1 files changed, 118 insertions, 0 deletions
diff --git a/module/default.nix b/module/default.nix
new file mode 100644
index 0000000..c891ceb
--- /dev/null
+++ b/module/default.nix
@@ -0,0 +1,118 @@
+flake: { lib, config, pkgs, ... }:
+with lib;
+let
+  inherit (flake.packages.${pkgs.stdenv.hostPlatform.system}) oeuf-recvkv6;
+  inherit (flake.packages.${pkgs.stdenv.hostPlatform.system}) oeuf-archiver;
+  cfg = config.services.oeuf-recvkv6;
+  archiverCfg = config.services.oeuf-archiver;
+in
+{
+  options.services.oeuf-recvkv6 = {
+    enable = mkEnableOption "oeuf-recvkv6";
+    ndovProduction = mkEnableOption "usage of the NDOV Loket production ZeroMQ server";
+    metricsAddr = mkOption {
+      type = types.str;
+    };
+  };
+  options.services.oeuf-archiver = with types; {
+    enable = mkEnableOption "oeuf-archiver";
+    s3 = mkOption {
+      type = submodule {
+        options = {
+          accessKeyIDFile = mkOption {
+            type = str;
+          };
+          secretAccessKeyFile = mkOption {
+            type = str;
+          };
+          provider = mkOption {
+            type = str;
+          };
+          region = mkOption {
+            type = str;
+          };
+          endpoint = mkOption {
+            type = str;
+          };
+          bucket = mkOption {
+            type = str;
+          };
+        };
+      };
+    };
+    prometheusPushURL = mkOption {
+      type = str;
+    };
+    supplementaryServiceGroups = mkOption {
+      type = listOf str;
+    };
+  };
+  config = mkIf (cfg.enable || archiverCfg.enable) (mkMerge [
+    {
+      users.users.oeuf = {
+        description = "oeuf service user";
+        isSystemUser = true;
+        group = "oeuf";
+      };
+      users.groups.oeuf = { };
+    }
+    (mkIf cfg.enable {
+      systemd.services.oeuf-recvkv6 = {
+        after = [ "network-online.target" ];
+        wantedBy = [ "multi-user.target" ];
+        environment = {
+          METRICS_ADDR = cfg.metricsAddr;
+          NDOV_PRODUCTION = lib.boolToString cfg.ndovProduction;
+        };
+        serviceConfig = {
+          User = config.users.users.oeuf.name;
+          Group = config.users.users.oeuf.group;
+          Restart = "always";
+          StateDirectory = "oeuf";
+          WorkingDirectory = "/var/lib/oeuf";
+          ExecStart = "${lib.getBin oeuf-recvkv6}/bin/oeuf-recvkv6";
+        };
+      };
+    })
+    (mkIf archiverCfg.enable {
+      systemd.timers.oeuf-archiver = {
+        wantedBy = [ "timers.target" ];
+        partOf = [ "oeuf-archiver.service" ];
+        timerConfig = {
+          OnBootSec = "5m";
+          OnUnitActiveSec = "5m";
+          Unit = "oeuf-archiver.service";
+        };
+      };
+      systemd.services.oeuf-archiver = {
+        after = [ "network-online.target" ];
+        environment = {
+          S3_PROVIDER = archiverCfg.s3.provider;
+          S3_REGION = archiverCfg.s3.region;
+          S3_ENDPOINT = archiverCfg.s3.endpoint;
+          S3_BUCKET = archiverCfg.s3.bucket;
+          PROMETHEUS_PUSH_URL = archiverCfg.prometheusPushURL;
+        };
+        script = ''
+          export S3_ACCESS_KEY_ID="$(cat ${archiverCfg.s3.accessKeyIDFile})"
+          export S3_SECRET_ACCESS_KEY="$(cat ${archiverCfg.s3.secretAccessKeyFile})"
+          ${lib.getBin oeuf-archiver}/bin/oeuf-archiver
+        '';
+        serviceConfig = {
+          Type = "oneshot";
+          User = config.users.users.oeuf.name;
+          Group = config.users.users.oeuf.group;
