xin/modules/veilid-server.nix

83 lines
1.9 KiB
Nix
Raw Permalink Normal View History

2023-09-12 08:44:05 -06:00
{ config
, lib
, pkgs
, ...
2023-09-03 19:49:32 -06:00
}:
with pkgs; let
cfg = config.services.veilid-server;
2023-09-12 08:44:05 -06:00
in
{
2023-09-03 19:49:32 -06:00
options = with lib; {
services.veilid-server = {
enable = mkEnableOption "Enable velid-server";
user = mkOption {
2023-09-12 08:44:05 -06:00
type = with types; oneOf [ str int ];
2023-09-03 19:49:32 -06:00
default = "veilid";
description = "The user veilid-server will run as.";
};
group = mkOption {
2023-09-12 08:44:05 -06:00
type = with types; oneOf [ str int ];
2023-09-03 19:49:32 -06:00
default = "veilid";
description = "The group veilid-server will run with.";
};
dataDir = mkOption {
type = types.path;
default = "/var/lib/veilid";
description = "Path for veilid-server state directory.";
};
package = mkOption {
type = types.package;
default = pkgs.veilid;
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = "enable veilid-server in the firewall";
};
};
};
config = lib.mkIf cfg.enable {
2023-09-12 08:44:05 -06:00
users.groups.${cfg.group} = { };
2023-09-03 19:49:32 -06:00
users.users.${cfg.user} = {
2023-09-03 19:58:14 -06:00
inherit (cfg) group;
2023-09-03 19:49:32 -06:00
description = "veilid-server user";
isSystemUser = true;
home = cfg.dataDir;
createHome = true;
};
networking.firewall = lib.mkIf cfg.openFirewall {
2023-09-12 08:44:05 -06:00
allowedTCPPorts = [ 5150 ];
allowedUDPPorts = [ 5150 ];
2023-09-03 19:49:32 -06:00
};
systemd.services.veilid-server = {
enable = true;
description = "veilid-server";
2023-09-12 08:44:05 -06:00
wantedBy = [ "network-online.target" ];
after = [ "network-online.target" ];
2023-09-03 19:49:32 -06:00
environment = {
HOME = cfg.dataDir;
};
serviceConfig = {
User = cfg.user;
Group = cfg.group;
RuntimeDirectory = "veilid";
StateDirectory = "veilid";
StateDirectoryMode = "0700";
CacheDirectory = "veilid";
ExecStart = "${cfg.package}/bin/veilid-server";
};
};
};
}