};
|
||||
};
|
||||
extraConfig =
|
||||
''
|
||||
ClientUseIPv4 0
|
||||
ClientUseIPv6 1
|
||||
ClientPreferIPv6ORPort 1
|
||||
'';
|
||||
settings = {
|
||||
ClientUseIPv4 = false;
|
||||
ClientUseIPv6 = true;
|
||||
ClientPreferIPv6ORPort = true;
|
||||
};
|
||||
};
|
||||
```
|
||||
|
||||
|
|
@ -134,10 +133,8 @@ in {
|
|||
after = [ "network-online.target" ];
|
||||
wants = [ "network-online.target" ]; # systemd-networkd-wait-online.service
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
# 21.03+
|
||||
# https://github.com/NixOS/nixpkgs/pull/97512
|
||||
# startLimitIntervalSec = 14400;
|
||||
# startLimitBurst = 10;
|
||||
startLimitIntervalSec = 14400;
|
||||
startLimitBurst = 10;
|
||||
serviceConfig = {
|
||||
ExecStart = "${cfg.package}/bin/caddy run --config ${cfg.config} --adapter ${cfg.adapter}";
|
||||
ExecReload = "${cfg.package}/bin/caddy reload --config ${cfg.config} --adapter ${cfg.adapter}";
|
||||
|
|
@ -145,8 +142,10 @@ in {
|
|||
User = "caddyProxy";
|
||||
Group = "caddyProxy";
|
||||
Restart = "on-abnormal";
|
||||
StartLimitIntervalSec = 14400;
|
||||
StartLimitBurst = 10;
|
||||
# < 20.09
|
||||
# https://github.com/NixOS/nixpkgs/pull/97512
|
||||
# StartLimitIntervalSec = 14400;
|
||||
# StartLimitBurst = 10;
|
||||
NoNewPrivileges = true;
|
||||
LimitNPROC = 512;
|
||||
LimitNOFILE = 1048576;
|
||||
|
|
|
|||
Loading…
Reference in New Issue