mirror of
https://codeberg.org/icewind/palantir.git
synced 2026-06-03 18:24:08 +02:00
fmt flake
This commit is contained in:
parent
ec4031149a
commit
df88fd2102
1 changed files with 57 additions and 45 deletions
102
flake.nix
102
flake.nix
|
|
@ -4,7 +4,12 @@
|
||||||
naersk.url = "github:nix-community/naersk";
|
naersk.url = "github:nix-community/naersk";
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = { self, nixpkgs, utils, naersk }:
|
outputs = {
|
||||||
|
self,
|
||||||
|
nixpkgs,
|
||||||
|
utils,
|
||||||
|
naersk,
|
||||||
|
}:
|
||||||
utils.lib.eachDefaultSystem (system: let
|
utils.lib.eachDefaultSystem (system: let
|
||||||
pkgs = nixpkgs.legacyPackages."${system}";
|
pkgs = nixpkgs.legacyPackages."${system}";
|
||||||
naersk-lib = naersk.lib."${system}";
|
naersk-lib = naersk.lib."${system}";
|
||||||
|
|
@ -13,11 +18,11 @@
|
||||||
packages.palantir = naersk-lib.buildPackage {
|
packages.palantir = naersk-lib.buildPackage {
|
||||||
pname = "palantir";
|
pname = "palantir";
|
||||||
root = ./.;
|
root = ./.;
|
||||||
postInstall = ''
|
postInstall = ''
|
||||||
mkdir -p $out/lib/udev/rules.d/
|
mkdir -p $out/lib/udev/rules.d/
|
||||||
echo 'SUBSYSTEM=="powercap", ACTION=="add", RUN+="${pkgs.coreutils-full}/bin/chgrp -R powermonitoring /sys%p", RUN+="${pkgs.coreutils-full}/bin/chmod -R g=u /sys%p"' >> $out/lib/udev/rules.d/51-palantir.rules
|
echo 'SUBSYSTEM=="powercap", ACTION=="add", RUN+="${pkgs.coreutils-full}/bin/chgrp -R powermonitoring /sys%p", RUN+="${pkgs.coreutils-full}/bin/chmod -R g=u /sys%p"' >> $out/lib/udev/rules.d/51-palantir.rules
|
||||||
echo 'SUBSYSTEM=="powercap", ACTION=="change", ENV{TRIGGER}!="none", RUN+="${pkgs.coreutils-full}/bin/chgrp -R powermonitoring /sys%p", RUN+="${pkgs.coreutils-full}/bin/chmod -R g=u /sys%p"' >> $out/lib/udev/rules.d/51-palantir.rules
|
echo 'SUBSYSTEM=="powercap", ACTION=="change", ENV{TRIGGER}!="none", RUN+="${pkgs.coreutils-full}/bin/chgrp -R powermonitoring /sys%p", RUN+="${pkgs.coreutils-full}/bin/chmod -R g=u /sys%p"' >> $out/lib/udev/rules.d/51-palantir.rules
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
defaultPackage = packages.palantir;
|
defaultPackage = packages.palantir;
|
||||||
|
|
||||||
|
|
@ -29,53 +34,60 @@
|
||||||
|
|
||||||
# `nix develop`
|
# `nix develop`
|
||||||
devShell = pkgs.mkShell {
|
devShell = pkgs.mkShell {
|
||||||
nativeBuildInputs = with pkgs; [ rustc cargo ];
|
nativeBuildInputs = with pkgs; [rustc cargo];
|
||||||
};
|
};
|
||||||
}) // {
|
})
|
||||||
nixosModule = { config, lib, pkgs, ... }:
|
// {
|
||||||
with lib;
|
nixosModule = {
|
||||||
let cfg = config.palantir.services.palantir;
|
config,
|
||||||
in {
|
lib,
|
||||||
options.palantir.services.palantir = {
|
pkgs,
|
||||||
enable = mkEnableOption "Enables the palantir service";
|
...
|
||||||
|
}:
|
||||||
|
with lib; let
|
||||||
|
cfg = config.palantir.services.palantir;
|
||||||
|
in {
|
||||||
|
options.palantir.services.palantir = {
|
||||||
|
enable = mkEnableOption "Enables the palantir service";
|
||||||
|
|
||||||
port = mkOption rec {
|
port = mkOption rec {
|
||||||
type = types.int;
|
type = types.int;
|
||||||
default = 5665;
|
default = 5665;
|
||||||
example = default;
|
example = default;
|
||||||
description = "The port to listen on";
|
description = "The port to listen on";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
networking.firewall.allowedTCPPorts = [ cfg.port ];
|
networking.firewall.allowedTCPPorts = [cfg.port];
|
||||||
|
|
||||||
users.groups.palantir = {};
|
users.groups.palantir = {};
|
||||||
users.groups.powermonitoring = {};
|
users.groups.powermonitoring = {};
|
||||||
users.users.palantir = {
|
users.users.palantir = {
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
group = "palantir";
|
group = "palantir";
|
||||||
extraGroups = [ "powermonitoring" ];
|
extraGroups = ["powermonitoring"];
|
||||||
};
|
};
|
||||||
|
|
||||||
services.udev.packages = [ self.defaultPackage.${pkgs.system} ];
|
services.udev.packages = [self.defaultPackage.${pkgs.system}];
|
||||||
|
|
||||||
systemd.services."palantir" = {
|
systemd.services."palantir" = {
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = ["multi-user.target"];
|
||||||
|
|
||||||
serviceConfig = let pkg = self.defaultPackage.${pkgs.system};
|
serviceConfig = let
|
||||||
in {
|
pkg = self.defaultPackage.${pkgs.system};
|
||||||
Restart = "on-failure";
|
in {
|
||||||
ExecStart = "${pkg}/bin/palantir";
|
Restart = "on-failure";
|
||||||
User = "palantir";
|
ExecStart = "${pkg}/bin/palantir";
|
||||||
Environment = "PORT=${toString cfg.port}";
|
User = "palantir";
|
||||||
PrivateTmp = true;
|
Environment = "PORT=${toString cfg.port}";
|
||||||
ProtectSystem = "full";
|
PrivateTmp = true;
|
||||||
ProtectHome = true;
|
ProtectSystem = "full";
|
||||||
NoNewPrivileges = true;
|
ProtectHome = true;
|
||||||
|
NoNewPrivileges = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue