add nixos-module

2022-11-03 19:49:00 +01:00 · 2022-11-03 19:49:00 +01:00 · 9e9e651b10
parent ca66146eb3
commit 9e9e651b10
4 changed files with 100 additions and 4 deletions
--- a/flake.nix
+++ b/flake.nix
@ -8,8 +8,26 @@
  };

  outputs = { self, nixpkgs, utils, fenix, naersk }: {
-    # nixosModule = self.nixosModules.caveman;
-    # nixosModules.caveman = import ./nixos-module.nix { inherit self; };
+    overlay = final: prev: {
+      inherit (self.packages.${prev.system}) caveman-hunter;
+    };
+
+    nixosModule = self.nixosModules.caveman;
+    nixosModules.caveman = {
+      imports = [ ./nixos-module.nix ];
+      nixpkgs.overlays = [ self.overlay ];
+    };
+
+    nixosConfigurations.example = nixpkgs.lib.nixosSystem {
+      system = "x86_64-linux";
+      modules = [ {
+        networking.hostName = "example";
+        users.users.root.initialPassword = "";
+        services.caveman.hunter = {
+          enable = true;
+        };
+      } self.nixosModule ];
+    };
  } //
  utils.lib.eachSystem (with utils.lib.system; [ x86_64-linux aarch64-linux ]) (system: let
    pkgs = nixpkgs.legacyPackages.${system};
--- a/hunter/Cargo.lock
+++ b/hunter/Cargo.lock
@ -104,7 +104,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ec8a7b6a70fde80372154c65702f00a0f56f3e1c36abbc6c440484be248856db"

 [[package]]
-name = "caveman"
+name = "caveman-hunter"
 version = "0.0.0"
 dependencies = [
 "chrono",
--- a/hunter/Cargo.toml
+++ b/hunter/Cargo.toml
@ -1,5 +1,5 @@
 [package]
-name = "caveman"
+name = "caveman-hunter"
 version = "0.0.0"
 edition = "2021"

--- a/nixos-module.nix
+++ b/nixos-module.nix
@ -0,0 +1,78 @@
+{ config, lib, pkgs, ... }:
+
+let
+  cfg = config.services.caveman;
+
+  hunterDefaultSettings = {
+    redis = "redis://127.0.0.1:${toString cfg.redis.port}/";
+    hosts = [ "mastodon.social" "fosstodon.org" "chaos.social" "dresden.network" ];
+    interval_after_error = 7200;
+    max_workers = 16;
+  };
+
+  hunterConfigFile = builtins.toFile "hunter.yaml" (
+    builtins.toJSON (
+      lib.recursiveUpdate hunterDefaultSettings cfg.hunter.settings
+    )
+  );
+
+in
+{
+  options.services.caveman = with lib; {
+    redis.port = mkOption {
+      type = types.int;
+      default = 6379;
+    };
+    redis.maxmemory = mkOption {
+      type = types.int;
+      default = 1024 * 1024 * 1024;
+    };
+    redis.maxmemory-samples = mkOption {
+      type = types.int;
+      default = 8;
+    };
+
+    hunter.enable = mkEnableOption "caveman hunter";
+
+    hunter.settings = mkOption {
+      type = types.anything;
+      default = hunterDefaultSettings;
+    };
+  };
+
+  config = {
+    services.redis.servers.caveman = lib.mkIf cfg.hunter.enable {
+      enable = true;
+      port = cfg.redis.port;
+      settings = {
+        inherit (cfg.redis) maxmemory maxmemory-samples;
+        maxmemory-policy = "allkeys-lru";
+      };
+    };
+
+    systemd.services.caveman-hunter = lib.mkIf cfg.hunter.enable {
+      wantedBy = [ "multi-user.target" ];
+      requires = [ "redis-caveman.service" ];
+      after = [ "redis-caveman.service" "network-online.target" ];
+      serviceConfig = {
+        ExecStart = "${pkgs.caveman-hunter}/bin/caveman-hunter ${hunterConfigFile}";
+        Type = "notify";
+        WatchdogSec = 60;
+        Restart = "always";
+        RestartSec = 10;
+        DynamicUser = true;
+        User = "caveman-hunter";
+        ProtectSystem = "strict";
+        ProtectHome = true;
+        ProtectHostname = true;
+        ProtectKernelLogs = true;
+        ProtectKernelModules = true;
+        ProtectKernelTunables = true;
+        RestrictNamespaces = true;
+        RestrictRealtime = true;
+        LockPersonality = true;
+        MemoryDenyWriteExecute = true;
+      };
+    };
+  };
+}