Add nix module (#40)

* Add nix module * Move the kinoplex package to the overlay * Refactor overlay * Remove overlay from module
zedeus · Oct 25, 2022 · 8fa43b4 · 8fa43b4
1 parent 01d84e4
commit 8fa43b4
Show file tree

Hide file tree

Showing 2 changed files with 136 additions and 24 deletions.
diff --git a/flake.nix b/flake.nix
@@ -8,12 +8,17 @@
 
   outputs = { self, nixpkgs, flake-utils, flake-nimble }:
     flake-utils.lib.eachDefaultSystem (sys:
-      let pkgs = nixpkgs.legacyPackages.${sys}; in
+      let oldPkgs = nixpkgs.legacyPackages.${sys}; in
       rec {
+        pkgs = oldPkgs.appendOverlays [ flake-nimble.overlay overlays.default ];
+
+        nixosModules.kinoplex = import ./system/module.nix;
+        nixosModules.default = nixosModules.kinoplex;
+
         overlays.default = final: prev: {
           nimPackages = prev.nimPackages.overrideScope' (nimfinal: nimprev: {
-            stew = pkgs.nimPackages.stew;
-            
+            inherit (prev) stew;
+
             ws = nimprev.ws.overrideAttrs (oldAttrs: {
               inherit (nimprev.ws) pname version src;
               doCheck = false;
@@ -28,29 +33,24 @@
               inherit (nimprev.questionable) pname version src;
               doCheck = false;
             });
+
+            ast_pattern_matching = nimprev.ast_pattern_matching.overrideAttrs (oldAttrs: {
+              inherit (nimprev.ast_pattern_matching) pname version src;
+              doCheck = false;
+            });
+
+            kinoplex = nimprev.buildNimPackage {
+              pname = "kinoplex";
+              version = "0.1.0";
+              src = ./.;
+              propagatedBuildInputs = with nimfinal;
+                [ ws patty karax jswebsockets telebot questionable ];
+            };
           });
         };
-
-        pkgsWithNimble = pkgs.appendOverlays [ flake-nimble.overlay overlays.default ];
-
-        packages = flake-utils.lib.flattenTree {
-          ws = pkgsWithNimble.nimPackages.ws;
-          patty = pkgsWithNimble.nimPackages.patty;
-          karax = pkgsWithNimble.nimPackages.karax;
-          jswebsockets = pkgsWithNimble.nimPackages.jswebsockets;
-          telebot = pkgsWithNimble.nimPackages.telebot;
-          questionable = pkgsWithNimble.nimPackages.questionable;
-
-          nim = pkgs.nim;
-          nimlsp = pkgs.nimlsp;
 
-          kinoplex = pkgs.nimPackages.buildNimPackage {
-            pname = "kinoplex";
-            version = "0.1.0";
-            src = ./.;
-            propagatedBuildInputs = with packages;
-              [ ws patty karax jswebsockets telebot questionable ];
-          };
+        packages = flake-utils.lib.flattenTree {
+          kinoplex = pkgs.nimPackages.kinoplex;
         };
 
         defaultPackage = packages.kinoplex;
@@ -73,7 +73,7 @@
         };
 
         devShell = pkgs.mkShell {
-          nativeBuildInputs = with packages; [ nim nimlsp ];
+          nativeBuildInputs = with pkgs; [ nim nimlsp ];
           buildInputs = [ pkgs.openssl ];
         };
       });

diff --git a/system/module.nix b/system/module.nix
@@ -0,0 +1,112 @@
+{ config, pkgs, lib, ... }:
+with lib;
+{
+  options.services.kinoplex = {
+    enable = mkEnableOption "kinoplex";
+
+    package = mkOption {
+      type = types.package;
+      description = "The Kinoplex package to use";
+    };
+
+    user = mkOption {
+      type = types.str;
+      default = "kino";
+      description = "The user under which Kinoplex will start";
+    };
+
+    group = mkOption {
+      type = types.str;
+      default = "kino";
+      description = "The group under which Kinoplex will start";
+    };
+
+    home = mkOption {
+      type = types.str;
+      default = "/var/lib/kino";
+      description = "Path to the Kinoplex home directory";
+    };
+
+    config = mkOption {
+      type = (types.submodule {
+        options = {
+          port = mkOption {
+            type = types.int;
+            default = 9001;
+          };
+
+          staticDir = mkOption {
+            type = types.str;
+            default = "./static";
+          };
+
+          basePath = mkOption {
+            type = types.str;
+            default = "/";
+          };
+
+          adminPassword = mkOption {
+            type = types.str;
+            default = "1337";
+          };
+
+          pauseOnChange = mkOption {
+            type = types.bool;
+            default = true;
+          };
+
+          pauseOnLeave = mkOption {
+            type = types.bool;
+            default = false;
+          };
+        };
+      });
+      description = "Kinoplex configuration";
+    };
+  };
+
+  config =
+    let
+      cfg = config.services.kinoplex;
+      configFile = pkgs.writeText "server.conf" (generators.toINI {} {
+        Server = cfg.config;
+      });
+    in mkIf config.services.kinoplex.enable {
+      users.users = optionalAttrs (cfg.user == "kino") {
+        kino = {
+          isSystemUser = true;
+          group = "${cfg.group}";
+          home = "${cfg.home}";
+          createHome = true;
+        };
+      };
+
+      users.groups = optionalAttrs (cfg.group == "kino") {
+        kino = {};
+      };
+
+      systemd.services.kinoplex = {
+        after = [ "network-online.target" ];
+        wantedBy = [ "multi-user.target" ];
+
+        serviceConfig = {
+          ExecReload = "${pkgs.coreutils}/bin/kill $MAINPID";
+          KillMode = "process";
+          Restart = "on-failure";
+
+          User = "${cfg.user}";
+          ExecStartPre = (pkgs.writeShellScript "kinoplex-prestart"
+            ''
+            install -D -m "0400" ${configFile} ${cfg.home}/server.conf
+            '');
+          ExecStart = "${cfg.package}/bin/kino_server";
+          WorkingDirectory = "${cfg.home}";
+          PrivateTmp = true;
+          ProtectHome = true;
+          ProtectSystem = "full";
+          PrivateDevices = false;
+          CapabilityBoundingSet = "~CAP_SYS_ADMIN";
+        };
+      };
+    };
+}