add flake

2026-06-03 10:04:07 +02:00 · 2022-07-04 00:03:03 +02:00 · 2022-07-04 00:03:03 +02:00 · cd68f523df
commit cd68f523df
parent ebb363c90d
5 changed files with 299 additions and 1 deletions
--- a/.envrc
+++ b/.envrc
@ -0,0 +1 @@
+use flake
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1 @@
+flake.lock -diff
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,4 @@
 /target
-config.toml
+/result
+.direnv
+config.toml
--- a/flake.lock
+++ b/flake.lock
@ -0,0 +1,70 @@
+{
+  "nodes": {
+    "naersk": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      },
+      "locked": {
+        "lastModified": 1655042882,
+        "narHash": "sha256-9BX8Fuez5YJlN7cdPO63InoyBy7dm3VlJkkmTt6fS1A=",
+        "owner": "nix-community",
+        "repo": "naersk",
+        "rev": "cddffb5aa211f50c4b8750adbec0bbbdfb26bb9f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "naersk",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 0,
+        "narHash": "sha256-A9RkoGrxzsmMm0vily18p92Rasb+MbdDMaSnzmywXKw=",
+        "path": "/nix/store/dycwkjqxlc93s7ch3c932d0f9xvfch33-source",
+        "type": "path"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "type": "indirect"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 0,
+        "narHash": "sha256-A9RkoGrxzsmMm0vily18p92Rasb+MbdDMaSnzmywXKw=",
+        "path": "/nix/store/dycwkjqxlc93s7ch3c932d0f9xvfch33-source",
+        "type": "path"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "type": "indirect"
+      }
+    },
+    "root": {
+      "inputs": {
+        "naersk": "naersk",
+        "nixpkgs": "nixpkgs_2",
+        "utils": "utils"
+      }
+    },
+    "utils": {
+      "locked": {
+        "lastModified": 1656065134,
+        "narHash": "sha256-oc6E6ByIw3oJaIyc67maaFcnjYOz1mMcOtHxbEf9NwQ=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "bee6a7250dd1b01844a2de7e02e4df7d8a0a206c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
--- a/flake.nix
+++ b/flake.nix
@ -0,0 +1,224 @@
+{
+  inputs = {
+    utils.url = "github:numtide/flake-utils";
+    naersk.url = "github:nix-community/naersk";
+  };
+
+  outputs = {
+    self,
+    nixpkgs,
+    utils,
+    naersk,
+  }:
+    utils.lib.eachDefaultSystem (system: let
+      pkgs = nixpkgs.legacyPackages."${system}";
+      naersk-lib = naersk.lib."${system}";
+    in rec {
+      # `nix build`
+      packages.dispenser = naersk-lib.buildPackage {
+        pname = "dispenser";
+        root = ./.;
+      };
+      defaultPackage = packages.dispenser;
+
+      # `nix run`
+      apps.dispenser = utils.lib.mkApp {
+        drv = packages.dispenser;
+      };
+      defaultApp = apps.dispenser;
+
+      # `nix develop`
+      devShell = pkgs.mkShell {
+        nativeBuildInputs = with pkgs; [rustc cargo];
+      };
+    })
+    // {
+      nixosModule = {
+        config,
+        lib,
+        pkgs,
+        ...
