fix: certbot not reload nginx

2025-05-03 14:48:00 +08:00 · 2025-05-03 14:48:00 +08:00 · f5ba45b20c
commit f5ba45b20c
parent c24da9bea1
4 changed files with 22 additions and 7 deletions
--- a/system/dev/dn-server/nextcloud.nix
+++ b/system/dev/dn-server/nextcloud.nix
@ -50,6 +50,10 @@ in
    configureRedis = true;
    hostName = "nextcloud.net.dn";
    https = true;
    phpExtraExtensions =
      all: with all; [
        imagick
      ];
    extraApps = {
      inherit (config.services.nextcloud.package.packages.apps)
@ -59,12 +63,6 @@ in
        tasks
        ;
      memories = pkgs.fetchNextcloudApp {
        sha256 = "sha256-BfxJDCGsiRJrZWkNJSQF3rSFm/G3zzQn7C6DCETSzw4=";
        url = "https://github.com/pulsejet/memories/releases/download/v7.5.2/memories.tar.gz";
        license = "agpl3Plus";
      };
      passwords =
        (pkgs.fetchNextcloudApp {
          sha256 = "sha256-Nu6WViFawQWby9CEEezAwoBNdp7O5O8a9IhDp/me/E0=";
@ -90,6 +88,7 @@ in
    };
    settings = {
      log_type = "file";
      enabledPreviewProviders = [
        "OC\\Preview\\BMP"
        "OC\\Preview\\GIF"
--- a/system/dev/dn-server/nginx.nix
+++ b/system/dev/dn-server/nginx.nix
@ -4,5 +4,6 @@
 {
  services.nginx = {
    enable = true;
    enableReload = true;
  };
 }
--- a/system/dev/dn-server/services.nix
+++ b/system/dev/dn-server/services.nix
@ -180,6 +180,11 @@ let
      publicKey = "oCRNCyg0bw6W6W87XQ4pIUW+WFi/bx9MG4cIwE23GxI=";
      allowedIPs = [ "10.0.0.144/32" ];
    }
    {
      dns = "rasp";
      publicKey = "z+2d+4FhSClGlSiAtaGnTgU6utxElfdRqiwPpCJFRn8=";
      allowedIPs = [ "10.0.0.145/32" ];
    }
  ];
  dnsRecords =
--- a/system/modules/certbot.nix
+++ b/system/modules/certbot.nix
@ -18,7 +18,6 @@
      "nginx.service"
      "network.target"
    ];
    wantedBy = [ "multi-user.target" ];
    environment = {
      "REQUESTS_CA_BUNDLE" = ../extra/ca.crt;
    };
@ -26,5 +25,16 @@
      ExecStart = ''${pkgs.certbot}/bin/certbot renew'';
      ExecStartPost = "${pkgs.busybox}/bin/chown nginx:nginx -R /etc/letsencrypt";
    };
    unitConfig = {
      OnSuccess = "nginx-reload-after-certbot.service";
    };
  };
  systemd.services."nginx-reload-after-certbot" = {
    serviceConfig = {
      User = "nginx";
      # This config file path refers to "services.nginx.enableReload"
      ExecStart = ''${pkgs.nginx}/bin/nginx -s reload -c /etc/nginx/nginx.conf'';
    };
  };
 }