gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

style: alejandra $(fd -e nix)

Browse source
This commit is contained in:
Kat Inskip 2024-03-13 15:08:42 -07:00
parent 97d9eecd3c
commit e63304937d
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
91 changed files with 1422 additions and 1102 deletions
Download patch file Download diff file Expand all files Collapse all files

109
modules/nixos/vouch.nix
View file

@ -5,11 +5,20 @@
lib,
...
}: let
inherit (lib) mkIf mkMerge mkDefault mkOptionDefault mkOption mkEnableOption types
getExe;
inherit
(lib)
mkIf
mkMerge
mkDefault
mkOptionDefault
mkOption
mkEnableOption
types
getExe
;
nixosConfig = config;
cfg = config.services.vouch-proxy;
settingsFormat = pkgs.formats.json { };
settingsFormat = pkgs.formats.json {};
in {
options.services.vouch-proxy = with types; {
enable = mkEnableOption "vouch";
@ -35,7 +44,7 @@ in {
};
enableSettingsSecrets = mkEnableOption "genJqSecretsReplacementSnippet";
settings = let
settingsModule = { ... }: {
settingsModule = {...}: {
freeformType = settingsFormat.type;
options = {
vouch = {
@ -98,13 +107,14 @@ in {
};
};
};
in mkOption {
type = submodule settingsModule;
default = { };
};
in
mkOption {
type = submodule settingsModule;
default = {};
};
extraSettings = mkOption {
inherit (settingsFormat) type;
default = { };
default = {};
};
settingsPath = mkOption {
type = path;
@ -116,48 +126,51 @@ in {
cfg.settings
cfg.extraSettings
];
settingsPath = if cfg.enableSettingsSecrets
settingsPath =
if cfg.enableSettingsSecrets
then "/run/vouch-proxy/vouch-config.json"
else settingsFormat.generate "vouch-config.json" settings;
in mkMerge [
{
services.vouch-proxy = {
settingsPath = mkOptionDefault settingsPath;
};
}
(mkIf cfg.enable {
systemd.services.vouch-proxy = {
description = "Vouch-proxy";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStartPre = let
preprocess = pkgs.writeShellScript "vouch-proxy-prestart" (
utils.genJqSecretsReplacementSnippet settings cfg.settingsPath
);
in mkIf cfg.enableSettingsSecrets [
"${preprocess}"
];
ExecStart = [
"${getExe pkgs.vouch-proxy} -config ${cfg.settingsPath}"
];
Restart = "on-failure";
RestartSec = mkDefault 5;
WorkingDirectory = "/var/lib/vouch-proxy";
StateDirectory = "vouch-proxy";
RuntimeDirectory = "vouch-proxy";
User = cfg.user;
Group = cfg.group;
StartLimitBurst = mkDefault 3;
in
mkMerge [
{
services.vouch-proxy = {
settingsPath = mkOptionDefault settingsPath;
};
}
(mkIf cfg.enable {
systemd.services.vouch-proxy = {
description = "Vouch-proxy";
after = ["network.target"];
wantedBy = ["multi-user.target"];
serviceConfig = {
ExecStartPre = let
preprocess = pkgs.writeShellScript "vouch-proxy-prestart" (
utils.genJqSecretsReplacementSnippet settings cfg.settingsPath
);
in
mkIf cfg.enableSettingsSecrets [
"${preprocess}"
];
ExecStart = [
"${getExe pkgs.vouch-proxy} -config ${cfg.settingsPath}"
];
Restart = "on-failure";
RestartSec = mkDefault 5;
WorkingDirectory = "/var/lib/vouch-proxy";
StateDirectory = "vouch-proxy";
RuntimeDirectory = "vouch-proxy";
User = cfg.user;
Group = cfg.group;
StartLimitBurst = mkDefault 3;
};
};
};
users.users.${cfg.user} = {
inherit (cfg) group;
isSystemUser = true;
};
users.users.${cfg.user} = {
inherit (cfg) group;
isSystemUser = true;
};
users.groups.${cfg.group} = {};
})
];
users.groups.${cfg.group} = {};
})
];
}