From b337c7a6a79f7588e440ac6bb08ac66ca48a7d2d Mon Sep 17 00:00:00 2001 From: Ricardo Band Date: Mon, 12 Aug 2024 15:54:32 +0200 Subject: [PATCH] add option to flake --- flake.nix | 121 +++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 120 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 7886891..0393d05 100644 --- a/flake.nix +++ b/flake.nix @@ -23,7 +23,6 @@ }; in { - packages.default = sanic; formatter = pkgs.nixpkgs-fmt; devShells.default = pkgs.mkShell { buildInputs = with pkgs; [ @@ -36,6 +35,126 @@ mpc-cli ]; }; + packages.default = sanic; + nixosModules.default = { config, lib, pkgs, options, ... }: + let + cfg = config.services.sanic; + configFile = pkgs.writeText "config.ini" '' + [ui] + host=${cfg.ui.host} + port=${cfg.ui.port} + tls=${cfg.ui.tls} + certificate=${cfg.ui.certificate} + key=${cfg.ui.key} + + [mpd] + host=${cfg.backend.host} + port=${cfg.backend.port} + ''; + execCommand = "${pkgs.sanic}/bin/sanic -c '${configFile}'"; + in + { + options.services.sanic = { + enable = lib.mkEnableOption "Enables the sanic systemd service."; + ui = lib.mkOption { + description = "Setting for HTTP(S) UI."; + example = lib.literalExpression '' + { + host = "[::1]"; + port = 443; + tls = true; + certificate = "${config.security.acme.certs."sanic.example.com".directory}/fullchain.pem"; + key = "${config.security.acme.certs."sanic.example.com".directory}/key.pem"; + } + ''; + default = { + host = "[::1]"; + port = 80; + tls = false; + }; + type = lib.types.submodule { + options = { + host = lib.mkOption { + type = lib.types.str; + default = "[::1]"; + description = "Host to bind to."; + }; + port = lib.mkOption { + type = lib.types.port; + default = 80; + description = "Port to listen on."; + }; + tls = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Enables HTTPS."; + }; + certificate = lib.mkOption { + type = lib.types.nullOr lib.types.path; + default = null; + description = "Path to TLS certificate for HTTPS."; + }; + key = lib.mkOption { + type = lib.types.nullOr lib.types.path; + default = null; + description = "Path to TLS key for HTTPS."; + }; + }; + }; + }; + backend = lib.mkOption { + description = "Configure MPD backend."; + example = lib.literalExpression '' + { + host = "localhost"; + port = 6600; + } + ''; + default = { + host = "localhost"; + port = 6600; + }; + type = lib.types.submodule { + options = { + host = lib.mkOption { + type = lib.types.str; + default = "localhost"; + description = "Hostname or IP of MPD instance."; + }; + port = lib.mkOption { + type = lib.types.port; + default = 6600; + description = "Port of MPD instance."; + }; + }; + }; + }; + }; + + config = lib.mkIf cfg.enable { + systemd.services."sanic" = { + description = "sanic - chaos music control"; + wants = [ "network-online.target" ]; + after = [ "network-online.target" ]; + serviceConfig = { + Restart = "always"; + RestartSec = 30; + ExecStart = execCommand; + User = "sanic"; + Group = "sanic"; + AmbientCapabilities = lib.mkIf (cfg.ui.port < 1000) [ "CAP_NET_BIND_SERVICE" ]; + CapabilityBoundingSet = lib.mkIf (cfg.ui.port < 1000) [ "CAP_NET_BIND_SERVICE" ]; + NoNewPrivileges = true; + }; + wantedBy = [ "multi-user.target" ]; + }; + }; + + #meta = { + # maintainers = with lib.maintainers; [ xengi ]; + # doc = ./default.xml; + #}; + }; } ); }