robin/palantir
1
0
Fork 0
mirror of https://codeberg.org/icewind/palantir.git synced 2026-06-03 18:24:08 +02:00
Code Issues Projects Releases Wiki Activity

nixos module

Browse source
This commit is contained in:
Robin Appelman 2022-06-24 19:00:24 +02:00
commit 4993cf59d0
1 changed files with 50 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

51
flake.nix
View file

@ -13,6 +13,11 @@
packages.palantir = naersk-lib.buildPackage { packages.palantir = naersk-lib.buildPackage {
pname = "palantir"; pname = "palantir";
root = ./.; root = ./.;
postInstall = ''
mkdir -p $out/lib/udev/rules.d/
echo 'SUBSYSTEM=="powercap", ACTION=="add", RUN+="${pkgs.coreutils-full}/bin/chgrp -R powermonitoring /sys%p", RUN+="${pkgs.coreutils-full}/bin/chmod -R g=u /sys%p"' >> $out/lib/udev/rules.d/51-palantir.rules
echo 'SUBSYSTEM=="powercap", ACTION=="change", ENV{TRIGGER}!="none", RUN+="${pkgs.coreutils-full}/bin/chgrp -R powermonitoring /sys%p", RUN+="${pkgs.coreutils-full}/bin/chmod -R g=u /sys%p"' >> $out/lib/udev/rules.d/51-palantir.rules
'';
}; };
defaultPackage = packages.palantir; defaultPackage = packages.palantir;
@ -26,5 +31,49 @@
devShell = pkgs.mkShell { devShell = pkgs.mkShell {
nativeBuildInputs = with pkgs; [ rustc cargo ]; nativeBuildInputs = with pkgs; [ rustc cargo ];
}; };
}); }) // {
nixosModule = { config, lib, pkgs, ... }:
with lib;
let cfg = config.palantir.services.palantir;
in {
options.palantir.services.palantir = {
enable = mkEnableOption "Enables the palantir service";
port = mkOption rec {
type = types.int;
default = 5665;
example = default;
description = "The port to listen on";
};
};
config = mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [ cfg.port ];
users.groups.palantir = {};
users.users.palantir = {
isSystemUser = true;
group = "palantir";
};
services.udev.packages = [ self.defaultPackage.${pkgs.system} ];
systemd.services."palantir" = {
wantedBy = [ "multi-user.target" ];
serviceConfig = let pkg = self.defaultPackage.${pkgs.system};
in {
Restart = "on-failure";
ExecStart = "${pkg}/bin/palantir";
User = "palantir";
Environment = "PORT=${toString cfg.port}";
PrivateTmp = true;
ProtectSystem = "full";
ProtectHome = true;
NoNewPrivileges = true;
};
};
};
};
};
} }