pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / networking / gateone.nix
at 25.11-pre 2.0 kB view raw
1{ 2 config, 3 lib, 4 pkgs, 5 ... 6}: 7let 8 cfg = config.services.gateone; 9in 10{ 11 options = { 12 services.gateone = { 13 enable = lib.mkEnableOption "GateOne server"; 14 pidDir = lib.mkOption { 15 default = "/run/gateone"; 16 type = lib.types.path; 17 description = "Path of pid files for GateOne."; 18 }; 19 settingsDir = lib.mkOption { 20 default = "/var/lib/gateone"; 21 type = lib.types.path; 22 description = "Path of configuration files for GateOne."; 23 }; 24 }; 25 }; 26 config = lib.mkIf cfg.enable { 27 environment.systemPackages = with pkgs.pythonPackages; [ 28 gateone 29 pkgs.openssh 30 pkgs.procps 31 pkgs.coreutils 32 pkgs.cacert 33 ]; 34 35 users.users.gateone = { 36 description = "GateOne privilege separation user"; 37 uid = config.ids.uids.gateone; 38 home = cfg.settingsDir; 39 }; 40 users.groups.gateone.gid = config.ids.gids.gateone; 41 42 systemd.services.gateone = with pkgs; { 43 description = "GateOne web-based terminal"; 44 path = [ 45 pythonPackages.gateone 46 nix 47 openssh 48 procps 49 coreutils 50 ]; 51 preStart = '' 52 if [ ! -d ${cfg.settingsDir} ] ; then 53 mkdir -m 0750 -p ${cfg.settingsDir} 54 chown -R gateone:gateone ${cfg.settingsDir} 55 fi 56 if [ ! -d ${cfg.pidDir} ] ; then 57 mkdir -m 0750 -p ${cfg.pidDir} 58 chown -R gateone:gateone ${cfg.pidDir} 59 fi 60 ''; 61 #unitConfig.RequiresMountsFor = "${cfg.settingsDir}"; 62 serviceConfig = { 63 ExecStart = ''${pythonPackages.gateone}/bin/gateone --settings_dir=${cfg.settingsDir} --pid_file=${cfg.pidDir}/gateone.pid --gid=${toString config.ids.gids.gateone} --uid=${toString config.ids.uids.gateone}''; 64 User = "gateone"; 65 Group = "gateone"; 66 WorkingDirectory = cfg.settingsDir; 67 }; 68 69 wantedBy = [ "multi-user.target" ]; 70 requires = [ "network.target" ]; 71 }; 72 }; 73}