forked from hswaw/hscloud
73 lines
2.3 KiB
Nix
73 lines
2.3 KiB
Nix
{ pkgs, ... }:
|
|
|
|
let
|
|
old-pkgs = import (fetchTarball {
|
|
sha256 = "0kdx3pz0l422d0vvvj3h8mnq65jcg2scb13dc1z1lg2a8cln842z";
|
|
url = https://api.github.com/repos/NixOS/nixpkgs/tarball/0bf298df24f721a7f85c580339fb7eeff64b927c;
|
|
}) { config = pkgs.config; };
|
|
|
|
repo = pkgs.fetchgit (builtins.fromJSON
|
|
(builtins.readFile ./checkinator-repo.json));
|
|
checkinator = old-pkgs.callPackage "${repo}/default.nix" {};
|
|
|
|
name = "checkinator-tracker";
|
|
user = name;
|
|
group = name;
|
|
socket_dir = "/run/${name}/";
|
|
|
|
prepare = pkgs.writeShellScriptBin "${name}-prepare" ''
|
|
rm -rf /mnt/secrets/${name}
|
|
${pkgs.coreutils}/bin/install --owner=${user} --mode=500 --directory /mnt/secrets/${name}
|
|
${pkgs.coreutils}/bin/install --owner=${user} --mode=400 -t /mnt/secrets/${name} \
|
|
/etc/nixos/secrets/${name}/ca.pem \
|
|
/etc/nixos/secrets/${name}/cert.pem \
|
|
/etc/nixos/secrets/${name}/key.pem
|
|
|
|
rm -rf ${socket_dir}
|
|
mkdir --mode=700 ${socket_dir}
|
|
${pkgs.acl}/bin/setfacl -m "u:${user}:rwx" ${socket_dir}
|
|
${pkgs.acl}/bin/setfacl -m "u:checkinator-web:rx" ${socket_dir}
|
|
'';
|
|
config = builtins.toFile "${name}-config.yaml" (pkgs.lib.generators.toYAML {} {
|
|
# path to dhcpd lease file
|
|
LEASE_FILE = "/var/lib/dhcp/dhcpd.leases";
|
|
|
|
# timeout for old leases
|
|
TIMEOUT = 1500;
|
|
|
|
# optional - local trusted socket
|
|
GRPC_UNIX_SOCKET = "${socket_dir}/checkinator.sock";
|
|
|
|
# optional - remote authenticated (TLS cert) socket
|
|
GRPC_TLS_CERT_DIR = "/mnt/secrets/checkinator-tracker";
|
|
GRPC_TLS_CA_CERT = "/mnt/secrets/checkinator-tracker/ca.pem";
|
|
GRPC_TLS_ADDRESS = "[::]:2847";
|
|
});
|
|
in {
|
|
users.users."${user}" = {
|
|
group = "${group}";
|
|
isSystemUser = true;
|
|
uid = 1001;
|
|
};
|
|
users.groups."${group}" = {};
|
|
|
|
systemd.services."${name}" = {
|
|
description = "Hackerspace Checkinator";
|
|
wantedBy = [ "multi-user.target" ];
|
|
|
|
serviceConfig.User = "${user}";
|
|
serviceConfig.Type = "simple";
|
|
|
|
serviceConfig.ExecStartPre = [
|
|
''!${prepare}/bin/${name}-prepare''
|
|
];
|
|
serviceConfig.ExecStart = "${checkinator}/bin/checkinator-tracker ${config}";
|
|
serviceConfig.ExecStopPost = [
|
|
''!${pkgs.coreutils}/bin/rm -rf /mnt/secrets/${name}''
|
|
''!${pkgs.coreutils}/bin/rm -rf ${socket_dir}''
|
|
];
|
|
|
|
};
|
|
environment.systemPackages = [ checkinator ];
|
|
}
|