nixos-module: add gatherer

2022-11-10 02:47:46 +01:00 · 2022-11-10 02:47:46 +01:00 · 88232868cb
parent f81ab8d60c
commit 88232868cb
2 changed files with 52 additions and 2 deletions
--- a/flake.nix
+++ b/flake.nix
@ -9,7 +9,7 @@

  outputs = { self, nixpkgs, utils, fenix, naersk }: {
    overlay = final: prev: {
-      inherit (self.packages.${prev.system}) caveman-hunter;
+      inherit (self.packages.${prev.system}) caveman-hunter caveman-gatherer;
    };

    nixosModule = self.nixosModules.caveman;
--- a/nixos-module.nix
+++ b/nixos-module.nix
@ -15,6 +15,17 @@ let
    builtins.toJSON hunterSettings
  );

+  gathererDefaultSettings = {
+    redis = "redis://127.0.0.1:${toString cfg.redis.port}/";
+    listen_port = 8000;
+  };
+
+  gathererSettings = lib.recursiveUpdate gathererDefaultSettings cfg.gatherer.settings;
+
+  gathererConfigFile = builtins.toFile "gatherer.yaml" (
+    builtins.toJSON gathererSettings
+  );
+
 in
 {
  options.services.caveman = with lib; {
@ -42,6 +53,18 @@ in
      type = types.enum [ "ERROR" "WARN" "INFO" "DEBUG" "TRACE" ];
      default = "DEBUG";
    };
+
+    gatherer.enable = mkEnableOption "caveman gatherer";
+
+    gatherer.settings = mkOption {
+      type = types.anything;
+      default = gathererDefaultSettings;
+    };
+
+    gatherer.logLevel = mkOption {
+      type = types.enum [ "ERROR" "WARN" "INFO" "DEBUG" "TRACE" ];
+      default = "DEBUG";
+    };
  };

  config = {
@ -77,7 +100,34 @@ in
        RestrictRealtime = true;
        LockPersonality = true;
        MemoryDenyWriteExecute = true;
-        LimitNOFile = 2 * hunterSettings.max_workers;
+        LimitNOFile = 100000;
+      };
+    };
+
+    systemd.services.caveman-gatherer = lib.mkIf cfg.gatherer.enable {
+      wantedBy = [ "multi-user.target" ];
+      requires = [ "redis-caveman.service" ];
+      after = [ "redis-caveman.service" "network-online.target" ];
+      environment.RUST_LOG = "caveman=${cfg.gatherer.logLevel}";
+      serviceConfig = {
+        ExecStart = "${pkgs.caveman-gatherer}/bin/caveman-gatherer ${gathererConfigFile}";
+        Type = "notify";
+        Restart = "always";
+        RestartSec = 10;
+        DynamicUser = true;
+        User = "caveman-gatherer";
+        ProtectSystem = "strict";
+        ProtectHome = true;
+        ProtectHostname = true;
+        ProtectKernelLogs = true;
+        ProtectKernelModules = true;
+        ProtectKernelTunables = true;
+        RestrictNamespaces = true;
+        RestrictRealtime = true;
+        LockPersonality = true;
+        MemoryDenyWriteExecute = true;
+        LimitNOFile = 100000;
+        WorkingDirectory = "${pkgs.caveman-gatherer}/share/caveman/gatherer";
      };
    };
  };