nixos module

2026-06-03 18:24:08 +02:00 · 2022-06-24 19:00:24 +02:00 · 2022-06-24 19:00:24 +02:00 · 4993cf59d0
commit 4993cf59d0
parent 81558c1fee
1 changed files with 50 additions and 1 deletions
--- a/flake.nix
+++ b/flake.nix
@ -13,6 +13,11 @@
      packages.palantir = naersk-lib.buildPackage {
        pname = "palantir";
        root = ./.;
+	postInstall = ''
+	  mkdir -p $out/lib/udev/rules.d/
+	  echo 'SUBSYSTEM=="powercap", ACTION=="add", RUN+="${pkgs.coreutils-full}/bin/chgrp -R powermonitoring /sys%p", RUN+="${pkgs.coreutils-full}/bin/chmod -R g=u /sys%p"' >> $out/lib/udev/rules.d/51-palantir.rules
+          echo 'SUBSYSTEM=="powercap", ACTION=="change", ENV{TRIGGER}!="none", RUN+="${pkgs.coreutils-full}/bin/chgrp -R powermonitoring /sys%p", RUN+="${pkgs.coreutils-full}/bin/chmod -R g=u /sys%p"' >> $out/lib/udev/rules.d/51-palantir.rules
+	'';
      };
      defaultPackage = packages.palantir;

@ -26,5 +31,49 @@
      devShell = pkgs.mkShell {
        nativeBuildInputs = with pkgs; [ rustc cargo ];
      };
-    });
+  }) // {
+    nixosModule = { config, lib, pkgs, ... }:
+    with lib;
+    let cfg = config.palantir.services.palantir;
+    in {
+      options.palantir.services.palantir = {
+        enable = mkEnableOption "Enables the palantir service";
+
+	port = mkOption rec {
+          type = types.int;
+          default = 5665;
+          example = default;
+          description = "The port to listen on";
+        };
+      };
+
+      config = mkIf cfg.enable {
+        networking.firewall.allowedTCPPorts = [ cfg.port ];
+
+        users.groups.palantir = {};
+        users.users.palantir = {
+	  isSystemUser = true;
+	  group = "palantir";
+	};
+
+	services.udev.packages = [ self.defaultPackage.${pkgs.system} ];
+
+        systemd.services."palantir" = {
+          wantedBy = [ "multi-user.target" ];
+
+          serviceConfig = let pkg = self.defaultPackage.${pkgs.system};
+          in {
+            Restart = "on-failure";
+            ExecStart = "${pkg}/bin/palantir";
+	    User = "palantir";
+            Environment = "PORT=${toString cfg.port}";
+            PrivateTmp = true;
+            ProtectSystem = "full";
+            ProtectHome = true;
+            NoNewPrivileges = true;
+          };
+        };
+      };
+    };
+  };
 }