add nixos-module
This commit is contained in:
parent
ca66146eb3
commit
9e9e651b10
22
flake.nix
22
flake.nix
|
@ -8,8 +8,26 @@
|
|||
};
|
||||
|
||||
outputs = { self, nixpkgs, utils, fenix, naersk }: {
|
||||
# nixosModule = self.nixosModules.caveman;
|
||||
# nixosModules.caveman = import ./nixos-module.nix { inherit self; };
|
||||
overlay = final: prev: {
|
||||
inherit (self.packages.${prev.system}) caveman-hunter;
|
||||
};
|
||||
|
||||
nixosModule = self.nixosModules.caveman;
|
||||
nixosModules.caveman = {
|
||||
imports = [ ./nixos-module.nix ];
|
||||
nixpkgs.overlays = [ self.overlay ];
|
||||
};
|
||||
|
||||
nixosConfigurations.example = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules = [ {
|
||||
networking.hostName = "example";
|
||||
users.users.root.initialPassword = "";
|
||||
services.caveman.hunter = {
|
||||
enable = true;
|
||||
};
|
||||
} self.nixosModule ];
|
||||
};
|
||||
} //
|
||||
utils.lib.eachSystem (with utils.lib.system; [ x86_64-linux aarch64-linux ]) (system: let
|
||||
pkgs = nixpkgs.legacyPackages.${system};
|
||||
|
|
|
@ -104,7 +104,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
|
|||
checksum = "ec8a7b6a70fde80372154c65702f00a0f56f3e1c36abbc6c440484be248856db"
|
||||
|
||||
[[package]]
|
||||
name = "caveman"
|
||||
name = "caveman-hunter"
|
||||
version = "0.0.0"
|
||||
dependencies = [
|
||||
"chrono",
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
[package]
|
||||
name = "caveman"
|
||||
name = "caveman-hunter"
|
||||
version = "0.0.0"
|
||||
edition = "2021"
|
||||
|
||||
|
|
|
@ -0,0 +1,78 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
cfg = config.services.caveman;
|
||||
|
||||
hunterDefaultSettings = {
|
||||
redis = "redis://127.0.0.1:${toString cfg.redis.port}/";
|
||||
hosts = [ "mastodon.social" "fosstodon.org" "chaos.social" "dresden.network" ];
|
||||
interval_after_error = 7200;
|
||||
max_workers = 16;
|
||||
};
|
||||
|
||||
hunterConfigFile = builtins.toFile "hunter.yaml" (
|
||||
builtins.toJSON (
|
||||
lib.recursiveUpdate hunterDefaultSettings cfg.hunter.settings
|
||||
)
|
||||
);
|
||||
|
||||
in
|
||||
{
|
||||
options.services.caveman = with lib; {
|
||||
redis.port = mkOption {
|
||||
type = types.int;
|
||||
default = 6379;
|
||||
};
|
||||
redis.maxmemory = mkOption {
|
||||
type = types.int;
|
||||
default = 1024 * 1024 * 1024;
|
||||
};
|
||||
redis.maxmemory-samples = mkOption {
|
||||
type = types.int;
|
||||
default = 8;
|
||||
};
|
||||
|
||||
hunter.enable = mkEnableOption "caveman hunter";
|
||||
|
||||
hunter.settings = mkOption {
|
||||
type = types.anything;
|
||||
default = hunterDefaultSettings;
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
services.redis.servers.caveman = lib.mkIf cfg.hunter.enable {
|
||||
enable = true;
|
||||
port = cfg.redis.port;
|
||||
settings = {
|
||||
inherit (cfg.redis) maxmemory maxmemory-samples;
|
||||
maxmemory-policy = "allkeys-lru";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.caveman-hunter = lib.mkIf cfg.hunter.enable {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
requires = [ "redis-caveman.service" ];
|
||||
after = [ "redis-caveman.service" "network-online.target" ];
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.caveman-hunter}/bin/caveman-hunter ${hunterConfigFile}";
|
||||
Type = "notify";
|
||||
WatchdogSec = 60;
|
||||
Restart = "always";
|
||||
RestartSec = 10;
|
||||
DynamicUser = true;
|
||||
User = "caveman-hunter";
|
||||
ProtectSystem = "strict";
|
||||
ProtectHome = true;
|
||||
ProtectHostname = true;
|
||||
ProtectKernelLogs = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectKernelTunables = true;
|
||||
RestrictNamespaces = true;
|
||||
RestrictRealtime = true;
|
||||
LockPersonality = true;
|
||||
MemoryDenyWriteExecute = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in New Issue