+      }:
+        with lib; let
+          cfg = config.services.dispenser;
+          format = pkgs.formats.toml {};
+          configFile = format.generate "dispenser.toml" (filterAttrs (n: v: v != null) {
+            inherit (cfg) server vultr digitalocean dyndns schedule;
+          });
+        in {
+          options.services.dispenser = {
+            enable = mkEnableOption "Enables the dispenser service";
+
+            server = mkOption {
+              type = types.submodule {
+                options = {
+                  rcon = mkOption {
+                    type = types.str;
+                    description = "Rcon password for created server";
+                  };
+                  password = mkOption {
+                    type = types.str;
+                    description = "Server password for created server";
+                  };
+                  demostf_key = mkOption {
+                    type = types.str;
+                    description = "Api key for demos.tf";
+                  };
+                  logstf_key = mkOption {
+                    type = types.str;
+                    description = "Api key for logs.tf";
+                  };
+                  config_league = mkOption {
+                    type = types.str;
+                    default = "etf2l";
+                    description = "League of the config to load on startup";
+                  };
+                  config_mode = mkOption {
+                    type = types.str;
+                    default = "6v6";
+                    description = "Gamemode of the config to load on startup";
+                  };
+                  name = mkOption {
+                    type = types.str;
+                    default = "Spire";
+                    description = "Server name for the created server";
+                  };
+                  tv_name = mkOption {
+                    type = types.str;
+                    default = "SpireTV";
+                    description = "STV name for the created server";
+                  };
+                  image = mkOption {
+                    type = types.str;
+                    default = "spiretf/docker-spire-server";
+                    description = "Docker image to use for the server";
+                  };
+                  ssh_keys = mkOption {
+                    type = types.listOf types.str;
+                    description = "ssh keys to allow on the server";
+                  };
+                  manage_existing = mkOption {
+                    type = types.bool;
+                    description = "Take control of existing server";
+                  };
+                };
+              };
+            };
+
+            vultr = mkOption {
+              type = types.nullOr (types.submodule {
+                options = {
+                  api_key = mkOption {
+                    type = types.str;
+                    description = "Vultr api key";
+                  };
+                  region = mkOption {
+                    type = types.str;
+                    default = "ams";
+                    description = "Vultr region to deploy the server in";
+                  };
+                  plan = mkOption {
+                    type = types.str;
+                    default = "vc2-1c-2gb";
+                    description = "Vultr plan to deploy";
+                  };
+                };
+              });
+              default = null;
+            };
+
+            digitalocean = mkOption {
+              type = types.nullOr (types.submodule {
+                options = {
+                  api_key = mkOption {
+                    type = types.str;
+                    description = "DO api key";
+                  };
+                  region = mkOption {
+                    type = types.str;
+                    default = "ams3";
+                    description = "DO region to deploy the server in";
+                  };
+                  plan = mkOption {
+                    type = types.str;
+                    default = "s-1vcpu-2gb";
+                    description = "DO plan to deploy";
+                  };
+                };
+              });
+              default = null;
+            };
+
+            dyndns = mkOption {
+              type = types.nullOr (types.submodule {
+                options = {
+                  update_url = mkOption {
+                    type = types.str;
+                    description = "dyndns update url";
+                  };
+                  hostname = mkOption {
+                    type = types.str;
+                    description = "hostname to update";
+                  };
+                  username = mkOption {
+                    type = types.str;
+                    description = "username for the update";
+                  };
+                  password = mkOption {
+                    type = types.str;
+                    description = "password for the update";
+                  };
+                };
+              });
+              default = null;
+            };
+
+            schedule = mkOption {
+              type = types.submodule {
+                options = {
+                  start = mkOption {
+                    type = types.str;
+                    description = "start schedule in cron format";
+                  };
+                  stop = mkOption {
+                    type = types.str;
+                    description = "start schedule in cron format";
+                  };
+                };
+              };
+            };
+
+            docker = mkOption rec {
+              type = types.bool;
+              default = false;
+              example = true;
+              description = "enable docker integration";
+            };
+          };
+
+          config = mkIf cfg.enable {
+            users.groups.dispenser = {};
+            users.users.dispenser = {
+              isSystemUser = true;
+              group = "dispenser";
+            };
+
+            systemd.services.dispenser = let
+              pkg = self.defaultPackage.${pkgs.system};
+            in {
+              wantedBy = ["multi-user.target"];
+              script = "${pkg}/bin/dispenser ${configFile}";
+
+              serviceConfig = {
+                Restart = "on-failure";
+                DynamicUser = true;
+                PrivateTmp = true;
+                ProtectSystem = "full";
+                ProtectHome = true;
+                NoNewPrivileges = true;
+              };
+            };
+          };
+        };
+    };
+}