forked from M-Labs/it-infra
nixbld: run AFWS server
This commit is contained in:
parent
322d267caf
commit
0b8aa97192
|
@ -0,0 +1,38 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
with lib;
|
||||
let
|
||||
afws = pkgs.callPackage ./afws { inherit pkgs; };
|
||||
in
|
||||
{
|
||||
options.services.afws = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Enable AFWS server";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf config.services.afws.enable {
|
||||
systemd.services.afws = {
|
||||
description = "AFWS server";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
User = "afws";
|
||||
Group = "afws";
|
||||
ExecStart = "${afws}/bin/afws_server";
|
||||
};
|
||||
path = [ pkgs.nix_2_4 pkgs.git ];
|
||||
};
|
||||
|
||||
users.users.afws = {
|
||||
name = "afws";
|
||||
group = "afws";
|
||||
description = "AFWS server user";
|
||||
isSystemUser = true;
|
||||
createHome = false;
|
||||
home = "/var/lib/afws";
|
||||
useDefaultShell = true;
|
||||
};
|
||||
users.extraGroups.afws = {};
|
||||
};
|
||||
}
|
|
@ -17,6 +17,7 @@ in
|
|||
./hardware-configuration.nix
|
||||
./backup-module.nix
|
||||
./github-backup-module.nix
|
||||
./afws-module.nix
|
||||
./rt.nix
|
||||
];
|
||||
|
||||
|
@ -59,7 +60,7 @@ in
|
|||
hostName = "nixbld";
|
||||
hostId = "e423f012";
|
||||
firewall = {
|
||||
allowedTCPPorts = [ 80 443 ];
|
||||
allowedTCPPorts = [ 80 443 7402 ];
|
||||
allowedUDPPorts = [ 53 67 ];
|
||||
trustedInterfaces = [ netifLan ];
|
||||
};
|
||||
|
@ -222,6 +223,7 @@ in
|
|||
iw
|
||||
nvme-cli
|
||||
borgbackup
|
||||
(callPackage ./afws { inherit pkgs; })
|
||||
];
|
||||
|
||||
# Some programs need SUID wrappers, can be configured further or are
|
||||
|
@ -273,7 +275,7 @@ in
|
|||
|
||||
users.extraUsers.sb = {
|
||||
isNormalUser = true;
|
||||
extraGroups = ["lp" "scanner"];
|
||||
extraGroups = ["lp" "scanner" "afws"];
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyPk5WyFoWSvF4ozehxcVBoZ+UHgrI7VW/OoQfFFwIQe0qvetUZBMZwR2FwkLPAMZV8zz1v4EfncudEkVghy4P+/YVLlDjqDq9zwZnh8Nd/ifu84wmcNWHT2UcqnhjniCdshL8a44memzABnxfLLv+sXhP2x32cJAamo5y6fukr2qLp2jbXzR+3sv3klE0ruUXis/BR1lLqNJEYP8jB6fLn2sLKinnZPfn6DwVOk10mGeQsdME/eGl3phpjhODH9JW5V2V5nJBbC0rBnq+78dyArKVqjPSmIcSy72DEIpTctnMEN1W34BGrnsDd5Xd/DKxKxHKTMCHtZRwLC2X0NWN"
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCMALVC8RDTHec+PC8y1s3tcpUAODgq6DEzQdHDf/cyvDMfmCaPiMxfIdmkns5lMa03hymIfSmLUF0jFFDc7biRp7uf9AAXNsrTmplHii0l0McuOOZGlSdZM4eL817P7UwJqFMxJyFXDjkubhQiX6kp25Kfuj/zLnupRCaiDvE7ho/xay6Jrv0XLz935TPDwkc7W1asLIvsZLheB+sRz9SMOb9gtrvk5WXZl5JTOFOLu+JaRwQLHL/xdcHJTOod7tqHYfpoC5JHrEwKzbhTOwxZBQBfTQjQktKENQtBxXHTe71rUEWfEZQGg60/BC4BrRmh4qJjlJu3v4VIhC7SSHn1"
|
||||
|
@ -282,6 +284,7 @@ in
|
|||
};
|
||||
users.extraUsers.rj = {
|
||||
isNormalUser = true;
|
||||
extraGroups = ["afws"];
|
||||
};
|
||||
users.extraUsers.backupdl = {
|
||||
isNormalUser = true;
|
||||
|
@ -293,7 +296,7 @@ in
|
|||
};
|
||||
users.extraUsers.occheung = {
|
||||
isNormalUser = true;
|
||||
extraGroups = ["lp" "scanner"];
|
||||
extraGroups = ["lp" "scanner" "afws"];
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBPEvmWmxpFpMgp5fpjKud8ev0cyf/+X5fEpQt/YD/+u4mbvZYPE300DLqQ0h/qjgvaGMz1ndf4idYnRdy+plJEC/+hmlRW5NlcpAr3S/LYAisacgKToFVl+MlBo+emS9Ig=="
|
||||
];
|
||||
|
@ -404,7 +407,7 @@ in
|
|||
];
|
||||
};
|
||||
};
|
||||
|
||||
services.afws.enable = true;
|
||||
|
||||
nix.extraOptions = ''
|
||||
secret-key-files = /etc/nixos/secret/nixbld.m-labs.hk-1
|
||||
|
|
Loading…
Reference in New Issue