nixpkgs/nixos/modules/services/networking/bee-clef.nix
2021-02-01 10:56:04 +01:00

108 lines
2.9 KiB
Nix

{ config, lib, pkgs, ... }:
# NOTE for now nothing is installed into /etc/bee-clef/. the config files are used as read-only from the nix store.
with lib;
let
cfg = config.services.bee-clef;
in {
meta = {
maintainers = with maintainers; [ attila-lendvai ];
};
### interface
options = {
services.bee-clef = {
enable = mkEnableOption "clef external signer instance for Ethereum Swarm Bee";
dataDir = mkOption {
type = types.nullOr types.str;
default = "/var/lib/bee-clef";
description = ''
Data dir for bee-clef. Beware that some helper scripts may not work when changed!
The service itself should work fine, though.
'';
};
passwordFile = mkOption {
type = types.nullOr types.str;
default = "/var/lib/bee-clef/password";
description = "Password file for bee-clef.";
};
user = mkOption {
type = types.str;
default = "bee-clef";
description = ''
User the bee-clef daemon should execute under.
'';
};
group = mkOption {
type = types.str;
default = "bee-clef";
description = ''
Group the bee-clef daemon should execute under.
'';
};
};
};
### implementation
config = mkIf cfg.enable {
# if we ever want to have rules.js under /etc/bee-clef/
# environment.etc."bee-clef/rules.js".source = ${pkgs.bee-clef}/rules.js
systemd.packages = [ pkgs.bee-clef ]; # include the upstream bee-clef.service file
systemd.tmpfiles.rules = [
"d '${cfg.dataDir}/' 0750 ${cfg.user} ${cfg.group}"
"d '${cfg.dataDir}/keystore' 0700 ${cfg.user} ${cfg.group}"
];
systemd.services.bee-clef = {
path = [
# these are needed for the ensure-clef-account script
pkgs.coreutils
pkgs.gnused
pkgs.gawk
];
wantedBy = [ "bee.service" "multi-user.target" ];
serviceConfig = {
User = cfg.user;
Group = cfg.group;
ExecStartPre = ''${pkgs.bee-clef}/share/bee-clef/ensure-clef-account "${cfg.dataDir}" "${pkgs.bee-clef}/share/bee-clef/"'';
ExecStart = [
"" # this hides/overrides what's in the original entry
"${pkgs.bee-clef}/share/bee-clef/bee-clef-service start"
];
ExecStop = [
"" # this hides/overrides what's in the original entry
"${pkgs.bee-clef}/share/bee-clef/bee-clef-service stop"
];
Environment = [
"CONFIGDIR=${cfg.dataDir}"
"PASSWORD_FILE=${cfg.passwordFile}"
];
};
};
users.users = optionalAttrs (cfg.user == "bee-clef") {
bee-clef = {
group = cfg.group;
home = cfg.dataDir;
isSystemUser = true;
description = "Daemon user for the bee-clef service";
};
};
users.groups = optionalAttrs (cfg.group == "bee-clef") {
bee-clef = {};
};
};
}