+          SupplementaryGroups = archiverCfg.supplementaryServiceGroups;
+          StateDirectory = "oeuf";
+          WorkingDirectory = "/var/lib/oeuf";
+          AmbientCapabilities = "CAP_NET_BIND_SERVICE";
+        };
+      };
+    })
+  ]);
+}

diff --git a/module/default.nix b/module/default.nix new file mode 100644 index 0000000..c891ceb --- /dev/null +++ b/module/default.nix
@@ -0,0 +1,118 @@
	1	flake: { lib, config, pkgs, ... }:
	2	with lib;
	3	let
	4	inherit (flake.packages.${pkgs.stdenv.hostPlatform.system}) oeuf-recvkv6;
	5	inherit (flake.packages.${pkgs.stdenv.hostPlatform.system}) oeuf-archiver;
	6
	7	cfg = config.services.oeuf-recvkv6;
	8	archiverCfg = config.services.oeuf-archiver;
	9	in
	10	{
	11	options.services.oeuf-recvkv6 = {
	12	enable = mkEnableOption "oeuf-recvkv6";
	13	ndovProduction = mkEnableOption "usage of the NDOV Loket production ZeroMQ server";
	14	metricsAddr = mkOption {
	15	type = types.str;
	16	};
	17	};
	18
	19	options.services.oeuf-archiver = with types; {
	20	enable = mkEnableOption "oeuf-archiver";
	21	s3 = mkOption {
	22	type = submodule {
	23	options = {
	24	accessKeyIDFile = mkOption {
	25	type = str;
	26	};
	27	secretAccessKeyFile = mkOption {
	28	type = str;
	29	};
	30	provider = mkOption {
	31	type = str;
	32	};
	33	region = mkOption {
	34	type = str;
	35	};
	36	endpoint = mkOption {
	37	type = str;
	38	};
	39	bucket = mkOption {
	40	type = str;
	41	};
	42	};
	43	};
	44	};
	45	prometheusPushURL = mkOption {
	46	type = str;
	47	};
	48	supplementaryServiceGroups = mkOption {
	49	type = listOf str;
	50	};
	51	};
	52
	53	config = mkIf (cfg.enable \|\| archiverCfg.enable) (mkMerge [
	54	{
	55	users.users.oeuf = {
	56	description = "oeuf service user";
	57	isSystemUser = true;
	58	group = "oeuf";
	59	};
	60
	61	users.groups.oeuf = { };
	62	}
	63	(mkIf cfg.enable {
	64	systemd.services.oeuf-recvkv6 = {
	65	after = [ "network-online.target" ];
	66	wantedBy = [ "multi-user.target" ];
	67	environment = {
	68	METRICS_ADDR = cfg.metricsAddr;
	69	NDOV_PRODUCTION = lib.boolToString cfg.ndovProduction;
	70	};
	71	serviceConfig = {
	72	User = config.users.users.oeuf.name;
	73	Group = config.users.users.oeuf.group;
	74	Restart = "always";
	75	StateDirectory = "oeuf";
	76	WorkingDirectory = "/var/lib/oeuf";
	77	ExecStart = "${lib.getBin oeuf-recvkv6}/bin/oeuf-recvkv6";
	78	};
	79	};
	80	})
	81	(mkIf archiverCfg.enable {
	82	systemd.timers.oeuf-archiver = {
	83	wantedBy = [ "timers.target" ];
	84	partOf = [ "oeuf-archiver.service" ];
	85	timerConfig = {
	86	OnBootSec = "5m";
	87	OnUnitActiveSec = "5m";
	88	Unit = "oeuf-archiver.service";
	89	};
	90	};
	91
	92	systemd.services.oeuf-archiver = {
	93	after = [ "network-online.target" ];
	94	environment = {
	95	S3_PROVIDER = archiverCfg.s3.provider;
	96	S3_REGION = archiverCfg.s3.region;
	97	S3_ENDPOINT = archiverCfg.s3.endpoint;
	98	S3_BUCKET = archiverCfg.s3.bucket;
	99	PROMETHEUS_PUSH_URL = archiverCfg.prometheusPushURL;
	100	};
	101	script = ''
	102	export S3_ACCESS_KEY_ID="$(cat ${archiverCfg.s3.accessKeyIDFile})"
	103	export S3_SECRET_ACCESS_KEY="$(cat ${archiverCfg.s3.secretAccessKeyFile})"
	104	${lib.getBin oeuf-archiver}/bin/oeuf-archiver
	105	'';
	106	serviceConfig = {
	107	Type = "oneshot";
	108	User = config.users.users.oeuf.name;
	109	Group = config.users.users.oeuf.group;
	110	SupplementaryGroups = archiverCfg.supplementaryServiceGroups;
	111	StateDirectory = "oeuf";
	112	WorkingDirectory = "/var/lib/oeuf";
	113	AmbientCapabilities = "CAP_NET_BIND_SERVICE";
	114	};
	115	};
	116	})
	117	]);
	118	}