pyrox.dev
1{ config, lib, pkgs, ... }:
2
3let
4 inherit (lib) escapeShellArgs mkEnableOption mkIf mkOption types;
5
6 cfg = config.services.mimir;
7
8 settingsFormat = pkgs.formats.yaml {};
9in {
10 options.services.mimir = {
11 enable = mkEnableOption (lib.mdDoc "mimir");
12
13 configuration = mkOption {
14 type = (pkgs.formats.json {}).type;
15 default = {};
16 description = lib.mdDoc ''
17 Specify the configuration for Mimir in Nix.
18 '';
19 };
20
21 configFile = mkOption {
22 type = types.nullOr types.path;
23 default = null;
24 description = lib.mdDoc ''
25 Specify a configuration file that Mimir should use.
26 '';
27 };
28
29 package = mkOption {
30 default = pkgs.mimir;
31 defaultText = lib.literalExpression "pkgs.mimir";
32 type = types.package;
33 description = lib.mdDoc ''Mimir package to use.'';
34 };
35 };
36
37 config = mkIf cfg.enable {
38 # for mimirtool
39 environment.systemPackages = [ pkgs.mimir ];
40
41 assertions = [{
42 assertion = (
43 (cfg.configuration == {} -> cfg.configFile != null) &&
44 (cfg.configFile != null -> cfg.configuration == {})
45 );
46 message = ''
47 Please specify either
48 'services.mimir.configuration' or
49 'services.mimir.configFile'.
50 '';
51 }];
52
53 systemd.services.mimir = {
54 description = "mimir Service Daemon";
55 wantedBy = [ "multi-user.target" ];
56
57 serviceConfig = let
58 conf = if cfg.configFile == null
59 then settingsFormat.generate "config.yaml" cfg.configuration
60 else cfg.configFile;
61 in
62 {
63 ExecStart = "${cfg.package}/bin/mimir --config.file=${conf}";
64 DynamicUser = true;
65 Restart = "always";
66 ProtectSystem = "full";
67 DevicePolicy = "closed";
68 NoNewPrivileges = true;
69 WorkingDirectory = "/var/lib/mimir";
70 StateDirectory = "mimir";
71 };
72 };
73 };
74}