hswaw/machines/customs.hackerspace.pl/doorman/service.nix - hscloud - Gitiles

 { config, lib, pkgs, ... }:

 let
   cfg = config.hswaw.doorman-proxy;
   inherit (lib) types;

   name = "doorman-proxy";
   user = name;
   group = name;

   python = pkgs.python3.withPackages (pp: [
     (pp.callPackage ./default.nix {})
     pp.gunicorn
   ]);

 in {
   options.hswaw.doorman-proxy = {
     enable = lib.mkEnableOption "Doorman LDAP proxy";
     address = lib.mkOption {
       type = types.str;
       default = "127.0.0.1";
     };
     port = lib.mkOption {
       type = types.int;
       default = 8080;
     };
     password-file = lib.mkOption {
       type = types.nullOr types.str;
       default = null;
     };
   };

   config = lib.mkIf cfg.enable {
     users.users."${user}" = {
       group           = "${group}";
       useDefaultShell = true;
       isSystemUser = true;
     };
     users.groups."${group}" = {};

     systemd.services."${name}" = {
       description = "Hackerspace Access Control Ldap Proxy";
       wantedBy    = [ "multi-user.target" ];

       serviceConfig = {
         User = "${user}";
         Type = "simple";
         RemainAfterExit = true;
         DynamicUser = false;

         RuntimeDirectory = "doorman-proxy";
         ExecStartPre = let
           secrets-dir = "\${RUNTIME_DIRECTORY}/secrets";
         in
         [
           ''!${pkgs.coreutils}/bin/install --owner=${user} --mode=700 --directory "${secrets-dir}"''
           ''!${pkgs.coreutils}/bin/install --owner=${user} --mode=700 --no-target-directory  "${cfg.password-file}" "${secrets-dir}/ac-ldap-password.txt"''
         ];
         ExecStart = ''${python}/bin/gunicorn --log-level debug --chdir "''${RUNTIME_DIRECTORY}" --bind "${cfg.address}:${builtins.toString cfg.port}"  doormanproxy:app'';
       };
     };
   };
 }
	{ config, lib, pkgs, ... }:

	let
	cfg = config.hswaw.doorman-proxy;
	inherit (lib) types;

	name = "doorman-proxy";
	user = name;
	group = name;

	python = pkgs.python3.withPackages (pp: [
	(pp.callPackage ./default.nix {})
	pp.gunicorn
	]);

	in {
	options.hswaw.doorman-proxy = {
	enable = lib.mkEnableOption "Doorman LDAP proxy";
	address = lib.mkOption {
	type = types.str;
	default = "127.0.0.1";
	};
	port = lib.mkOption {
	type = types.int;
	default = 8080;
	};
	password-file = lib.mkOption {
	type = types.nullOr types.str;
	default = null;
	};
	};

	config = lib.mkIf cfg.enable {
	users.users."${user}" = {
	group = "${group}";
	useDefaultShell = true;
	isSystemUser = true;
	};
	users.groups."${group}" = {};

	systemd.services."${name}" = {
	description = "Hackerspace Access Control Ldap Proxy";
	wantedBy = [ "multi-user.target" ];

	serviceConfig = {
	User = "${user}";
	Type = "simple";
	RemainAfterExit = true;
	DynamicUser = false;

	RuntimeDirectory = "doorman-proxy";
	ExecStartPre = let
	secrets-dir = "\${RUNTIME_DIRECTORY}/secrets";
	in
	[
	''!${pkgs.coreutils}/bin/install --owner=${user} --mode=700 --directory "${secrets-dir}"''
	''!${pkgs.coreutils}/bin/install --owner=${user} --mode=700 --no-target-directory "${cfg.password-file}" "${secrets-dir}/ac-ldap-password.txt"''
	];
	ExecStart = ''${python}/bin/gunicorn --log-level debug --chdir "''${RUNTIME_DIRECTORY}" --bind "${cfg.address}:${builtins.toString cfg.port}" doormanproxy:app'';
	};
	};
	};
	}