blob: 75e76f019a71fa49ee89298962133a6c0f2a1f35 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
{ config, lib, pkgs, ... }:
# NOTE for now nothing is installed into /etc/bee-clef/. the config files are used as read-only from the nix store.
with lib;
let
cfg = config.services.bee-clef;
in {
meta = {
maintainers = with maintainers; [ attila-lendvai ];
};
### interface
options = {
services.bee-clef = {
enable = mkEnableOption (lib.mdDoc "clef external signer instance for Ethereum Swarm Bee");
dataDir = mkOption {
type = types.nullOr types.str;
default = "/var/lib/bee-clef";
description = lib.mdDoc ''
Data dir for bee-clef. Beware that some helper scripts may not work when changed!
The service itself should work fine, though.
'';
};
passwordFile = mkOption {
type = types.nullOr types.str;
default = "/var/lib/bee-clef/password";
description = lib.mdDoc "Password file for bee-clef.";
};
user = mkOption {
type = types.str;
default = "bee-clef";
description = lib.mdDoc ''
User the bee-clef daemon should execute under.
'';
};
group = mkOption {
type = types.str;
default = "bee-clef";
description = lib.mdDoc ''
Group the bee-clef daemon should execute under.
'';
};
};
};
### implementation
config = mkIf cfg.enable {
# if we ever want to have rules.js under /etc/bee-clef/
# environment.etc."bee-clef/rules.js".source = ${pkgs.bee-clef}/rules.js
systemd.packages = [ pkgs.bee-clef ]; # include the upstream bee-clef.service file
systemd.tmpfiles.rules = [
"d '${cfg.dataDir}/' 0750 ${cfg.user} ${cfg.group}"
"d '${cfg.dataDir}/keystore' 0700 ${cfg.user} ${cfg.group}"
];
systemd.services.bee-clef = {
path = [
# these are needed for the ensure-clef-account script
pkgs.coreutils
pkgs.gnused
pkgs.gawk
];
wantedBy = [ "bee.service" "multi-user.target" ];
serviceConfig = {
User = cfg.user;
Group = cfg.group;
ExecStartPre = ''${pkgs.bee-clef}/share/bee-clef/ensure-clef-account "${cfg.dataDir}" "${pkgs.bee-clef}/share/bee-clef/"'';
ExecStart = [
"" # this hides/overrides what's in the original entry
"${pkgs.bee-clef}/share/bee-clef/bee-clef-service start"
];
ExecStop = [
"" # this hides/overrides what's in the original entry
"${pkgs.bee-clef}/share/bee-clef/bee-clef-service stop"
];
Environment = [
"CONFIGDIR=${cfg.dataDir}"
"PASSWORD_FILE=${cfg.passwordFile}"
];
};
};
users.users = optionalAttrs (cfg.user == "bee-clef") {
bee-clef = {
group = cfg.group;
home = cfg.dataDir;
isSystemUser = true;
description = "Daemon user for the bee-clef service";
};
};
users.groups = optionalAttrs (cfg.group == "bee-clef") {
bee-clef = {};
};
};
}
|