pykms: nixos module
This commit is contained in:
parent
62e73a75f1
commit
c640e790d5
|
@ -297,6 +297,7 @@
|
||||||
rslsync = 279;
|
rslsync = 279;
|
||||||
minio = 280;
|
minio = 280;
|
||||||
kanboard = 281;
|
kanboard = 281;
|
||||||
|
pykms = 282;
|
||||||
|
|
||||||
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
|
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
|
||||||
|
|
||||||
|
@ -563,6 +564,7 @@
|
||||||
rslsync = 279;
|
rslsync = 279;
|
||||||
minio = 280;
|
minio = 280;
|
||||||
kanboard = 281;
|
kanboard = 281;
|
||||||
|
pykms = 282;
|
||||||
|
|
||||||
# When adding a gid, make sure it doesn't match an existing
|
# When adding a gid, make sure it doesn't match an existing
|
||||||
# uid. Users and groups with the same name should have equal
|
# uid. Users and groups with the same name should have equal
|
||||||
|
|
|
@ -333,6 +333,7 @@
|
||||||
./services/misc/parsoid.nix
|
./services/misc/parsoid.nix
|
||||||
./services/misc/phd.nix
|
./services/misc/phd.nix
|
||||||
./services/misc/plex.nix
|
./services/misc/plex.nix
|
||||||
|
./services/misc/pykms.nix
|
||||||
./services/misc/radarr.nix
|
./services/misc/radarr.nix
|
||||||
./services/misc/redmine.nix
|
./services/misc/redmine.nix
|
||||||
./services/misc/rippled.nix
|
./services/misc/rippled.nix
|
||||||
|
|
|
@ -0,0 +1,90 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.services.pykms;
|
||||||
|
|
||||||
|
home = "/var/lib/pykms";
|
||||||
|
|
||||||
|
services = {
|
||||||
|
serviceConfig = {
|
||||||
|
Restart = "on-failure";
|
||||||
|
RestartSec = "10s";
|
||||||
|
StartLimitInterval = "1min";
|
||||||
|
PrivateTmp = true;
|
||||||
|
ProtectSystem = "full";
|
||||||
|
ProtectHome = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
in {
|
||||||
|
|
||||||
|
options = {
|
||||||
|
services.pykms = rec {
|
||||||
|
enable = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = "Whether to enable the PyKMS service.";
|
||||||
|
};
|
||||||
|
|
||||||
|
listenAddress = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "0.0.0.0";
|
||||||
|
description = "The IP address on which to listen.";
|
||||||
|
};
|
||||||
|
|
||||||
|
port = mkOption {
|
||||||
|
type = types.int;
|
||||||
|
default = 1688;
|
||||||
|
description = "The port on which to listen.";
|
||||||
|
};
|
||||||
|
|
||||||
|
verbose = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = "Show verbose output.";
|
||||||
|
};
|
||||||
|
|
||||||
|
openFirewallPort = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = "Whether the listening port should be opened automatically.";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewallPort [ cfg.port ];
|
||||||
|
|
||||||
|
systemd.services = {
|
||||||
|
pykms = services // {
|
||||||
|
description = "Python KMS";
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
serviceConfig = with pkgs; {
|
||||||
|
User = "pykms";
|
||||||
|
Group = "pykms";
|
||||||
|
ExecStartPre = "${getBin pykms}/bin/create_pykms_db.sh ${home}/clients.db";
|
||||||
|
ExecStart = "${getBin pykms}/bin/server.py ${optionalString cfg.verbose "--verbose"} ${cfg.listenAddress} ${toString cfg.port}";
|
||||||
|
WorkingDirectory = home;
|
||||||
|
MemoryLimit = "64M";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
users = {
|
||||||
|
extraUsers.pykms = {
|
||||||
|
name = "pykms";
|
||||||
|
group = "pykms";
|
||||||
|
home = home;
|
||||||
|
createHome = true;
|
||||||
|
uid = config.ids.uids.pykms;
|
||||||
|
description = "PyKMS daemon user";
|
||||||
|
};
|
||||||
|
|
||||||
|
extraGroups.pykms = {
|
||||||
|
gid = config.ids.gids.pykms;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in New Issue