xin/modules/veilid-server.nix

82 lines
1.8 KiB
Nix

{ config
, lib
, pkgs
, ...
}:
with pkgs; let
cfg = config.services.veilid-server;
in
{
options = with lib; {
services.veilid-server = {
enable = mkEnableOption "Enable velid-server";
user = mkOption {
type = with types; oneOf [ str int ];
default = "veilid";
description = "The user veilid-server will run as.";
};
group = mkOption {
type = with types; oneOf [ str int ];
default = "veilid";
description = "The group veilid-server will run with.";
};
dataDir = mkOption {
type = types.path;
default = "/var/lib/veilid";
description = "Path for veilid-server state directory.";
};
package = mkOption {
type = types.package;
default = pkgs.veilid;
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = "enable veilid-server in the firewall";
};
};
};
config = lib.mkIf cfg.enable {
users.groups.${cfg.group} = { };
users.users.${cfg.user} = {
inherit (cfg) group;
description = "veilid-server user";
isSystemUser = true;
home = cfg.dataDir;
createHome = true;
};
networking.firewall = lib.mkIf cfg.openFirewall {
allowedTCPPorts = [ 5150 ];
allowedUDPPorts = [ 5150 ];
};
systemd.services.veilid-server = {
enable = true;
description = "veilid-server";
wants = [ "network-online.target" ];
environment = {
HOME = cfg.dataDir;
};
serviceConfig = {
User = cfg.user;
Group = cfg.group;
RuntimeDirectory = "veilid";
StateDirectory = "veilid";
StateDirectoryMode = "0700";
CacheDirectory = "veilid";
ExecStart = "${cfg.package}/bin/veilid-server";
};
};
};
}