nixos: refactor dataspace server for TTYs
This commit is contained in:
parent
513ca8420e
commit
b355f98b60
|
@ -47,11 +47,11 @@
|
||||||
syndicate-py = python3Packages.syndicate;
|
syndicate-py = python3Packages.syndicate;
|
||||||
}) self.legacyPackages;
|
}) self.legacyPackages;
|
||||||
|
|
||||||
|
nixosModules.default = self.nixosModules.syndicate-server;
|
||||||
nixosModules.syndicate-server =
|
nixosModules.syndicate-server =
|
||||||
# A little hack to apply our overlay to this module only.
|
# A little hack to apply our overlay to this module only.
|
||||||
let f = import ./nixos/syndicate-server.nix;
|
{ config, lib, pkgs, ... }:
|
||||||
in { config, lib, pkgs, ... }:
|
(import ./nixos/syndicate-server.nix) {
|
||||||
f {
|
|
||||||
inherit config lib;
|
inherit config lib;
|
||||||
pkgs = pkgs.extend self.overlays.default;
|
pkgs = pkgs.extend self.overlays.default;
|
||||||
};
|
};
|
||||||
|
|
|
@ -2,70 +2,95 @@
|
||||||
with lib;
|
with lib;
|
||||||
|
|
||||||
{
|
{
|
||||||
options.services.syndicate-server = {
|
options.services.syndicate = mkOption {
|
||||||
enable = mkEnableOption "the Syndicate dataspace server";
|
default = { };
|
||||||
|
example = {
|
||||||
|
tty1 = {
|
||||||
|
enable = true;
|
||||||
|
user = "jane";
|
||||||
|
config = [ "/etc/syndicate" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
description = ''
|
||||||
|
Syndicate dataspace server instances.
|
||||||
|
If the key is in the form of "tty''${N}" it will
|
||||||
|
be attached to the appropriate teletypwriter.
|
||||||
|
'';
|
||||||
|
type = types.attrsOf (types.submodule {
|
||||||
|
options = {
|
||||||
|
enable = mkEnableOption "this Syndicate dataspace server instance";
|
||||||
|
|
||||||
group = mkOption {
|
user = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "wheel";
|
example = "jane";
|
||||||
example = "users";
|
description = "User account under which the Syndicate server runs.";
|
||||||
description = "Group account under which the Syndicate server runs.";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
package = mkOption {
|
package = mkOption {
|
||||||
default = pkgs.syndicate-server;
|
default = pkgs.syndicate-server;
|
||||||
defaultText = "pkgs.syndicate-server";
|
defaultText = "pkgs.syndicate-server";
|
||||||
type = types.package;
|
type = types.package;
|
||||||
description = "The package to use for the Syndicate dataspace server.";
|
description =
|
||||||
|
"The package to use for the Syndicate dataspace server.";
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkOption {
|
||||||
|
type = types.listOf types.path;
|
||||||
|
description = "Configurations to load.";
|
||||||
|
example = [ "/etc/syndicate" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
tcpListeners = mkOption {
|
|
||||||
default = [ ];
|
|
||||||
example = [{
|
|
||||||
address = "0.0.0.0";
|
|
||||||
port = 8001;
|
|
||||||
}];
|
|
||||||
type = with types;
|
|
||||||
listOf (submodule {
|
|
||||||
options = {
|
|
||||||
address = mkOption { type = str; };
|
|
||||||
port = mkOption { type = port; };
|
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
description = "TCP ports to listen for connections on.";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
unixListeners = mkOption {
|
config = {
|
||||||
default = [ "/run/syndicate/ds" ];
|
|
||||||
type = types.listOf types.path;
|
systemd.services = lib.attrsets.mapAttrs' (name: cfg: {
|
||||||
description = "Sockets to listen for connections on.";
|
name = "syndicate-${name}";
|
||||||
|
value = let
|
||||||
|
flags = lib.strings.concatMapStrings (c: " --config ${c}") cfg.config;
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart =
|
||||||
|
"${cfg.package}/bin/syndicate-server --no-banner ${flags}";
|
||||||
|
User = cfg.user;
|
||||||
};
|
};
|
||||||
|
in if builtins.match "tty[0-9]" name != null then {
|
||||||
|
description = "Syndicate dataspace server";
|
||||||
|
after = [
|
||||||
|
"systemd-user-sessions.service"
|
||||||
|
"systemd-logind.service"
|
||||||
|
"getty@${name}.service"
|
||||||
|
];
|
||||||
|
before = [ "graphical.target" ];
|
||||||
|
wants = [ "dbus.socket" "systemd-logind.service" ];
|
||||||
|
wantedBy = [ "graphical.target" ];
|
||||||
|
conflicts = [ "getty@${name}.service" ];
|
||||||
|
|
||||||
|
restartIfChanged = false;
|
||||||
|
unitConfig.ConditionPathExists = "/dev/${name}";
|
||||||
|
|
||||||
|
serviceConfig = serviceConfig // {
|
||||||
|
PAMName = "login";
|
||||||
|
StandardError = "journal";
|
||||||
|
StandardInput = "tty-fail";
|
||||||
|
StandardOutput = "journal";
|
||||||
|
TTYPath = "/dev/${name}";
|
||||||
|
TTYReset = "yes";
|
||||||
|
TTYVHangup = "yes";
|
||||||
|
TTYVTDisallocate = "yes";
|
||||||
|
UtmpIdentifier = "%n";
|
||||||
|
UtmpMode = "user";
|
||||||
|
WorkingDirectory = "~";
|
||||||
};
|
};
|
||||||
|
} else {
|
||||||
config = let cfg = config.services.syndicate-server;
|
|
||||||
in mkIf cfg.enable {
|
|
||||||
|
|
||||||
assertions = [{
|
|
||||||
assertion = cfg.tcpListeners == [ ];
|
|
||||||
message =
|
|
||||||
"tcpListeners configuration not implemented for Syndicate server";
|
|
||||||
}];
|
|
||||||
|
|
||||||
systemd.services.syndicate-server = {
|
|
||||||
description = "Syndicate dataspace server";
|
description = "Syndicate dataspace server";
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
serviceConfig = {
|
inherit serviceConfig;
|
||||||
ExecStart = "${cfg.package}/bin/syndicate-server --no-banner ${
|
|
||||||
lib.strings.concatMapStrings (l: " --socket ${l}") cfg.unixListeners
|
|
||||||
}";
|
|
||||||
Group = cfg.group;
|
|
||||||
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
|
|
||||||
DynamicUser = true;
|
|
||||||
Restart = "always";
|
|
||||||
RuntimeDirectory = "syndicate";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
})
|
||||||
|
(lib.attrsets.filterAttrs (_: cfg: cfg.enable) config.services.syndicate);
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue