flake

Francesco Saccone's Nix flake.
git clone https://git.francescosaccone.com/flake
Log | Files | Refs | README | LICENSE

default.nix (4349B)

      1 {
      2   lib,
      3   options,
      4   config,
      5   pkgs,
      6   ...
      7 }:
      8 {
      9 
     10   options.modules.agate = {
     11     enable = lib.mkOption {
     12       description = "Whether to enable Agate.";
     13       default = false;
     14       type = lib.types.bool;
     15     };
     16     directory = lib.mkOption {
     17       description = "The root directory to statically host.";
     18       default = "/var/gemini";
     19       readOnly = true;
     20       type = lib.types.uniq lib.types.path;
     21     };
     22     symlinks = lib.mkOption {
     23       description = ''
     24         For each symlink name, which will be created in the root directory, its
     25         target.
     26       '';
     27       default = { };
     28       type = lib.types.attrsOf lib.types.path;
     29     };
     30     preStart = {
     31       scripts = lib.mkOption {
     32         description = ''
     33           The list of scripts to run before starting the server.
     34         '';
     35         default = [ ];
     36         type = lib.types.listOf lib.types.path;
     37       };
     38       packages = lib.mkOption {
     39         description = "The list of packages required by the scripts.";
     40         default = [ ];
     41         type = lib.types.listOf lib.types.package;
     42       };
     43     };
     44   };
     45 
     46   config = lib.mkIf config.modules.agate.enable {
     47     users = {
     48       users = {
     49         agate = {
     50           hashedPassword = "!";
     51           isSystemUser = true;
     52           group = "agate";
     53           createHome = true;
     54           home = config.modules.agate.directory;
     55         };
     56       };
     57       groups = {
     58         agate = { };
     59       };
     60     };
     61 
     62     systemd = {
     63       services = {
     64         agate-setup = {
     65           enable = true;
     66           wantedBy = [ "multi-user.target" ];
     67           serviceConfig =
     68             let
     69               clean = pkgs.writeShellScriptBin "clean" ''
     70                 ${pkgs.sbase}/bin/rm -rf \
     71                 ${config.modules.agate.directory}/*
     72 
     73                 ${pkgs.sbase}/bin/mkdir -p \
     74                 ${config.modules.agate.directory}/.certificates
     75               '';
     76               symlinks =
     77                 config.modules.agate.symlinks
     78                 |> builtins.mapAttrs (
     79                   name: target: ''
     80                     ${pkgs.sbase}/bin/mkdir -p \
     81                     ${config.modules.agate.directory}/${builtins.dirOf name}
     82 
     83                     ${pkgs.sbase}/bin/ln -sf ${target} \
     84                     ${config.modules.agate.directory}/${name}
     85                   ''
     86                 )
     87                 |> builtins.attrValues
     88                 |> builtins.concatStringsSep "\n"
     89                 |> pkgs.writeShellScriptBin "symlinks";
     90               permissions = pkgs.writeShellScriptBin "permissions" ''
     91                 ${pkgs.sbase}/bin/chmod -R g+rwx \
     92                 ${config.modules.agate.directory}
     93               '';
     94             in
     95             {
     96               User = "root";
     97               Group = "root";
     98               Type = "oneshot";
     99               ExecStart = [
    100                 "${clean}/bin/clean"
    101                 "${symlinks}/bin/symlinks"
    102                 "${permissions}/bin/permissions"
    103               ];
    104             };
    105         };
    106         agate =
    107           let
    108             inherit (config.modules.agate) preStart;
    109           in
    110           rec {
    111             enable = true;
    112             wantedBy = [ "multi-user.target" ];
    113             requires = [ "agate-setup.service" ];
    114             after = [ "network.target" ];
    115             path = preStart.packages;
    116             serviceConfig =
    117               let
    118                 script = pkgs.writeShellScriptBin "script" ''
    119                   ${builtins.concatStringsSep "\n" preStart.scripts}
    120 
    121                   ${pkgs.agate}/bin/agate \
    122                     --content ${config.modules.agate.directory} \
    123                     --hostname ${config.networking.domain} \
    124                     --addr [::]:1965 \
    125                     --addr 0.0.0.0:1965
    126                 '';
    127               in
    128               {
    129                 User = "root";
    130                 Group = "root";
    131                 Restart = "on-failure";
    132                 Type = "simple";
    133                 ExecStart = "${script}/bin/script";
    134               };
    135           };
    136       };
    137       paths = {
    138         agate = {
    139           enable = true;
    140           wantedBy = [ "multi-user.target" ];
    141           pathConfig = {
    142             PathModified = [
    143               config.modules.agate.directory
    144             ] ++ builtins.attrValues config.modules.agate.symlinks;
    145           };
    146         };
    147       };
    148     };
    149 
    150     networking.firewall.allowedTCPPorts = [ 1965 ];
    151   };
    152 }