mirrors/nix-darwin
1
0
Fork 0
mirror of https://github.com/LnL7/nix-darwin.git synced 2024-12-14 11:57:34 +00:00
Code Activity
nix-darwin/modules/services/ofborg/default.nix
Daiderd Jordan 5fa6f21d06
ofborg: init service
2018-01-29 22:37:25 +01:00

110 lines
3.3 KiB
Nix
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.ofborg;
user = config.users.users.ofborg;
in
{
options = {
services.ofborg.enable = mkOption {
type = types.bool;
default = false;
description = "Whether to enable the ofborg builder service.";
};
services.ofborg.package = mkOption {
type = types.package;
example = literalExample "pkgs.ofborg";
description = ''
This option specifies the ofborg package to use. eg.
(import <ofborg> {}).ofborg.rs
$ nix-channel --add https://github.com/NixOS/ofborg/archive/released.tar.gz ofborg
$ nix-channel --update
'';
};
services.ofborg.configFile = mkOption {
type = types.path;
default = "${user.home}/config.json";
description = ''
Configuration file to use for ofborg.
WARNING Don't use a path literal or derivation for this,
that would expose credentials in the store making them world readable.
'';
};
services.ofborg.logFile = mkOption {
type = types.path;
default = "/var/log/ofborg.log";
description = "Whether to enable the khd window manager.";
};
};
config = mkIf cfg.enable {
assertions = [
{ assertion = elem "ofborg" config.users.knownGroups; message = "set users.knownGroups to enable ofborg group"; }
{ assertion = elem "ofborg" config.users.knownUsers; message = "set users.knownUsers to enable ofborg user"; }
];
warnings = mkIf (isDerivation cfg.configFile) [
"services.ofborg.configFile is a derivation, credentials will be world readable"
];
launchd.daemons.ofborg = {
script = ''
git config --global user.email "ofborg@example.com"
git config --global user.name "OfBorg"
exec ${cfg.package}/bin/builder "${cfg.configFile}"
'';
path = [ config.nix.package pkgs.bash pkgs.coreutils pkgs.curl pkgs.git ];
environment =
{ RUST_BACKTRACE = "1";
SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
};
serviceConfig.KeepAlive = true;
serviceConfig.StandardErrorPath = cfg.logFile;
serviceConfig.StandardOutPath = cfg.logFile;
serviceConfig.GroupName = "ofborg";
serviceConfig.UserName = "ofborg";
serviceConfig.WorkingDirectory = user.home;
};
users.users.ofborg.uid = mkDefault 531;
users.users.ofborg.gid = mkDefault config.users.groups.ofborg.gid;
users.users.ofborg.home = mkDefault "/var/lib/ofborg";
users.users.ofborg.shell = "/bin/bash";
users.users.ofborg.description = "OfBorg service user";
users.groups.ofborg.gid = mkDefault 531;
users.groups.ofborg.description = "Nix group for OfBorg service";
# FIXME: create logfiles automatically if defined.
system.activationScripts.preActivation.text = ''
mkdir -p "${user.home}"
touch "${cfg.logFile}"
chown ${toString user.uid}:${toString user.gid} "${user.home}" "${cfg.logFile}"
'';
system.activationScripts.postActivation.text = ''
if ! test -f "${cfg.configFile}"; then
echo >&2 "warning: ofborg config \"${cfg.configFile}\" does not exist"
fi
chmod 600 "${cfg.configFile}"
chown ${toString user.uid}:${toString user.gid} "${cfg.configFile}"
'';
};
}
View git blame Copy permalink