forked from M-Labs/it-infra
49 lines
1.2 KiB
Nix
49 lines
1.2 KiB
Nix
{ config, pkgs, lib, ... }:
|
|
with lib;
|
|
let
|
|
afws = pkgs.callPackage ./afws { inherit pkgs; };
|
|
in
|
|
{
|
|
options.services.afws = {
|
|
enable = mkOption {
|
|
type = types.bool;
|
|
default = false;
|
|
description = "Enable AFWS server";
|
|
};
|
|
};
|
|
|
|
config = mkIf config.services.afws.enable {
|
|
systemd.services.afws = {
|
|
description = "AFWS server";
|
|
wantedBy = [ "multi-user.target" ];
|
|
serviceConfig = {
|
|
User = "afws";
|
|
Group = "afws";
|
|
ExecStart = "${afws}/bin/afws_server";
|
|
ExecReload = "${pkgs.coreutils}/bin/kill -USR1 $MAINPID";
|
|
};
|
|
path = [ pkgs.nix pkgs.git ];
|
|
};
|
|
|
|
security.acme.certs."afws.m-labs.hk".postRun =
|
|
''
|
|
mkdir -p /var/lib/afws/cert
|
|
cp cert.pem /var/lib/afws/cert
|
|
cp key.pem /var/lib/afws/cert
|
|
chown -R afws:afws /var/lib/afws/cert
|
|
'';
|
|
security.acme.certs."afws.m-labs.hk".reloadServices = [ "afws.service" ];
|
|
|
|
users.users.afws = {
|
|
name = "afws";
|
|
group = "afws";
|
|
description = "AFWS server user";
|
|
isSystemUser = true;
|
|
createHome = false;
|
|
home = "/var/lib/afws";
|
|
useDefaultShell = true;
|
|
};
|
|
users.extraGroups.afws = {};
|
|
};
|
|
}
|