modules/veilid-server: init

hosts/h/default.nix

@@ -65,12 +65,6 @@ in {
   _module.args.isUnstable = false;
   imports = [
     ./hardware-configuration.nix
-    ../../modules/gotosocial.nix
-    ../../modules/yarr.nix
-    ../../modules/tsvnstat.nix
-    ../../modules/golink.nix
-    ../../modules/sliding-sync.nix
-    ../../modules/ts-rev-prox.nix
   ];
 
   boot.loader.grub.enable = true;
@@ -268,6 +262,10 @@ in {
   };
 
   services = {
+    veilid-server = {
+      enable = true;
+      openFirewall = true;
+    };
     heisenbridge = {
       enable = true;
       homeserver = "http://${mtxCfg.address}:${toString mtxCfg.port}";

modules/default.nix

@@ -1 +1,12 @@
-{...}: {imports = [./ssh-fido-agent.nix];}
+{...}: {
+  imports = [
+    ./golink.nix
+    ./gotosocial.nix
+    ./sliding-sync.nix
+    ./ssh-fido-agent.nix
+    ./ts-rev-prox.nix
+    ./tsvnstat.nix
+    ./veilid-server.nix
+    ./yarr.nix
+  ];
+}

modules/veilid-server.nix

@@ -0,0 +1,82 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with pkgs; let
+  cfg = config.services.veilid-server;
+in {
+  options = with lib; {
+    services.veilid-server = {
+      enable = mkEnableOption "Enable velid-server";
+      user = mkOption {
+        type = with types; oneOf [str int];
+        default = "veilid";
+        description = "The user veilid-server will run as.";
+      };
+
+      group = mkOption {
+        type = with types; oneOf [str int];
+        default = "veilid";
+        description = "The group veilid-server will run with.";
+      };
+
+      dataDir = mkOption {
+        type = types.path;
+        default = "/var/lib/veilid";
+        description = "Path for veilid-server state directory.";
+      };
+
+      package = mkOption {
+        type = types.package;
+        default = pkgs.veilid;
+      };
+
+      openFirewall = mkOption {
+        type = types.bool;
+        default = false;
+        description = "enable veilid-server in the firewall";
+      };
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    users.groups.${cfg.group} = {};
+    users.users.${cfg.user} = {
+      description = "veilid-server user";
+      isSystemUser = true;
+      home = cfg.dataDir;
+      createHome = true;
+      group = cfg.group;
+    };
+
+    networking.firewall = lib.mkIf cfg.openFirewall {
+      allowedTCPPorts = [ 5150 ];
+      allowedUDPPorts = [ 5150 ];
+    };
+
+    systemd.services.veilid-server = {
+      enable = true;
+      description = "veilid-server";
+      wantedBy = ["network-online.target"];
+      after = ["network-online.target"];
+
+      environment = {
+        HOME = cfg.dataDir;
+      };
+
+      serviceConfig = {
+        User = cfg.user;
+        Group = cfg.group;
+
+        RuntimeDirectory = "veilid";
+        StateDirectory = "veilid";
+        StateDirectoryMode = "0700";
+        CacheDirectory = "veilid";
+
+        ExecStart = "${cfg.package}/bin/veilid-server";
+      };
+    };
+  };
+}