diff options
| author | Attila Lendvai <attila@lendvai.name> | 2021-01-22 16:26:53 +0100 |
|---|---|---|
| committer | Attila Lendvai <attila@lendvai.name> | 2021-02-01 10:56:04 +0100 |
| commit | c61c0cc04f46dd80b9dd165ae5cc7816d89c341f (patch) | |
| tree | e3a6c5bb1173074852da7db6cb772bf5d64887ae | |
| parent | 35a9d23b82caa74fce6036e10dfc13f1f3b3c9b7 (diff) | |
nixos/bee-clef: init at 0.4.7
| -rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/services/networking/bee-clef.nix | 107 |
2 files changed, 108 insertions, 0 deletions
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 8227be3ee13b..30fdde780098 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -610,6 +610,7 @@ ./services/networking/avahi-daemon.nix ./services/networking/babeld.nix ./services/networking/bee.nix + ./services/networking/bee-clef.nix ./services/networking/biboumi.nix ./services/networking/bind.nix ./services/networking/bitcoind.nix diff --git a/nixos/modules/services/networking/bee-clef.nix b/nixos/modules/services/networking/bee-clef.nix new file mode 100644 index 000000000000..719714b28982 --- /dev/null +++ b/nixos/modules/services/networking/bee-clef.nix @@ -0,0 +1,107 @@ +{ config, lib, pkgs, ... }: + +# NOTE for now nothing is installed into /etc/bee-clef/. the config files are used as read-only from the nix store. + +with lib; +let + cfg = config.services.bee-clef; +in { + meta = { + maintainers = with maintainers; [ attila-lendvai ]; + }; + + ### interface + + options = { + services.bee-clef = { + enable = mkEnableOption "clef external signer instance for Ethereum Swarm Bee"; + + dataDir = mkOption { + type = types.nullOr types.str; + default = "/var/lib/bee-clef"; + description = '' + Data dir for bee-clef. Beware that some helper scripts may not work when changed! + The service itself should work fine, though. + ''; + }; + + passwordFile = mkOption { + type = types.nullOr types.str; + default = "/var/lib/bee-clef/password"; + description = "Password file for bee-clef."; + }; + + user = mkOption { + type = types.str; + default = "bee-clef"; + description = '' + User the bee-clef daemon should execute under. + ''; + }; + + group = mkOption { + type = types.str; + default = "bee-clef"; + description = '' + Group the bee-clef daemon should execute under. + ''; + }; + }; + }; + + ### implementation + + config = mkIf cfg.enable { + # if we ever want to have rules.js under /etc/bee-clef/ + # environment.etc."bee-clef/rules.js".source = ${pkgs.bee-clef}/rules.js + + systemd.packages = [ pkgs.bee-clef ]; # include the upstream bee-clef.service file + + systemd.tmpfiles.rules = [ + "d '${cfg.dataDir}/' 0750 ${cfg.user} ${cfg.group}" + "d '${cfg.dataDir}/keystore' 0700 ${cfg.user} ${cfg.group}" + ]; + + systemd.services.bee-clef = { + path = [ + # these are needed for the ensure-clef-account script + pkgs.coreutils + pkgs.gnused + pkgs.gawk + ]; + + wantedBy = [ "bee.service" "multi-user.target" ]; + + serviceConfig = { + User = cfg.user; + Group = cfg.group; + ExecStartPre = ''${pkgs.bee-clef}/share/bee-clef/ensure-clef-account "${cfg.dataDir}" "${pkgs.bee-clef}/share/bee-clef/"''; + ExecStart = [ + "" # this hides/overrides what's in the original entry + "${pkgs.bee-clef}/share/bee-clef/bee-clef-service start" + ]; + ExecStop = [ + "" # this hides/overrides what's in the original entry + "${pkgs.bee-clef}/share/bee-clef/bee-clef-service stop" + ]; + Environment = [ + "CONFIGDIR=${cfg.dataDir}" + "PASSWORD_FILE=${cfg.passwordFile}" + ]; + }; + }; + + users.users = optionalAttrs (cfg.user == "bee-clef") { + bee-clef = { + group = cfg.group; + home = cfg.dataDir; + isSystemUser = true; + description = "Daemon user for the bee-clef service"; + }; + }; + + users.groups = optionalAttrs (cfg.group == "bee-clef") { + bee-clef = {}; + }; + }; +} |