add option to flake
This commit is contained in:
parent
e0baa020c3
commit
b337c7a6a7
SSH key fingerprint:
SHA256:jxWM2RTHvxxcncXycwwWkP7HCWb4VREN05UGJTbIPZg
121
flake.nix
121
flake.nix
|
|
@ -23,7 +23,6 @@
|
|||
};
|
||||
in
|
||||
{
|
||||
packages.default = sanic;
|
||||
formatter = pkgs.nixpkgs-fmt;
|
||||
devShells.default = pkgs.mkShell {
|
||||
buildInputs = with pkgs; [
|
||||
|
|
@ -36,6 +35,126 @@
|
|||
mpc-cli
|
||||
];
|
||||
};
|
||||
packages.default = sanic;
|
||||
nixosModules.default = { config, lib, pkgs, options, ... }:
|
||||
let
|
||||
cfg = config.services.sanic;
|
||||
configFile = pkgs.writeText "config.ini" ''
|
||||
[ui]
|
||||
host=${cfg.ui.host}
|
||||
port=${cfg.ui.port}
|
||||
tls=${cfg.ui.tls}
|
||||
certificate=${cfg.ui.certificate}
|
||||
key=${cfg.ui.key}
|
||||
|
||||
[mpd]
|
||||
host=${cfg.backend.host}
|
||||
port=${cfg.backend.port}
|
||||
'';
|
||||
execCommand = "${pkgs.sanic}/bin/sanic -c '${configFile}'";
|
||||
in
|
||||
{
|
||||
options.services.sanic = {
|
||||
enable = lib.mkEnableOption "Enables the sanic systemd service.";
|
||||
ui = lib.mkOption {
|
||||
description = "Setting for HTTP(S) UI.";
|
||||
example = lib.literalExpression ''
|
||||
{
|
||||
host = "[::1]";
|
||||
port = 443;
|
||||
tls = true;
|
||||
certificate = "${config.security.acme.certs."sanic.example.com".directory}/fullchain.pem";
|
||||
key = "${config.security.acme.certs."sanic.example.com".directory}/key.pem";
|
||||
}
|
||||
'';
|
||||
default = {
|
||||
host = "[::1]";
|
||||
port = 80;
|
||||
tls = false;
|
||||
};
|
||||
type = lib.types.submodule {
|
||||
options = {
|
||||
host = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "[::1]";
|
||||
description = "Host to bind to.";
|
||||
};
|
||||
port = lib.mkOption {
|
||||
type = lib.types.port;
|
||||
default = 80;
|
||||
description = "Port to listen on.";
|
||||
};
|
||||
tls = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = "Enables HTTPS.";
|
||||
};
|
||||
certificate = lib.mkOption {
|
||||
type = lib.types.nullOr lib.types.path;
|
||||
default = null;
|
||||
description = "Path to TLS certificate for HTTPS.";
|
||||
};
|
||||
key = lib.mkOption {
|
||||
type = lib.types.nullOr lib.types.path;
|
||||
default = null;
|
||||
description = "Path to TLS key for HTTPS.";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
backend = lib.mkOption {
|
||||
description = "Configure MPD backend.";
|
||||
example = lib.literalExpression ''
|
||||
{
|
||||
host = "localhost";
|
||||
port = 6600;
|
||||
}
|
||||
'';
|
||||
default = {
|
||||
host = "localhost";
|
||||
port = 6600;
|
||||
};
|
||||
type = lib.types.submodule {
|
||||
options = {
|
||||
host = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "localhost";
|
||||
description = "Hostname or IP of MPD instance.";
|
||||
};
|
||||
port = lib.mkOption {
|
||||
type = lib.types.port;
|
||||
default = 6600;
|
||||
description = "Port of MPD instance.";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
systemd.services."sanic" = {
|
||||
description = "sanic - chaos music control";
|
||||
wants = [ "network-online.target" ];
|
||||
after = [ "network-online.target" ];
|
||||
serviceConfig = {
|
||||
Restart = "always";
|
||||
RestartSec = 30;
|
||||
ExecStart = execCommand;
|
||||
User = "sanic";
|
||||
Group = "sanic";
|
||||
AmbientCapabilities = lib.mkIf (cfg.ui.port < 1000) [ "CAP_NET_BIND_SERVICE" ];
|
||||
CapabilityBoundingSet = lib.mkIf (cfg.ui.port < 1000) [ "CAP_NET_BIND_SERVICE" ];
|
||||
NoNewPrivileges = true;
|
||||
};
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
};
|
||||
};
|
||||
|
||||
#meta = {
|
||||
# maintainers = with lib.maintainers; [ xengi ];
|
||||
# doc = ./default.xml;
|
||||
#};
|
||||
};
|
||||
}
|
||||
);
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue