57 lines
1.4 KiB
Nix
57 lines
1.4 KiB
Nix
|
# SPDX-FileCopyrightText: 2023 Luke Granger-Brown <depot@lukegb.com>
|
||
|
#
|
||
|
# SPDX-License-Identifier: Apache-2.0
|
||
|
|
||
|
# TODO: support erbium-conftest, which is in erbium-core.
|
||
|
|
||
|
{ lib, pkgs, rebuilder, config, ... }:
|
||
|
let
|
||
|
cfg = config.services.erbium;
|
||
|
settingsFormat = pkgs.formats.json {};
|
||
|
|
||
|
configFile = settingsFormat.generate "erbium.conf.json" cfg.settings;
|
||
|
in
|
||
|
{
|
||
|
options.services.erbium = {
|
||
|
enable = lib.mkEnableOption "erbium";
|
||
|
|
||
|
package = lib.mkOption {
|
||
|
type = lib.types.package;
|
||
|
};
|
||
|
|
||
|
settings = lib.mkOption {
|
||
|
type = lib.types.submodule {
|
||
|
freeformType = settingsFormat.type;
|
||
|
};
|
||
|
default = {};
|
||
|
description = "Configuration for Erbium";
|
||
|
};
|
||
|
};
|
||
|
|
||
|
config = lib.mkIf cfg.enable {
|
||
|
environment.etc."erbium.conf".source = configFile;
|
||
|
|
||
|
systemd.services.erbium = {
|
||
|
description = "Erbium Network Services";
|
||
|
wantedBy = [ "multi-user.target" ];
|
||
|
after = [ "network.target" ];
|
||
|
restartTriggers = [ configFile ];
|
||
|
|
||
|
serviceConfig = {
|
||
|
ExecStart = "${cfg.package} /etc/erbium.conf";
|
||
|
Type = "simple";
|
||
|
Restart = "always";
|
||
|
DynamicUser = true;
|
||
|
User = "erbium";
|
||
|
Group = "erbium";
|
||
|
AmbientCapabilities = [
|
||
|
"CAP_NET_RAW"
|
||
|
"CAP_NET_BIND_SERVICE"
|
||
|
];
|
||
|
StateDirectory = "erbium";
|
||
|
RuntimeDirectory = "erbium";
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
}
|