fix: certbot not reload nginx

2025-05-03 14:48:00 +08:00 · 2025-05-03 14:48:00 +08:00 · f5ba45b20c
commit f5ba45b20c
parent c24da9bea1
4 changed files with 22 additions and 7 deletions
--- a/system/dev/dn-server/nextcloud.nix
+++ b/system/dev/dn-server/nextcloud.nix
@ -50,6 +50,10 @@ in
    configureRedis = true;
    hostName = "nextcloud.net.dn";
    https = true;
+    phpExtraExtensions =
+      all: with all; [
+        imagick
+      ];

    extraApps = {
      inherit (config.services.nextcloud.package.packages.apps)
@ -59,12 +63,6 @@ in
        tasks
        ;

-      memories = pkgs.fetchNextcloudApp {
-        sha256 = "sha256-BfxJDCGsiRJrZWkNJSQF3rSFm/G3zzQn7C6DCETSzw4=";
-        url = "https://github.com/pulsejet/memories/releases/download/v7.5.2/memories.tar.gz";
-        license = "agpl3Plus";
-      };
-
      passwords =
        (pkgs.fetchNextcloudApp {
          sha256 = "sha256-Nu6WViFawQWby9CEEezAwoBNdp7O5O8a9IhDp/me/E0=";
@ -90,6 +88,7 @@ in
    };

    settings = {
+      log_type = "file";
      enabledPreviewProviders = [
        "OC\\Preview\\BMP"
        "OC\\Preview\\GIF"
--- a/system/dev/dn-server/nginx.nix
+++ b/system/dev/dn-server/nginx.nix
@ -4,5 +4,6 @@
 {
  services.nginx = {
    enable = true;
+    enableReload = true;
  };
 }
--- a/system/dev/dn-server/services.nix
+++ b/system/dev/dn-server/services.nix
@ -180,6 +180,11 @@ let
      publicKey = "oCRNCyg0bw6W6W87XQ4pIUW+WFi/bx9MG4cIwE23GxI=";
      allowedIPs = [ "10.0.0.144/32" ];
    }
+    {
+      dns = "rasp";
+      publicKey = "z+2d+4FhSClGlSiAtaGnTgU6utxElfdRqiwPpCJFRn8=";
+      allowedIPs = [ "10.0.0.145/32" ];
+    }
  ];

  dnsRecords =
--- a/system/modules/certbot.nix
+++ b/system/modules/certbot.nix
@ -18,7 +18,6 @@
      "nginx.service"
      "network.target"
    ];
-    wantedBy = [ "multi-user.target" ];
    environment = {
      "REQUESTS_CA_BUNDLE" = ../extra/ca.crt;
    };
@ -26,5 +25,16 @@
      ExecStart = ''${pkgs.certbot}/bin/certbot renew'';
      ExecStartPost = "${pkgs.busybox}/bin/chown nginx:nginx -R /etc/letsencrypt";
    };
+    unitConfig = {
+      OnSuccess = "nginx-reload-after-certbot.service";
+    };
+  };
+
+  systemd.services."nginx-reload-after-certbot" = {
+    serviceConfig = {
+      User = "nginx";
+      # This config file path refers to "services.nginx.enableReload"
+      ExecStart = ''${pkgs.nginx}/bin/nginx -s reload -c /etc/nginx/nginx.conf'';
+    };
  };
 }