-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdefault.nix
107 lines (105 loc) · 3.87 KB
/
default.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
{ self ? null }:
{ pkgs ? import <nixpkgs> {},
lib ? import <nixpkgs/lib>,
config, ...
}@args:
let
cfg = config.services.fastapi-dls;
envVars = {
DEBUG = builtins.toString cfg.debug;
DLS_URL = cfg.listen.ip;
DLS_PORT = builtins.toString cfg.listen.port;
TOKEN_EXPIRE_DAYS = builtins.toString cfg.authTokenExpire;
LEASE_EXPIRE_DAYS = builtins.toString cfg.lease.expire;
LEASE_RENEWAL_PERIOD = builtins.toString cfg.lease.renewalPeriod;
DATABASE = "sqlite:////var/lib/fastapi-dls/db.sqlite";
INSTANCE_KEY_RSA = "/var/lib/fastapi-dls/instance.private.pem";
INSTANCE_KEY_PUB = "/var/lib/fastapi-dls/instance.public.pem";
} // lib.optionalAttrs (cfg.timezone != null) {
TZ = cfg.timezone;
} // cfg.extraOptions;
package = if self == null then import ./package.nix { inherit pkgs; }
else self.outputs.packages.${pkgs.stdenv.targetPlatform.system}.default;
in
{
imports = [
(lib.mkRemovedOptionModule [ "services" "fastapi-dls" "supportMalformedJSON" ]
"Option services.fastapi-dls.supportMalformedJSON is not supported as the functionality has been removed since 1.5.0")
];
options = {
services.fastapi-dls = {
enable = lib.mkEnableOption "minimal Delegated License Service (DLS)";
debug = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Toggle fastapi debug mode.";
};
timezone = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
example = "America/Montreal";
description = "Timezone for fastapi-dls instance, null defaults to system timezone.";
};
listen.ip = lib.mkOption {
type = lib.types.str;
default = "localhost";
example = "192.168.69.1";
description = "IP which fastapi-dls should listen on.";
};
listen.port = lib.mkOption {
type = lib.types.port;
default = 443;
description = "Port which fastapi-dls should listen on.";
};
authTokenExpire = lib.mkOption {
type = lib.types.int;
default = 1;
description = "Client auth-token (not .tok token!) validity in days.";
};
lease.expire = lib.mkOption {
type = lib.types.int;
default = 90;
description = "Lease time in days.";
};
lease.renewalPeriod = lib.mkOption {
type = lib.types.float;
default = 0.15;
description = ''
The percentage of the lease period that must elapse before a licensed client can renew a license.
For example, if the lease period is one day and the renewal period is 20%, the client attempts to
renew its license every 4.8 hours. If network connectivity is lost, the loss of connectivity is
detected during license renewal and the client has 19.2 hours in which to re-establish
connectivity before its license expires.
'';
};
extraOptions = lib.mkOption {
type = lib.types.attrsOf lib.types.str;
default = {};
example = {
INSTANCE_KEY_RSA = "/home/user/fastapi-dls/instance.private.pem";
INSTANCE_KEY_PUB = "/home/user/fastapi-dls/instance.public.pem";
};
description = "Extra environment variables to pass to fastapi-dls.";
};
};
};
config = lib.mkIf cfg.enable {
systemd.services.fastapi-dls = {
description = "Service for fastapi-dls";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
environment = envVars;
serviceConfig = {
Type = "simple";
DynamicUser = true;
StateDirectory = "fastapi-dls";
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
WorkingDirectory = "/var/lib/fastapi-dls";
ExecStart = "${lib.getBin package}/bin/fastapi-dls";
Restart = "always";
KillSignal = "SIGQUIT";
NotifyAccess = "all";
};
};
};
}