ingress-tootpick: switch to dinit

Signed-off-by: magic_rb <magic_rb@redalder.org>
2024-11-21 23:54:22 +01:00 · 2024-11-10 19:09:41 +01:00 · 2024-11-10 19:09:41 +01:00 · 6a60fae8ac
parent e99c9e848f
commit 6a60fae8ac
2 changed files with 36 additions and 40 deletions
--- a/nixng/containers/ingress-toothpick/default.nix
+++ b/nixng/containers/ingress-toothpick/default.nix
@ -15,36 +15,7 @@
        singleton
        ;
    in {
-      dumb-init = {
-        enable = true;
-        sigell.entries = [
-          {
-            signal = "HUP";
-            action = {
-              type = "exec";
-              environment = {
-                PATH = "${pkgs.bash}/bin:${pkgs.busybox}/bin";
-              };
-              command = [
-                "bash"
-                "-c"
-                "kill -s HUP \"$(cat /nginx.pid)\""
-              ];
-            };
-          }
-          {
-            signal = "TERM";
-            action = {
-              type = "signal";
-              rewrite = "TERM";
-              selector = {
-                type = "child";
-              };
-            };
-          }
-        ];
-        type.services = {};
-      };
+      dinit.enable = true;
      init.services.nginx.shutdownOnExit = true;

      system.activation = {
--- a/terranix/main/containers/ingress-toothpick/job.hcl
+++ b/terranix/main/containers/ingress-toothpick/job.hcl
@ -216,8 +216,13 @@ ssl_prefer_server_ciphers off;
 ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
 EOF
        destination   = "local/ssl.conf"
-        change_mode   = "signal"
-        change_signal = "SIGHUP"
+        change_mode   = "script"
+	change_script {
+          command       = "/bin/sh"
+          args          = ["-lc", "kill -SIGHUP $(cat /service/nginx/pid)"]
+          timeout       = "5s"
+          fail_on_error = false
+        }
      }

      template {
@ -228,8 +233,13 @@ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_set_header X-Forwarded-Proto $scheme;
 EOF
        destination   = "local/headers.conf"
-        change_mode   = "signal"
-        change_signal = "SIGHUP"
+        change_mode   = "script"
+	change_script {
+          command       = "/bin/sh"
+          args          = ["-lc", "kill -SIGHUP $(cat /service/nginx/pid)"]
+          timeout       = "5s"
+          fail_on_error = false
+        }
      }

      template {
@ -238,8 +248,13 @@ add_header X-Frame-Options "SAMEORIGIN";
 add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
 EOF
        destination   = "local/security.conf"
-        change_mode   = "signal"
-        change_signal = "SIGHUP"
+        change_mode   = "script"
+	change_script {
+          command       = "/bin/sh"
+          args          = ["-c", "kill -SIGHUP $(cat /service/nginx/pid)"]
+          timeout       = "5s"
+          fail_on_error = false
+        }
      }

      template {
@ -265,15 +280,25 @@ server {
 }
 EOF
        destination   = "local/streams.conf"
-        change_mode   = "signal"
-        change_signal = "SIGHUP"
+        change_mode   = "script"
+	change_script {
+          command       = "/bin/sh"
+          args          = ["-c", "kill -SIGHUP $(cat /service/nginx/pid)"]
+          timeout       = "5s"
+          fail_on_error = false
+        }
      }

      template {
        data = var.upstreams
        destination   = "local/upstreams.conf"
-        change_mode   = "signal"
-        change_signal = "SIGHUP"
+        change_mode   = "script"
+	change_script {
+          command       = "/bin/sh"
+          args          = ["-c", "kill -SIGHUP $(cat /service/nginx/pid)"]
+          timeout       = "5s"
+          fail_on_error = false
+        }
      }
    }
  }