From fd17c695c789923a60bda1b6930837de722ee961 Mon Sep 17 00:00:00 2001
From: Emery Hemingway <ehmry@posteo.net>
Date: Fri, 3 Sep 2021 10:57:05 +0200
Subject: [PATCH] Add a NixOS module for the Syndicate server

---
 README.md                  | 58 +++++++++++++++++++++++
 flake.nix                  | 23 +++++----
 nixos/syndicate-server.nix | 96 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 167 insertions(+), 10 deletions(-)
 create mode 100644 README.md
 create mode 100644 nixos/syndicate-server.nix

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..35430a9
--- /dev/null
+++ b/README.md
@@ -0,0 +1,58 @@
+# Syndicate Nix flake
+
+To add to your local flake registry:
+```sh
+nix registry add syndicate "git+https://git.sr.ht/~ehmry/syndicate-flake"
+```
+
+## NixOS service
+
+### Importing
+To import the NixOS module:
+```nix
+{
+  # /etc/nixos/flake.nix
+  inputs.syndicate.url = "git+https://git.sr.ht/~ehmry/syndicate-flake";
+
+  outputs = { self, nixpkgs, syndicate }: {
+
+    nixosConfigurations.myhost = nixpkgs.lib.nixosSystem {
+      system = "x86_64-linux";
+      modules = [
+        ./configuration.nix
+        syndicate.nixosModules.syndicate-server
+      ];
+    };
+
+  };
+
+}
+```
+
+If `/etc/nixos` is not a flake then you may be able to use the `getFlake` builtin
+to retrieve the module.
+```nix
+{ config, lib, pkgs, ... }:
+
+{
+  imports = [ (builtins.getFlake "syndicate").nixosModules.syndicate-server ];
+}
+```
+
+## Configuration
+```nix
+{ config, lib, pkgs, ... }:
+
+{
+  services.syndicate-server = {
+    enable = true;
+    # A socket at /run/syndicate/ds is enable by default.
+    tcpListeners = [{
+      address = "127.0.0.1";
+      port = 3232;
+    }];
+  };
+
+}
+
+```
diff --git a/flake.nix b/flake.nix
index 2ed52e7..1940902 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,5 +1,5 @@
 {
-  description = "Syndicate helper";
+  description = "Syndicate utilities";
 
   inputs.rust.url = "github:oxalica/rust-overlay";
 
@@ -14,19 +14,22 @@
         with final; {
           lib = prev.lib.extend libOverlay;
           syndicate-rs = callPackage ./syndicate-rs {
-            rust = rust-bin.nightly.latest.default;
+            rust = let pkgs = prev.extend rust.overlay;
+            in pkgs.rust-bin.nightly.latest.default;
           };
         };
 
-      legacyPackages = forEachSystem (system:
-        let pkgs = nixpkgs.legacyPackages.${system};
-        in (pkgs.extend rust.overlay).extend self.overlay);
-
       packages = forEachSystem (system:
-        let pkgs = nixpkgs.legacyPackages.${system};
-        in with (pkgs.extend rust.overlay).extend self.overlay; {
-          inherit syndicate-rs;
-        });
+        let pkgs = nixpkgs.legacyPackages.${system}.extend self.overlay;
+        in with pkgs; { inherit syndicate-rs; });
 
+      nixosModules.syndicate-server =
+        # A little hack to apply our overlay to this module only.
+        let f = import ./nixos/syndicate-server.nix;
+        in { config, lib, pkgs, ... }:
+        f {
+          inherit config lib;
+          pkgs = pkgs.extend self.overlay;
+        };
     };
 }
diff --git a/nixos/syndicate-server.nix b/nixos/syndicate-server.nix
new file mode 100644
index 0000000..86918de
--- /dev/null
+++ b/nixos/syndicate-server.nix
@@ -0,0 +1,96 @@
+{ config, lib, pkgs, ... }:
+with lib;
+
+{
+  options.services.syndicate-server = {
+    enable = mkEnableOption "the Syndicate dataspace server";
+
+    package = mkOption {
+      default = pkgs.syndicate-rs;
+      defaultText = "pkgs.syndicate-rs";
+      type = types.package;
+      description = "The package to use for the Syndicate dataspace server.";
+    };
+
+    tcpListeners = mkOption {
+      default = [ ];
+      example = [{
+        address = "0.0.0.0";
+        port = 8001;
+      }];
+      type = with types;
+        listOf (submodule {
+          options = {
+            address = mkOption { type = str; };
+            port = mkOption { type = port; };
+          };
+        });
+      description = "TCP ports to listen for connections on.";
+    };
+
+    unixListeners = mkOption {
+      default = [ "/run/syndicate/ds" ];
+      type = types.listOf types.path;
+      description = "Sockets to listen for connections on.";
+    };
+
+  };
+
+  config = let
+    cfg = config.services.syndicate-server;
+    configDir = "/run/syndicate/config";
+    requireServiceRelayListener = spec:
+      "<require-service <relay-listener ${spec}>>";
+  in mkIf cfg.enable {
+
+    systemd.services.syndicate-server = {
+      description = "Syndicate dataspace server";
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p ${configDir}";
+        ExecStart = "${cfg.package}/bin/syndicate-server --config ${configDir}";
+        AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
+        DynamicUser = true;
+        Restart = "always";
+        RuntimeDirectory = "syndicate";
+      };
+    };
+
+    systemd.services.syndicate-server-unix-listeners = {
+      description = "Syndicate dataspace server";
+      after = [ "syndicate-server.service" "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        ExecStart = let
+          prsFile = builtins.toFile "unix-listeners.pr"
+            (lib.strings.concatMapStrings
+              (path: requireServiceRelayListener ''<unix "${path}">'')
+              cfg.unixListeners);
+          flags = map (path: "--socket ${path}") cfg.sockets;
+        in "${pkgs.coreutils}/bin/cp ${prsFile} ${configDir}/nixos-unix-listeners.pr";
+        ExecStop =
+          "${pkgs.coreutils}/bin/rm ${configDir}/nixos-unix-listeners.pr";
+        RemainAfterExit = true;
+      };
+    };
+
+    systemd.services.syndicate-server-tcp-listeners = {
+      description = "Syndicate dataspace server";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "syndicate-server.service" ];
+      serviceConfig = {
+        ExecStart = let
+          prsFile = builtins.toFile "tcp-listeners.pr"
+            (lib.strings.concatMapStrings ({ address, port }:
+              requireServiceRelayListener
+              ''<tcp "${address}" ${toString port}>'') cfg.tcpListeners);
+          flags = map (path: "--socket ${path}") cfg.sockets;
+        in "${pkgs.coreutils}/bin/cp ${prsFile} ${configDir}/nixos-tcp-listeners.pr";
+        ExecStop =
+          "${pkgs.coreutils}/bin/rm ${configDir}/nixos-tcp-listeners.pr";
+        RemainAfterExit = true;
+      };
+    };
+
+  };
+}