Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / 6c69fcdbc92c7fd369bd441a7e1edc8749a1bba4 / . / hswaw / machines / customs.hackerspace.pl / checkinator-tracker.nix
blob: 17a9b1708fb6736f8bf0748b56aad0f2cb3f217b [file] [log] [blame]
Piotr Dobrowolskia01905a2021-10-16 18:22:46 +0200[diff] [blame]1{ pkgs, ... }:
2
3let
Piotr Dobrowolski6c69fcd2021-10-17 00:32:25 +0200[diff] [blame^]4 checkinator = pkgs.callPackage ./checkinator.nix {};
Piotr Dobrowolskia01905a2021-10-16 18:22:46 +0200[diff] [blame]5
6 name = "checkinator-tracker";
7 user = name;
8 group = name;
9 socket_dir = "/run/${name}/";
10
11 prepare = pkgs.writeShellScriptBin "${name}-prepare" ''
12 rm -rf /mnt/secrets/${name}
13 ${pkgs.coreutils}/bin/install --owner=${user} --mode=500 --directory /mnt/secrets/${name}
14 ${pkgs.coreutils}/bin/install --owner=${user} --mode=400 -t /mnt/secrets/${name} \
15 /etc/nixos/secrets/${name}/ca.pem \
16 /etc/nixos/secrets/${name}/cert.pem \
17 /etc/nixos/secrets/${name}/key.pem
18
19 rm -rf ${socket_dir}
20 mkdir --mode=700 ${socket_dir}
21 ${pkgs.acl}/bin/setfacl -m "u:${user}:rwx" ${socket_dir}
22 ${pkgs.acl}/bin/setfacl -m "u:checkinator-web:rx" ${socket_dir}
23 '';
24 config = builtins.toFile "${name}-config.yaml" (pkgs.lib.generators.toYAML {} {
25 # path to dhcpd lease file
26 LEASE_FILE = "/var/lib/dhcp/dhcpd.leases";
27
28 # timeout for old leases
29 TIMEOUT = 1500;
30
31 # optional - local trusted socket
32 GRPC_UNIX_SOCKET = "${socket_dir}/checkinator.sock";
33
34 # optional - remote authenticated (TLS cert) socket
35 GRPC_TLS_CERT_DIR = "/mnt/secrets/checkinator-tracker";
36 GRPC_TLS_CA_CERT = "/mnt/secrets/checkinator-tracker/ca.pem";
37 GRPC_TLS_ADDRESS = "[::]:2847";
38 });
39in {
40 users.users."${user}" = {
41 group = "${group}";
Piotr Dobrowolskib6bc3e62021-10-16 21:56:59 +0200[diff] [blame]42 isSystemUser = true;
43 uid = 1001;
Piotr Dobrowolskia01905a2021-10-16 18:22:46 +0200[diff] [blame]44 };
45 users.groups."${group}" = {};
46
47 systemd.services."${name}" = {
48 description = "Hackerspace Checkinator";
49 wantedBy = [ "multi-user.target" ];
50
51 serviceConfig.User = "${user}";
52 serviceConfig.Type = "simple";
53
54 serviceConfig.ExecStartPre = [
55 ''!${prepare}/bin/${name}-prepare''
56 ];
57 serviceConfig.ExecStart = "${checkinator}/bin/checkinator-tracker ${config}";
58 serviceConfig.ExecStopPost = [
59 ''!${pkgs.coreutils}/bin/rm -rf /mnt/secrets/${name}''
60 ''!${pkgs.coreutils}/bin/rm -rf ${socket_dir}''
61 ];
62
63 };
64 environment.systemPackages = [ checkinator ];
65}