magic_rb/dotfiles
1
0
Fork 0
mirror of https://git.sr.ht/~magic_rb/dotfiles synced 2024-11-22 08:04:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

ingress-tootpick: switch to dinit

Browse source 
Signed-off-by: magic_rb <magic_rb@redalder.org>
This commit is contained in:
magic_rb 2024-11-10 19:09:41 +01:00
parent e99c9e848f
commit 6a60fae8ac
No known key found for this signature in database
GPG key ID: 08D5287CC5DDCA0E
2 changed files with 36 additions and 40 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
nixng/containers/ingress-toothpick/default.nix
View file

@ -15,36 +15,7 @@
singleton singleton
; ;
in { in {
dumb-init = { dinit.enable = true;
enable = true;
sigell.entries = [
{
signal = "HUP";
action = {
type = "exec";
environment = {
PATH = "${pkgs.bash}/bin:${pkgs.busybox}/bin";
};
command = [
"bash"
"-c"
"kill -s HUP \"$(cat /nginx.pid)\""
];
};
}
{
signal = "TERM";
action = {
type = "signal";
rewrite = "TERM";
selector = {
type = "child";
};
};
}
];
type.services = {};
};
init.services.nginx.shutdownOnExit = true; init.services.nginx.shutdownOnExit = true;
system.activation = { system.activation = {

45
terranix/main/containers/ingress-toothpick/job.hcl
View file

@ -216,8 +216,13 @@ ssl_prefer_server_ciphers off;
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
EOF EOF
destination = "local/ssl.conf" destination = "local/ssl.conf"
change_mode = "signal" change_mode = "script"
change_signal = "SIGHUP" change_script {
command = "/bin/sh"
args = ["-lc", "kill -SIGHUP $(cat /service/nginx/pid)"]
timeout = "5s"
fail_on_error = false
}
} }
template { template {
@ -228,8 +233,13 @@ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
EOF EOF
destination = "local/headers.conf" destination = "local/headers.conf"
change_mode = "signal" change_mode = "script"
change_signal = "SIGHUP" change_script {
command = "/bin/sh"
args = ["-lc", "kill -SIGHUP $(cat /service/nginx/pid)"]
timeout = "5s"
fail_on_error = false
}
} }
template { template {
@ -238,8 +248,13 @@ add_header X-Frame-Options "SAMEORIGIN";
add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always; add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
EOF EOF
destination = "local/security.conf" destination = "local/security.conf"
change_mode = "signal" change_mode = "script"
change_signal = "SIGHUP" change_script {
command = "/bin/sh"
args = ["-c", "kill -SIGHUP $(cat /service/nginx/pid)"]
timeout = "5s"
fail_on_error = false
}
} }
template { template {
@ -265,15 +280,25 @@ server {
} }
EOF EOF
destination = "local/streams.conf" destination = "local/streams.conf"
change_mode = "signal" change_mode = "script"
change_signal = "SIGHUP" change_script {
command = "/bin/sh"
args = ["-c", "kill -SIGHUP $(cat /service/nginx/pid)"]
timeout = "5s"
fail_on_error = false
}
} }
template { template {
data = var.upstreams data = var.upstreams
destination = "local/upstreams.conf" destination = "local/upstreams.conf"
change_mode = "signal" change_mode = "script"
change_signal = "SIGHUP" change_script {
command = "/bin/sh"
args = ["-c", "kill -SIGHUP $(cat /service/nginx/pid)"]
timeout = "5s"
fail_on_error = false
}
} }
} }
} }