pyrox.dev
1{
2 config,
3 lib,
4 pkgs,
5 ...
6}:
7
8let
9 inherit (lib)
10 escapeShellArgs
11 mkEnableOption
12 mkPackageOption
13 mkIf
14 mkOption
15 types
16 ;
17
18 cfg = config.services.mimir;
19
20 settingsFormat = pkgs.formats.yaml { };
21in
22{
23 options.services.mimir = {
24 enable = mkEnableOption "mimir";
25
26 configuration = mkOption {
27 type = (pkgs.formats.json { }).type;
28 default = { };
29 description = ''
30 Specify the configuration for Mimir in Nix.
31 '';
32 };
33
34 configFile = mkOption {
35 type = types.nullOr types.path;
36 default = null;
37 description = ''
38 Specify a configuration file that Mimir should use.
39 '';
40 };
41
42 package = mkPackageOption pkgs "mimir" { };
43
44 extraFlags = mkOption {
45 type = types.listOf types.str;
46 default = [ ];
47 example = [ "--config.expand-env=true" ];
48 description = ''
49 Specify a list of additional command line flags,
50 which get escaped and are then passed to Mimir.
51 '';
52 };
53 };
54
55 config = mkIf cfg.enable {
56 # for mimirtool
57 environment.systemPackages = [ cfg.package ];
58
59 assertions = [
60 {
61 assertion = (
62 (cfg.configuration == { } -> cfg.configFile != null)
63 && (cfg.configFile != null -> cfg.configuration == { })
64 );
65 message = ''
66 Please specify either
67 'services.mimir.configuration' or
68 'services.mimir.configFile'.
69 '';
70 }
71 ];
72
73 systemd.services.mimir = {
74 description = "mimir Service Daemon";
75 wantedBy = [ "multi-user.target" ];
76
77 serviceConfig =
78 let
79 conf =
80 if cfg.configFile == null then
81 settingsFormat.generate "config.yaml" cfg.configuration
82 else
83 cfg.configFile;
84 in
85 {
86 ExecStart = "${cfg.package}/bin/mimir --config.file=${conf} ${escapeShellArgs cfg.extraFlags}";
87 DynamicUser = true;
88 Restart = "always";
89 ProtectSystem = "full";
90 DevicePolicy = "closed";
91 NoNewPrivileges = true;
92 WorkingDirectory = "/var/lib/mimir";
93 StateDirectory = "mimir";
94 };
95 };
96 };
97}