pykms: nixos module
This commit is contained in:
parent
62e73a75f1
commit
c640e790d5
|
@ -297,6 +297,7 @@
|
|||
rslsync = 279;
|
||||
minio = 280;
|
||||
kanboard = 281;
|
||||
pykms = 282;
|
||||
|
||||
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
|
||||
|
||||
|
@ -563,6 +564,7 @@
|
|||
rslsync = 279;
|
||||
minio = 280;
|
||||
kanboard = 281;
|
||||
pykms = 282;
|
||||
|
||||
# When adding a gid, make sure it doesn't match an existing
|
||||
# uid. Users and groups with the same name should have equal
|
||||
|
|
|
@ -333,6 +333,7 @@
|
|||
./services/misc/parsoid.nix
|
||||
./services/misc/phd.nix
|
||||
./services/misc/plex.nix
|
||||
./services/misc/pykms.nix
|
||||
./services/misc/radarr.nix
|
||||
./services/misc/redmine.nix
|
||||
./services/misc/rippled.nix
|
||||
|
|
|
@ -0,0 +1,90 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.pykms;
|
||||
|
||||
home = "/var/lib/pykms";
|
||||
|
||||
services = {
|
||||
serviceConfig = {
|
||||
Restart = "on-failure";
|
||||
RestartSec = "10s";
|
||||
StartLimitInterval = "1min";
|
||||
PrivateTmp = true;
|
||||
ProtectSystem = "full";
|
||||
ProtectHome = true;
|
||||
};
|
||||
};
|
||||
|
||||
in {
|
||||
|
||||
options = {
|
||||
services.pykms = rec {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Whether to enable the PyKMS service.";
|
||||
};
|
||||
|
||||
listenAddress = mkOption {
|
||||
type = types.str;
|
||||
default = "0.0.0.0";
|
||||
description = "The IP address on which to listen.";
|
||||
};
|
||||
|
||||
port = mkOption {
|
||||
type = types.int;
|
||||
default = 1688;
|
||||
description = "The port on which to listen.";
|
||||
};
|
||||
|
||||
verbose = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Show verbose output.";
|
||||
};
|
||||
|
||||
openFirewallPort = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Whether the listening port should be opened automatically.";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewallPort [ cfg.port ];
|
||||
|
||||
systemd.services = {
|
||||
pykms = services // {
|
||||
description = "Python KMS";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = with pkgs; {
|
||||
User = "pykms";
|
||||
Group = "pykms";
|
||||
ExecStartPre = "${getBin pykms}/bin/create_pykms_db.sh ${home}/clients.db";
|
||||
ExecStart = "${getBin pykms}/bin/server.py ${optionalString cfg.verbose "--verbose"} ${cfg.listenAddress} ${toString cfg.port}";
|
||||
WorkingDirectory = home;
|
||||
MemoryLimit = "64M";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
users = {
|
||||
extraUsers.pykms = {
|
||||
name = "pykms";
|
||||
group = "pykms";
|
||||
home = home;
|
||||
createHome = true;
|
||||
uid = config.ids.uids.pykms;
|
||||
description = "PyKMS daemon user";
|
||||
};
|
||||
|
||||
extraGroups.pykms = {
|
||||
gid = config.ids.gids.pykms;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in New Issue