mirror of
https://github.com/SebastianWendel/nixpkgs.git
synced 2024-11-05 17:56:46 +01:00
108 lines
2.9 KiB
Nix
108 lines
2.9 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
# NOTE for now nothing is installed into /etc/bee-clef/. the config files are used as read-only from the nix store.
|
|
|
|
with lib;
|
|
let
|
|
cfg = config.services.bee-clef;
|
|
in {
|
|
meta = {
|
|
maintainers = with maintainers; [ attila-lendvai ];
|
|
};
|
|
|
|
### interface
|
|
|
|
options = {
|
|
services.bee-clef = {
|
|
enable = mkEnableOption "clef external signer instance for Ethereum Swarm Bee";
|
|
|
|
dataDir = mkOption {
|
|
type = types.nullOr types.str;
|
|
default = "/var/lib/bee-clef";
|
|
description = ''
|
|
Data dir for bee-clef. Beware that some helper scripts may not work when changed!
|
|
The service itself should work fine, though.
|
|
'';
|
|
};
|
|
|
|
passwordFile = mkOption {
|
|
type = types.nullOr types.str;
|
|
default = "/var/lib/bee-clef/password";
|
|
description = "Password file for bee-clef.";
|
|
};
|
|
|
|
user = mkOption {
|
|
type = types.str;
|
|
default = "bee-clef";
|
|
description = ''
|
|
User the bee-clef daemon should execute under.
|
|
'';
|
|
};
|
|
|
|
group = mkOption {
|
|
type = types.str;
|
|
default = "bee-clef";
|
|
description = ''
|
|
Group the bee-clef daemon should execute under.
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
|
|
### implementation
|
|
|
|
config = mkIf cfg.enable {
|
|
# if we ever want to have rules.js under /etc/bee-clef/
|
|
# environment.etc."bee-clef/rules.js".source = ${pkgs.bee-clef}/rules.js
|
|
|
|
systemd.packages = [ pkgs.bee-clef ]; # include the upstream bee-clef.service file
|
|
|
|
systemd.tmpfiles.rules = [
|
|
"d '${cfg.dataDir}/' 0750 ${cfg.user} ${cfg.group}"
|
|
"d '${cfg.dataDir}/keystore' 0700 ${cfg.user} ${cfg.group}"
|
|
];
|
|
|
|
systemd.services.bee-clef = {
|
|
path = [
|
|
# these are needed for the ensure-clef-account script
|
|
pkgs.coreutils
|
|
pkgs.gnused
|
|
pkgs.gawk
|
|
];
|
|
|
|
wantedBy = [ "bee.service" "multi-user.target" ];
|
|
|
|
serviceConfig = {
|
|
User = cfg.user;
|
|
Group = cfg.group;
|
|
ExecStartPre = ''${pkgs.bee-clef}/share/bee-clef/ensure-clef-account "${cfg.dataDir}" "${pkgs.bee-clef}/share/bee-clef/"'';
|
|
ExecStart = [
|
|
"" # this hides/overrides what's in the original entry
|
|
"${pkgs.bee-clef}/share/bee-clef/bee-clef-service start"
|
|
];
|
|
ExecStop = [
|
|
"" # this hides/overrides what's in the original entry
|
|
"${pkgs.bee-clef}/share/bee-clef/bee-clef-service stop"
|
|
];
|
|
Environment = [
|
|
"CONFIGDIR=${cfg.dataDir}"
|
|
"PASSWORD_FILE=${cfg.passwordFile}"
|
|
];
|
|
};
|
|
};
|
|
|
|
users.users = optionalAttrs (cfg.user == "bee-clef") {
|
|
bee-clef = {
|
|
group = cfg.group;
|
|
home = cfg.dataDir;
|
|
isSystemUser = true;
|
|
description = "Daemon user for the bee-clef service";
|
|
};
|
|
};
|
|
|
|
users.groups = optionalAttrs (cfg.group == "bee-clef") {
|
|
bee-clef = {};
|
|
};
|
|
};
|
|
}
|