1
0
Fork 0
it-infra/nixbld-etc-nixos/afws-module.nix

67 lines
1.8 KiB
Nix

{ config, pkgs, lib, ... }:
with lib;
let
afws = pkgs.callPackage ./afws { inherit pkgs; };
in
{
options.services.afws = {
enable = mkOption {
type = types.bool;
default = false;
description = "Enable AFWS server";
};
logFile = mkOption {
type = types.str;
default = "/var/lib/afws/logs/afws.log";
description = "Path to the log file";
};
logBackupCount = mkOption {
type = types.int;
default = 30;
description = "Number of daily log files to keep";
};
};
config = mkIf config.services.afws.enable {
systemd.services.afws = {
description = "AFWS server";
wantedBy = [ "multi-user.target" ];
preStart = ''
mkdir -p "$(dirname ${config.services.afws.logFile})"
chown afws:afws "$(dirname ${config.services.afws.logFile})"
'';
serviceConfig = {
User = "afws";
Group = "afws";
ExecStart = ''
${afws}/bin/afws_server \
--log-file ${config.services.afws.logFile} \
--log-backup-count ${toString config.services.afws.logBackupCount}
'';
ExecReload = "${pkgs.coreutils}/bin/kill -USR1 $MAINPID";
};
path = [ pkgs.nix pkgs.git ];
};
security.acme.certs."afws.m-labs.hk".postRun =
''
mkdir -p /var/lib/afws/cert
cp cert.pem /var/lib/afws/cert
cp key.pem /var/lib/afws/cert
chown -R afws:afws /var/lib/afws/cert
'';
security.acme.certs."afws.m-labs.hk".reloadServices = [ "afws.service" ];
users.users.afws = {
name = "afws";
group = "afws";
description = "AFWS server user";
isSystemUser = true;
createHome = false;
home = "/var/lib/afws";
useDefaultShell = true;
};
users.extraGroups.afws = {};
};
}