diff options
| author | Peter Hoeg <peter@hoeg.com> | 2017-07-25 15:20:24 +0800 |
|---|---|---|
| committer | Peter Hoeg <peter@hoeg.com> | 2017-10-12 08:51:34 +0800 |
| commit | c640e790d5d4a1c31718e7c2643486db05dcaf07 (patch) | |
| tree | 7f1188944bba00f13f0fd0258b2e685fc27a38e6 /nixos | |
| parent | 62e73a75f120d1c4b28d9e32e539db1bc99d1f28 (diff) | |
| download | nixlib-c640e790d5d4a1c31718e7c2643486db05dcaf07.tar nixlib-c640e790d5d4a1c31718e7c2643486db05dcaf07.tar.gz nixlib-c640e790d5d4a1c31718e7c2643486db05dcaf07.tar.bz2 nixlib-c640e790d5d4a1c31718e7c2643486db05dcaf07.tar.lz nixlib-c640e790d5d4a1c31718e7c2643486db05dcaf07.tar.xz nixlib-c640e790d5d4a1c31718e7c2643486db05dcaf07.tar.zst nixlib-c640e790d5d4a1c31718e7c2643486db05dcaf07.zip | |
pykms: nixos module
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/misc/ids.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/services/misc/pykms.nix | 90 |
3 files changed, 93 insertions, 0 deletions
diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index cb75845baaf7..d9ca4a35e272 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -297,6 +297,7 @@ rslsync = 279; minio = 280; kanboard = 281; + pykms = 282; # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! @@ -563,6 +564,7 @@ rslsync = 279; minio = 280; kanboard = 281; + pykms = 282; # When adding a gid, make sure it doesn't match an existing # uid. Users and groups with the same name should have equal diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index ee796242c1a2..121883b80b1f 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -333,6 +333,7 @@ ./services/misc/parsoid.nix ./services/misc/phd.nix ./services/misc/plex.nix + ./services/misc/pykms.nix ./services/misc/radarr.nix ./services/misc/redmine.nix ./services/misc/rippled.nix diff --git a/nixos/modules/services/misc/pykms.nix b/nixos/modules/services/misc/pykms.nix new file mode 100644 index 000000000000..897e856e2a2d --- /dev/null +++ b/nixos/modules/services/misc/pykms.nix @@ -0,0 +1,90 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.pykms; + + home = "/var/lib/pykms"; + + services = { + serviceConfig = { + Restart = "on-failure"; + RestartSec = "10s"; + StartLimitInterval = "1min"; + PrivateTmp = true; + ProtectSystem = "full"; + ProtectHome = true; + }; + }; + +in { + + options = { + services.pykms = rec { + enable = mkOption { + type = types.bool; + default = false; + description = "Whether to enable the PyKMS service."; + }; + + listenAddress = mkOption { + type = types.str; + default = "0.0.0.0"; + description = "The IP address on which to listen."; + }; + + port = mkOption { + type = types.int; + default = 1688; + description = "The port on which to listen."; + }; + + verbose = mkOption { + type = types.bool; + default = false; + description = "Show verbose output."; + }; + + openFirewallPort = mkOption { + type = types.bool; + default = false; + description = "Whether the listening port should be opened automatically."; + }; + }; + }; + + config = mkIf cfg.enable { + networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewallPort [ cfg.port ]; + + systemd.services = { + pykms = services // { + description = "Python KMS"; + wantedBy = [ "multi-user.target" ]; + serviceConfig = with pkgs; { + User = "pykms"; + Group = "pykms"; + ExecStartPre = "${getBin pykms}/bin/create_pykms_db.sh ${home}/clients.db"; + ExecStart = "${getBin pykms}/bin/server.py ${optionalString cfg.verbose "--verbose"} ${cfg.listenAddress} ${toString cfg.port}"; + WorkingDirectory = home; + MemoryLimit = "64M"; + }; + }; + }; + + users = { + extraUsers.pykms = { + name = "pykms"; + group = "pykms"; + home = home; + createHome = true; + uid = config.ids.uids.pykms; + description = "PyKMS daemon user"; + }; + + extraGroups.pykms = { + gid = config.ids.gids.pykms; + }; + }; + }; +} |