pyrox.dev
1{ config, lib, pkgs, ... }:
2
3with lib;
4
5let
6 cfg = config.services.pykms;
7
8 home = "/var/lib/pykms";
9
10 services = {
11 serviceConfig = {
12 Restart = "on-failure";
13 RestartSec = "10s";
14 StartLimitInterval = "1min";
15 PrivateTmp = true;
16 ProtectSystem = "full";
17 ProtectHome = true;
18 };
19 };
20
21in {
22
23 options = {
24 services.pykms = rec {
25 enable = mkOption {
26 type = types.bool;
27 default = false;
28 description = "Whether to enable the PyKMS service.";
29 };
30
31 listenAddress = mkOption {
32 type = types.str;
33 default = "0.0.0.0";
34 description = "The IP address on which to listen.";
35 };
36
37 port = mkOption {
38 type = types.int;
39 default = 1688;
40 description = "The port on which to listen.";
41 };
42
43 verbose = mkOption {
44 type = types.bool;
45 default = false;
46 description = "Show verbose output.";
47 };
48
49 openFirewallPort = mkOption {
50 type = types.bool;
51 default = false;
52 description = "Whether the listening port should be opened automatically.";
53 };
54 };
55 };
56
57 config = mkIf cfg.enable {
58 networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewallPort [ cfg.port ];
59
60 systemd.services = {
61 pykms = services // {
62 description = "Python KMS";
63 wantedBy = [ "multi-user.target" ];
64 serviceConfig = with pkgs; {
65 User = "pykms";
66 Group = "pykms";
67 ExecStartPre = "${getBin pykms}/bin/create_pykms_db.sh ${home}/clients.db";
68 ExecStart = "${getBin pykms}/bin/server.py ${optionalString cfg.verbose "--verbose"} ${cfg.listenAddress} ${toString cfg.port}";
69 WorkingDirectory = home;
70 MemoryLimit = "64M";
71 };
72 };
73 };
74
75 users = {
76 extraUsers.pykms = {
77 name = "pykms";
78 group = "pykms";
79 home = home;
80 createHome = true;
81 uid = config.ids.uids.pykms;
82 description = "PyKMS daemon user";
83 };
84
85 extraGroups.pykms = {
86 gid = config.ids.gids.pykms;
87 };
88 };
89 };
90}