ehmry
/
nix-processmgmt-services
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
nix-processmgmt-services/services-agnostic/disnix-service/default.nix

80 lines
2.5 KiB
Nix
Raw Blame History

{createManagedProcess, stdenv, lib, writeTextFile, nix, disnix, dysnomia, inetutils, findutils, processManager, nix-processmgmt}:
{ dbus-daemon ? null
, dysnomiaProperties ? {}
, dysnomiaContainers ? {}
, containerProviders ? []
, extraDysnomiaContainersPath ? []
, processManagerContainerSettings ? {}
, authorizedUsers ? []
}:
let
group = "disnix";
dysnomiaFlags =
if processManager == "supervisord" then {
enableSupervisordProgram = true;
} else {};
dysnomiaPkg = dysnomia.override dysnomiaFlags;
in
createManagedProcess {
name = "disnix-service";
process = "${disnix}/bin/disnix-service";
path = [ nix dysnomiaPkg disnix inetutils findutils ];
environment = import ./dysnomia-env.nix {
inherit stdenv lib writeTextFile nix-processmgmt processManager dysnomiaProperties dysnomiaContainers containerProviders extraDysnomiaContainersPath processManagerContainerSettings;
};
daemonExtraArgs = [ "--daemon" ];
dependencies = lib.optional (dbus-daemon != null) dbus-daemon.pkg
++ map (containerProvider: containerProvider.pkg) containerProviders;
credentials = {
groups = {
"${group}" = {};
};
};
overrides = {
sysvinit = {
runlevels = [ 2 3 4 5 ];
};
};
# Add dbus service configuration file
postInstall = ''
mkdir -p $out/share/dbus-1/system.d
cat > $out/share/dbus-1/system.d/disnix.conf <<EOF
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<policy user="root">
<allow own="org.nixos.disnix.Disnix"/>
<allow send_destination="org.nixos.disnix.Disnix"/>
<allow send_interface="org.nixos.disnix.Disnix"/>
</policy>
<policy group="disnix">
<deny own="org.nixos.disnix.Disnix"/>
<allow send_destination="org.nixos.disnix.Disnix"/>
<allow send_interface="org.nixos.disnix.Disnix"/>
</policy>
<policy context="default">
<deny own="org.nixos.disnix.Disnix"/>
<deny send_destination="org.nixos.disnix.Disnix"/>
<deny send_interface="org.nixos.disnix.Disnix"/>
</policy>
${lib.concatMapStrings (authorizedUser: ''
<policy user="${authorizedUser}">
<allow own="org.nixos.disnix.Disnix"/>
<allow send_destination="org.nixos.disnix.Disnix"/>
<allow send_interface="org.nixos.disnix.Disnix"/>
</policy>
'') authorizedUsers}
</busconfig>
EOF
'';
}
Reference in New Issue View Git Blame Copy Permalink