nixos-module: add gatherer
This commit is contained in:
parent
f81ab8d60c
commit
88232868cb
|
@ -9,7 +9,7 @@
|
||||||
|
|
||||||
outputs = { self, nixpkgs, utils, fenix, naersk }: {
|
outputs = { self, nixpkgs, utils, fenix, naersk }: {
|
||||||
overlay = final: prev: {
|
overlay = final: prev: {
|
||||||
inherit (self.packages.${prev.system}) caveman-hunter;
|
inherit (self.packages.${prev.system}) caveman-hunter caveman-gatherer;
|
||||||
};
|
};
|
||||||
|
|
||||||
nixosModule = self.nixosModules.caveman;
|
nixosModule = self.nixosModules.caveman;
|
||||||
|
|
|
@ -15,6 +15,17 @@ let
|
||||||
builtins.toJSON hunterSettings
|
builtins.toJSON hunterSettings
|
||||||
);
|
);
|
||||||
|
|
||||||
|
gathererDefaultSettings = {
|
||||||
|
redis = "redis://127.0.0.1:${toString cfg.redis.port}/";
|
||||||
|
listen_port = 8000;
|
||||||
|
};
|
||||||
|
|
||||||
|
gathererSettings = lib.recursiveUpdate gathererDefaultSettings cfg.gatherer.settings;
|
||||||
|
|
||||||
|
gathererConfigFile = builtins.toFile "gatherer.yaml" (
|
||||||
|
builtins.toJSON gathererSettings
|
||||||
|
);
|
||||||
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options.services.caveman = with lib; {
|
options.services.caveman = with lib; {
|
||||||
|
@ -42,6 +53,18 @@ in
|
||||||
type = types.enum [ "ERROR" "WARN" "INFO" "DEBUG" "TRACE" ];
|
type = types.enum [ "ERROR" "WARN" "INFO" "DEBUG" "TRACE" ];
|
||||||
default = "DEBUG";
|
default = "DEBUG";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
gatherer.enable = mkEnableOption "caveman gatherer";
|
||||||
|
|
||||||
|
gatherer.settings = mkOption {
|
||||||
|
type = types.anything;
|
||||||
|
default = gathererDefaultSettings;
|
||||||
|
};
|
||||||
|
|
||||||
|
gatherer.logLevel = mkOption {
|
||||||
|
type = types.enum [ "ERROR" "WARN" "INFO" "DEBUG" "TRACE" ];
|
||||||
|
default = "DEBUG";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = {
|
config = {
|
||||||
|
@ -77,7 +100,34 @@ in
|
||||||
RestrictRealtime = true;
|
RestrictRealtime = true;
|
||||||
LockPersonality = true;
|
LockPersonality = true;
|
||||||
MemoryDenyWriteExecute = true;
|
MemoryDenyWriteExecute = true;
|
||||||
LimitNOFile = 2 * hunterSettings.max_workers;
|
LimitNOFile = 100000;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.caveman-gatherer = lib.mkIf cfg.gatherer.enable {
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
requires = [ "redis-caveman.service" ];
|
||||||
|
after = [ "redis-caveman.service" "network-online.target" ];
|
||||||
|
environment.RUST_LOG = "caveman=${cfg.gatherer.logLevel}";
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart = "${pkgs.caveman-gatherer}/bin/caveman-gatherer ${gathererConfigFile}";
|
||||||
|
Type = "notify";
|
||||||
|
Restart = "always";
|
||||||
|
RestartSec = 10;
|
||||||
|
DynamicUser = true;
|
||||||
|
User = "caveman-gatherer";
|
||||||
|
ProtectSystem = "strict";
|
||||||
|
ProtectHome = true;
|
||||||
|
ProtectHostname = true;
|
||||||
|
ProtectKernelLogs = true;
|
||||||
|
ProtectKernelModules = true;
|
||||||
|
ProtectKernelTunables = true;
|
||||||
|
RestrictNamespaces = true;
|
||||||
|
RestrictRealtime = true;
|
||||||
|
LockPersonality = true;
|
||||||
|
MemoryDenyWriteExecute = true;
|
||||||
|
LimitNOFile = 100000;
|
||||||
|
WorkingDirectory = "${pkgs.caveman-gatherer}/share/caveman/gatherer";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in New Issue
Block a user