astro/caveman
astro
/
caveman
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
caveman/nixos-module.nix

85 lines
2.2 KiB
Nix
Raw Normal View History

add nixos-module
2022-11-03 19:49:00 +01:00
{ config, lib, pkgs, ... }:
let
cfg = config.services.caveman;
hunterDefaultSettings = {
redis = "redis://127.0.0.1:${toString cfg.redis.port}/";
hosts = [ "mastodon.social" "fosstodon.org" "chaos.social" "dresden.network" ];
interval_after_error = 7200;
max_workers = 16;
};
hunterConfigFile = builtins.toFile "hunter.yaml" (
builtins.toJSON (
lib.recursiveUpdate hunterDefaultSettings cfg.hunter.settings
)
);
in
{
options.services.caveman = with lib; {
redis.port = mkOption {
type = types.int;
default = 6379;
};
redis.maxmemory = mkOption {
type = types.int;
default = 1024 * 1024 * 1024;
};
redis.maxmemory-samples = mkOption {
type = types.int;
default = 8;
};
hunter.enable = mkEnableOption "caveman hunter";
hunter.settings = mkOption {
type = types.anything;
default = hunterDefaultSettings;
};
nixos-module: add option services.caveman.hunter.logLevel
2022-11-03 19:57:30 +01:00
hunter.logLevel = mkOption {
type = types.enum [ "ERROR" "WARN" "INFO" "DEBUG" "TRACE" ];
default = "DEBUG";
};
add nixos-module
2022-11-03 19:49:00 +01:00
};
config = {
services.redis.servers.caveman = lib.mkIf cfg.hunter.enable {
enable = true;
port = cfg.redis.port;
settings = {
inherit (cfg.redis) maxmemory maxmemory-samples;
maxmemory-policy = "allkeys-lru";
};
};
systemd.services.caveman-hunter = lib.mkIf cfg.hunter.enable {
wantedBy = [ "multi-user.target" ];
requires = [ "redis-caveman.service" ];
after = [ "redis-caveman.service" "network-online.target" ];
nixos-module: add option services.caveman.hunter.logLevel
2022-11-03 19:57:30 +01:00
environment.RUST_LOG = "caveman=${cfg.hunter.logLevel}";
add nixos-module
2022-11-03 19:49:00 +01:00
serviceConfig = {
ExecStart = "${pkgs.caveman-hunter}/bin/caveman-hunter ${hunterConfigFile}";
Type = "notify";
WatchdogSec = 60;
Restart = "always";
RestartSec = 10;
DynamicUser = true;
User = "caveman-hunter";
ProtectSystem = "strict";
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
RestrictNamespaces = true;
RestrictRealtime = true;
LockPersonality = true;
MemoryDenyWriteExecute = true;
};
};
};
}