{ config, pkgs, lib, ... }: with lib; let afws = pkgs.callPackage ./afws { inherit pkgs; }; in { options.services.afws = { enable = mkOption { type = types.bool; default = false; description = "Enable AFWS server"; }; logFile = mkOption { type = types.str; default = "/var/lib/afws/logs/afws.log"; description = "Path to the log file"; }; logBackupCount = mkOption { type = types.int; default = 30; description = "Number of daily log files to keep"; }; }; config = mkIf config.services.afws.enable { systemd.services.afws = { description = "AFWS server"; wantedBy = [ "multi-user.target" ]; preStart = '' mkdir -p "$(dirname ${config.services.afws.logFile})" chown afws:afws "$(dirname ${config.services.afws.logFile})" ''; serviceConfig = { User = "afws"; Group = "afws"; ExecStart = '' ${afws}/bin/afws_server \ --log-file ${config.services.afws.logFile} \ --log-backup-count ${toString config.services.afws.logBackupCount} ''; ExecReload = "${pkgs.coreutils}/bin/kill -USR1 $MAINPID"; }; path = [ pkgs.nix pkgs.git ]; }; security.acme.certs."afws.m-labs.hk".postRun = '' mkdir -p /var/lib/afws/cert cp cert.pem /var/lib/afws/cert cp key.pem /var/lib/afws/cert chown -R afws:afws /var/lib/afws/cert ''; security.acme.certs."afws.m-labs.hk".reloadServices = [ "afws.service" ]; users.users.afws = { name = "afws"; group = "afws"; description = "AFWS server user"; isSystemUser = true; createHome = false; home = "/var/lib/afws"; useDefaultShell = true; }; users.extraGroups.afws = {}; }; }