nixos/modules/services/networking/mfi.nix at 17.09-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / networking / mfi.nix
at 17.09-beta 3.3 kB view raw
  1{ config, lib, pkgs, utils, ... }:
  2with lib;
  3let
  4  name = "Ubiquiti mFi Controller";
  5  cfg = config.services.mfi;
  6  stateDir = "/var/lib/mfi";
  7  # XXX 2 runtime exceptions using jre8: JSPException on GET / ; can't initialize ./data/keystore on first run.
  8  cmd = "@${pkgs.jre7}/bin/java java -jar ${stateDir}/lib/ace.jar";
  9  mountPoints = [
 10    { what = "${pkgs.mfi}/dl"; where = "${stateDir}/dl"; }
 11    { what = "${pkgs.mfi}/lib"; where = "${stateDir}/lib"; }
 12    { what = "${pkgs.mongodb248}/bin"; where = "${stateDir}/bin"; }
 13    { what = "${cfg.dataDir}"; where = "${stateDir}/data"; }
 14  ];
 15  systemdMountPoints = map (m: "${utils.escapeSystemdPath m.where}.mount") mountPoints;
 16  ports = [ 6080 6880 6443 6843 ];
 17in
 18{
 19  options = {
 20    services.mfi = {
 21      enable = mkEnableOption name;
 22      openPorts = mkOption {
 23        type = types.bool;
 24        default = true;
 25        description = "Whether to open TCP ports ${concatMapStrings (a: "${toString a} ") ports}for the services.";
 26      };
 27      dataDir = mkOption {
 28        type = types.str;
 29        default = "${stateDir}/data";
 30        description = ''
 31          Where to store the database and other data.
 32
 33          This directory will be bind-mounted to ${stateDir}/data as part of the service startup.
 34        '';
 35      };
 36    };
 37  };
 38
 39  config = mkIf cfg.enable {
 40
 41    networking.firewall.allowedTCPPorts = mkIf config.services.mfi.openPorts ports;
 42
 43    users.users.mfi = {
 44      uid = config.ids.uids.mfi;
 45      description = "mFi controller daemon user";
 46      home = "${stateDir}";
 47    };
 48
 49    # We must create the binary directories as bind mounts instead of symlinks
 50    # This is because the controller resolves all symlinks to absolute paths
 51    # to be used as the working directory.
 52    systemd.mounts = map ({ what, where }: {
 53        bindsTo = [ "mfi.service" ];
 54        partOf = [ "mfi.service" ];
 55        unitConfig.RequiresMountsFor = stateDir;
 56        options = "bind";
 57        what = what;
 58        where = where;
 59      }) mountPoints;
 60
 61    systemd.services.mfi = {
 62      description = "mFi controller daemon";
 63      wantedBy = [ "multi-user.target" ];
 64      after = [ "network.target" ] ++ systemdMountPoints;
 65      partOf = systemdMountPoints;
 66      bindsTo = systemdMountPoints;
 67      unitConfig.RequiresMountsFor = stateDir;
 68
 69      preStart = ''
 70        # Clear ./webapps each run.
 71        rm -rf                               "${stateDir}/webapps"
 72        mkdir -p                             "${stateDir}/webapps"
 73        ln -s "${pkgs.mfi}/webapps/ROOT.war" "${stateDir}/webapps"
 74
 75        # Copy initial config only once.
 76        test -e "${stateDir}/conf" || cp -ar "${pkgs.mfi}/conf" "${stateDir}/conf"
 77        test -e "${stateDir}/data" || cp -ar "${pkgs.mfi}/data" "${stateDir}/data"
 78
 79        # Fix Permissions.
 80        # (Bind-mounts cause errors; ignore exit codes)
 81        chown -fR mfi:      "${stateDir}" || true
 82        chmod -fR u=rwX,go= "${stateDir}" || true
 83      '';
 84
 85      postStop = ''
 86        rm -rf "${stateDir}/webapps"
 87      '';
 88
 89      serviceConfig = {
 90        Type = "simple";
 91        ExecStart = "${cmd} start";
 92        ExecStop = "${cmd} stop";
 93        User = "mfi";
 94        PermissionsStartOnly = true;
 95        UMask = "0077";
 96        WorkingDirectory = "${stateDir}";
 97      };
 98    };
 99  };
100}