robin/shelve
1
0
Fork 0
mirror of https://codeberg.org/icewind/shelve.git synced 2026-06-03 20:14:08 +02:00
Code Issues Releases Wiki Activity

add flake

Browse source
This commit is contained in:
Robin Appelman 2022-07-15 23:11:10 +02:00
commit 928582ebd6
4 changed files with 187 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.envrc Normal file
View file

@ -0,0 +1 @@
use flake

5
.gitignore vendored
View file

@ -1,4 +1,5 @@
/target /target
**/*.rs.bk /data
data .direnv
.env .env
result

70
flake.lock generated Normal file
View file

@ -0,0 +1,70 @@
{
"nodes": {
"flake-utils": {
"locked": {
"lastModified": 1656928814,
"narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"naersk": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1655042882,
"narHash": "sha256-9BX8Fuez5YJlN7cdPO63InoyBy7dm3VlJkkmTt6fS1A=",
"owner": "nix-community",
"repo": "naersk",
"rev": "cddffb5aa211f50c4b8750adbec0bbbdfb26bb9f",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "naersk",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 0,
"narHash": "sha256-URmf0O2cQ/3heg2DJOeLyU/JmfVMqG4X5t9crQXMaeY=",
"path": "/nix/store/35wga4qglxf9rm8ki22ry3clwv1k2a7l-source",
"type": "path"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 0,
"narHash": "sha256-URmf0O2cQ/3heg2DJOeLyU/JmfVMqG4X5t9crQXMaeY=",
"path": "/nix/store/35wga4qglxf9rm8ki22ry3clwv1k2a7l-source",
"type": "path"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
}
},
"root": {
"inputs": {
"flake-utils": "flake-utils",
"naersk": "naersk",
"nixpkgs": "nixpkgs_2"
}
}
},
"root": "root",
"version": 7
}

112
flake.nix Normal file
View file

@ -0,0 +1,112 @@
{
inputs = {
flake-utils.url = "github:numtide/flake-utils";
naersk.url = "github:nix-community/naersk";
};
outputs = {
self,
nixpkgs,
flake-utils,
naersk,
}:
flake-utils.lib.eachDefaultSystem (
system: let
pkgs = nixpkgs.legacyPackages."${system}";
naersk-lib = naersk.lib."${system}";
in rec {
# `nix build`
packages.shelve = naersk-lib.buildPackage {
pname = "shelve";
root = ./.;
};
defaultPackage = packages.shelve;
defaultApp = packages.shelve;
# `nix develop`
devShell = pkgs.mkShell {
nativeBuildInputs = with pkgs; [rustc cargo bacon];
};
}
)
// {
nixosModule = {
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.services.shelve;
in {
options.services.shelve = {
enable = mkEnableOption "Enables the shelve service";
port = mkOption rec {
type = types.int;
example = 8080;
description = "The port to listen on";
};
bindAddress = mkOption {
type = types.str;
default = "0.0.0.0";
description = "Address to listen on";
};
tokens = mkOption {
type = types.listOf types.str;
default = [];
example = ["foo" "bar"];
description = "upload tokens";
};
basedir = mkOption {
type = types.str;
description = "data base directory";
};
openPort = mkOption {
type = types.bool;
default = false;
example = true;
description = "open port";
};
};
config = mkIf cfg.enable {
networking.firewall.allowedTCPPorts = lib.optional cfg.openPort cfg.port;
users.groups.shelve = {};
users.users.shelve = {
isSystemUser = true;
group = "shelve";
};
systemd.services.shelve = let
pkg = self.defaultPackage.${pkgs.system};
in {
wantedBy = ["multi-user.target"];
environment = {
ROCKET_PORT = toString cfg.port;
ROCKET_ADDRESS = cfg.bindAddress;
BASEDIR = cfg.basedir;
TOKENS = concatStringsSep "," cfg.tokens;
};
script = "${pkg}/bin/shelve";
serviceConfig = {
Restart = "on-failure";
User = "shelve";
PrivateTmp = true;
ProtectSystem = "full";
ProtectHome = true;
NoNewPrivileges = true;
ReadWritePaths = cfg.basedir;
NoExecPaths = cfg.basedir;
};
};
};
};
};
}