spiretf/dispenser
1
0
Fork 0
mirror of https://codeberg.org/spire/dispenser.git synced 2026-06-03 10:04:07 +02:00
Code Issues Projects Releases Packages Wiki Activity

flake reorg

Browse source
This commit is contained in:
Robin Appelman 2024-12-21 14:54:00 +01:00
commit 9802f5c405
13 changed files with 131 additions and 397 deletions
Download patch file Download diff file Expand all files Collapse all files

212
nix/module.nix Normal file
View file

@ -0,0 +1,212 @@
{ config
, lib
, pkgs
, ...
}:
with lib; let
cfg = config.services.dispenser;
format = pkgs.formats.toml { };
configFile = format.generate "dispenser.toml" (filterAttrs (n: v: v != null) {
inherit (cfg) server vultr dyndns schedule;
digital_ocean = cfg.digitalocean;
});
in
{
options.services.dispenser = {
enable = mkEnableOption "Enables the dispenser service";
server = mkOption {
type = types.submodule {
options = {
rcon = mkOption {
type = types.str;
description = "Rcon password for created server";
};
password = mkOption {
type = types.str;
description = "Server password for created server";
};
demostf_key = mkOption {
type = types.str;
description = "Api key for demos.tf";
};
logstf_key = mkOption {
type = types.str;
description = "Api key for logs.tf";
};
config_league = mkOption {
type = types.str;
default = "etf2l";
description = "League of the config to load on startup";
};
config_mode = mkOption {
type = types.str;
default = "6v6";
description = "Gamemode of the config to load on startup";
};
name = mkOption {
type = types.str;
default = "Spire";
description = "Server name for the created server";
};
tv_name = mkOption {
type = types.str;
default = "SpireTV";
description = "STV name for the created server";
};
image = mkOption {
type = types.str;
default = "spiretf/docker-spire-server";
description = "Docker image to use for the server";
};
ssh_keys = mkOption {
type = types.listOf types.str;
description = "ssh keys to allow on the server";
};
manage_existing = mkOption {
type = types.bool;
description = "Take control of existing server";
};
extra_cfg = mkOption {
type = types.str;
description = "Extra config lines to set in the tf2 config";
default = "";
};
};
};
};
vultr = mkOption {
type = types.nullOr (types.submodule {
options = {
api_key = mkOption {
type = types.str;
description = "Vultr api key";
};
region = mkOption {
type = types.str;
default = "ams";
description = "Vultr region to deploy the server in";
};
plan = mkOption {
type = types.str;
default = "vc2-1c-2gb";
description = "Vultr plan to deploy";
};
};
});
default = null;
};
digitalocean = mkOption {
type = types.nullOr (types.submodule {
options = {
api_key = mkOption {
type = types.str;
description = "DO api key";
};
region = mkOption {
type = types.str;
default = "ams3";
description = "DO region to deploy the server in";
};
plan = mkOption {
type = types.str;
default = "s-1vcpu-2gb";
description = "DO plan to deploy";
};
};
});
default = null;
};
dyndns = mkOption {
type = types.nullOr (types.submodule {
options = {
update_url = mkOption {
type = types.str;
description = "dyndns update url";
};
hostname = mkOption {
type = types.str;
description = "hostname to update";
};
username = mkOption {
type = types.str;
description = "username for the update";
};
password = mkOption {
type = types.str;
description = "password for the update";
};
};
});
default = null;
};
schedule = mkOption {
type = types.submodule {
options = {
start = mkOption {
type = types.str;
description = "start schedule in cron format";
};
stop = mkOption {
type = types.str;
description = "start schedule in cron format";
};
};
};
};
package = mkOption {
type = types.package;
defaultText = literalExpression "pkgs.dispenser";
description = "package to use";
};
};
config = mkIf cfg.enable {
systemd.services.dispenser = {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${cfg.package}/bin/dispenser ${configFile}";
Restart = "on-failure";
DynamicUser = true;
PrivateTmp = true;
ProtectSystem = "strict";
ProtectHome = true;
NoNewPrivileges = true;
PrivateDevices = true;
ProtectClock = true;
CapabilityBoundingSet = true;
ProtectKernelLogs = true;
ProtectControlGroups = true;
SystemCallArchitectures = "native";
ProtectKernelModules = true;
RestrictNamespaces = true;
MemoryDenyWriteExecute = true;
ProtectHostname = true;
LockPersonality = true;
ProtectKernelTunables = true;
RestrictAddressFamilies = "AF_INET AF_INET6";
RestrictRealtime = true;
ProtectProc = "noaccess";
SystemCallFilter = [ "@system-service" "~@resources" "~@privileged" ];
IPAddressDeny = "localhost link-local multicast";
};
};
environment.systemPackages = [
(pkgs.writeShellApplication {
name = "dispenser-cli";
runtimeInputs = [ cfg.package ];
text = ''
${cfg.package}/bin/dispenser ${configFile} "$@"
'';
})
];
};
}

3
nix/overlay.nix Normal file
View file

@ -0,0 +1,3 @@
final: prev: {
dispenser = final.callPackage ./package.nix { };
}

34
nix/package.nix Normal file
View file

@ -0,0 +1,34 @@
{ stdenv
, rustPlatform
, libsodium
, pkg-config
, lib
, rust-bin
,
}:
let
inherit (lib.sources) sourceByRegex;
inherit (builtins) fromTOML readFile;
src = sourceByRegex ../. [ "Cargo.*" "(src)(/.*)?" ];
cargoPackage = (fromTOML (readFile ../Cargo.toml)).package;
in
rustPlatform.buildRustPackage rec {
pname = cargoPackage.name;
inherit (cargoPackage) version;
inherit src;
buildInputs = [
libsodium
];
nativeBuildInputs = [
pkg-config
];
doCheck = false;
cargoLock = {
lockFile = ../Cargo.lock;
};
}