nixos/modules/services/networking/bee-clef.nix at 23.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / networking / bee-clef.nix
at 23.11-pre 3.0 kB view raw
  1{ config, lib, pkgs, ... }:
  2
  3# NOTE for now nothing is installed into /etc/bee-clef/. the config files are used as read-only from the nix store.
  4
  5with lib;
  6let
  7  cfg = config.services.bee-clef;
  8in {
  9  meta = {
 10    maintainers = with maintainers; [ attila-lendvai ];
 11  };
 12
 13  ### interface
 14
 15  options = {
 16    services.bee-clef = {
 17      enable = mkEnableOption (lib.mdDoc "clef external signer instance for Ethereum Swarm Bee");
 18
 19      dataDir = mkOption {
 20        type = types.nullOr types.str;
 21        default = "/var/lib/bee-clef";
 22        description = lib.mdDoc ''
 23          Data dir for bee-clef. Beware that some helper scripts may not work when changed!
 24          The service itself should work fine, though.
 25        '';
 26      };
 27
 28      passwordFile = mkOption {
 29        type = types.nullOr types.str;
 30        default = "/var/lib/bee-clef/password";
 31        description = lib.mdDoc "Password file for bee-clef.";
 32      };
 33
 34      user = mkOption {
 35        type = types.str;
 36        default = "bee-clef";
 37        description = lib.mdDoc ''
 38          User the bee-clef daemon should execute under.
 39        '';
 40      };
 41
 42      group = mkOption {
 43        type = types.str;
 44        default = "bee-clef";
 45        description = lib.mdDoc ''
 46          Group the bee-clef daemon should execute under.
 47        '';
 48      };
 49    };
 50  };
 51
 52  ### implementation
 53
 54  config = mkIf cfg.enable {
 55    # if we ever want to have rules.js under /etc/bee-clef/
 56    # environment.etc."bee-clef/rules.js".source = ${pkgs.bee-clef}/rules.js
 57
 58    systemd.packages = [ pkgs.bee-clef ]; # include the upstream bee-clef.service file
 59
 60    systemd.tmpfiles.rules = [
 61        "d '${cfg.dataDir}/'         0750 ${cfg.user} ${cfg.group}"
 62        "d '${cfg.dataDir}/keystore' 0700 ${cfg.user} ${cfg.group}"
 63      ];
 64
 65    systemd.services.bee-clef = {
 66      path = [
 67        # these are needed for the ensure-clef-account script
 68        pkgs.coreutils
 69        pkgs.gnused
 70        pkgs.gawk
 71      ];
 72
 73      wantedBy = [ "bee.service" "multi-user.target" ];
 74
 75      serviceConfig = {
 76        User = cfg.user;
 77        Group = cfg.group;
 78        ExecStartPre = ''${pkgs.bee-clef}/share/bee-clef/ensure-clef-account "${cfg.dataDir}" "${pkgs.bee-clef}/share/bee-clef/"'';
 79        ExecStart = [
 80          "" # this hides/overrides what's in the original entry
 81          "${pkgs.bee-clef}/share/bee-clef/bee-clef-service start"
 82        ];
 83        ExecStop = [
 84          "" # this hides/overrides what's in the original entry
 85          "${pkgs.bee-clef}/share/bee-clef/bee-clef-service stop"
 86        ];
 87        Environment = [
 88          "CONFIGDIR=${cfg.dataDir}"
 89          "PASSWORD_FILE=${cfg.passwordFile}"
 90        ];
 91      };
 92    };
 93
 94    users.users = optionalAttrs (cfg.user == "bee-clef") {
 95      bee-clef = {
 96        group = cfg.group;
 97        home = cfg.dataDir;
 98        isSystemUser = true;
 99        description = "Daemon user for the bee-clef service";
100      };
101    };
102
103    users.groups = optionalAttrs (cfg.group == "bee-clef") {
104      bee-clef = {};
105    };
106  };
107}