From 8b4b1cead6e6494271078420e92f4b84b2a2ce4b Mon Sep 17 00:00:00 2001 From: niten Date: Mon, 6 Feb 2023 15:18:31 -0800 Subject: [PATCH] Add Nix code (not complete) --- backplane-dns.nix | 24 +++++++++ flake.nix | 28 ++++++++++ module.nix | 127 ++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 179 insertions(+) create mode 100644 backplane-dns.nix create mode 100644 flake.nix create mode 100644 module.nix diff --git a/backplane-dns.nix b/backplane-dns.nix new file mode 100644 index 0000000..584efa1 --- /dev/null +++ b/backplane-dns.nix @@ -0,0 +1,24 @@ +{ pkgs, backplane-server, ... }: + +pkgs.lispPackages.buildLispPackage { + baseName = "backplane-dns"; + description = "Fudo XMPP Backplane DNS Server"; + + buildSystems = [ "backplane-dns" ]; + + src = ./.; + + deps = with pkgs.lispPackages; [ + arrows + alexandria + backplane-server + cl-ppcre + cl_plus_ssl + ip-utils + postmodern + prove + trivia + ]; + + asdFilesToKeep = [ "backplane-dns.asd" ]; +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..b1639ed --- /dev/null +++ b/flake.nix @@ -0,0 +1,28 @@ +{ + inputs = { + nixpkgs.url = "nixpkgs/nixos-22.11"; + utils.url = "github:numtide/flake-utils"; + backplane-server.url = ""; + }; + + outputs = { self, nixpkgs, utils, backplane-server, ... }: + utils.lib.eachDefaultSystem (system: + let + pkgs = import nixpkgs { inherit system; }; + backplane-server-pkgs = backplane-server.packages."${system}"; + in { + packages = rec { + default = backplane-dns; + backplane-dns = import ./backplane-dns.nix { + inherit pkgs; + inherit (backplane-server.packages."${system}") backplane-server; + }; + }; + }) // { + nixosModules = rec { + default = backplane-dns; + backplane-dns = + import ./module.nix { local-packages = self.packages; }; + }; + }; +} diff --git a/module.nix b/module.nix new file mode 100644 index 0000000..3bb095c --- /dev/null +++ b/module.nix @@ -0,0 +1,127 @@ +{ backplane-dns }: + +{ config, lib, pkgs, ... }: + +with lib; { + options.fudo.backplane.server.dns = with types; { + enable = mkEnableOption "Enable Fudo DNS Backplane Server"; + + required-services = mkOption { + type = listOf str; + description = + "List of systemd units on which the DNS backplane job depends."; + default = [ ]; + }; + + backplane = { + host = mkOption { + type = str; + descritpion = "Backplane XMPP server hostname."; + }; + + role = mkOption { + type = str; + description = "Backplane XMPP role name for DNS backplane job."; + default = "service-dns"; + }; + + password-file = mkOption { + type = str; + description = + "Password file for backplane XMPP for DNS backplane role."; + }; + }; + + database = { + host = mkOption { + type = str; + description = "Hostname or IP of the PostGreSQL server."; + }; + + database = mkOption { + type = str; + description = "Database to use for DNS backplane service."; + default = "backplane_dns"; + }; + + username = mkOption { + type = str; + description = "Database user for DNS backplane."; + default = "backplane_dns"; + }; + + password-file = mkOption { + type = str; + description = + "File containing password for DNS backplane database user."; + }; + + ssl-mode = mkOption { + type = enum [ "no" "yes" "full" "try" "require" ]; + description = "SSL connection mode."; + default = "require"; + }; + }; + }; + + config = let cfg = config.fudo.backplane.server.dns; + in { + systemd.services.backplane-dns = { + description = "Fudo DNS Backplane Server"; + + wantedBy = [ "network-online.target" ]; + after = [ "network-online.target" ] ++ cfg.required-services; + partOf = [ "backplane-dns.target" ]; + requires = cfg.required-services; + + path = with pkgs; [ backplane-dns-server ]; + environment = { + FUDO_DNS_BACKPLANE_XMPP_HOSTNAME = cfg.backplane.host; + FUDO_DNS_BACKPLANE_XMPP_USERNAME = cfg.backplane.role; + FUDO_DNS_BACKPLANE_XMPP_PASSWORD_FILE = + "$CREDENTIALS_DIRECTORY/backplane.passwd"; + + FUDO_DNS_BACKPLANE_DATABASE_HOSTNAME = cfg.database.host; + FUDO_DNS_BACKPLANE_DATABASE_NAME = cfg.database.database; + FUDO_DNS_BACKPLANE_DATABASE_USERNAME = cfg.database.username; + FUDO_DNS_BACKPLANE_DATABASE_PASSWORD_FILE = + "$CREDENTIALS_DIRECTORY/db.passwd"; + FUDO_DNS_BACKPLANE_DATABASE_USE_SSL = cfg.database.ssl-mode; + + HOME = "$RUNTIME_DIRECTORY"; + + # CL_SOURCE_REGISTRY = + # pkgs.lib.lisp.lisp-source-registry pkgs.backplane-dns-server; + + # LD_LIBRARY_PATH = "${pkgs.openssl.out}/lib"; + }; + + serviceConfig = { + DynamicUser = true; + RuntimeDirectory = "backplane-dns"; + LoadCredentials = [ + "db.passwd:${cfg.database.password-file}" + "backplane.passwd:${cfg.backplane.password-file}" + ]; + # Needs access to network both for Postgresql and the Backplane + PrivateNetwork = false; + PrivateUsers = true; + PrivateDevices = true; + PrivateTmp = true; + PrivateMounts = true; + ProtectControlGroups = opts.protectControlGroups; + ProtectKernelTunables = opts.protectKernelTunables; + ProtectKernelModules = opts.protectKernelModules; + ProtectSystem = opts.protectSystem; + ProtectHostname = opts.protectHostname; + ProtectHome = opts.protectHome; + ProtectClock = opts.protectClock; + Restart = "always"; + LockPersonality = true; + RestrictRealtime = true; + LimitNOFILE = "4096"; + PermissionsStartOnly = true; + }; + }; + }; +}