From 9e9e651b105060d5663a6f8439e1b76d3eafc5e4 Mon Sep 17 00:00:00 2001 From: Astro Date: Thu, 3 Nov 2022 19:49:00 +0100 Subject: [PATCH] add nixos-module --- flake.nix | 22 +++++++++++-- hunter/Cargo.lock | 2 +- hunter/Cargo.toml | 2 +- nixos-module.nix | 78 +++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 100 insertions(+), 4 deletions(-) create mode 100644 nixos-module.nix diff --git a/flake.nix b/flake.nix index 5c7dedf..ed6743c 100644 --- a/flake.nix +++ b/flake.nix @@ -8,8 +8,26 @@ }; outputs = { self, nixpkgs, utils, fenix, naersk }: { - # nixosModule = self.nixosModules.caveman; - # nixosModules.caveman = import ./nixos-module.nix { inherit self; }; + overlay = final: prev: { + inherit (self.packages.${prev.system}) caveman-hunter; + }; + + nixosModule = self.nixosModules.caveman; + nixosModules.caveman = { + imports = [ ./nixos-module.nix ]; + nixpkgs.overlays = [ self.overlay ]; + }; + + nixosConfigurations.example = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ { + networking.hostName = "example"; + users.users.root.initialPassword = ""; + services.caveman.hunter = { + enable = true; + }; + } self.nixosModule ]; + }; } // utils.lib.eachSystem (with utils.lib.system; [ x86_64-linux aarch64-linux ]) (system: let pkgs = nixpkgs.legacyPackages.${system}; diff --git a/hunter/Cargo.lock b/hunter/Cargo.lock index 7ba193c..3e97220 100644 --- a/hunter/Cargo.lock +++ b/hunter/Cargo.lock @@ -104,7 +104,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ec8a7b6a70fde80372154c65702f00a0f56f3e1c36abbc6c440484be248856db" [[package]] -name = "caveman" +name = "caveman-hunter" version = "0.0.0" dependencies = [ "chrono", diff --git a/hunter/Cargo.toml b/hunter/Cargo.toml index e23ae2a..7a54686 100644 --- a/hunter/Cargo.toml +++ b/hunter/Cargo.toml @@ -1,5 +1,5 @@ [package] -name = "caveman" +name = "caveman-hunter" version = "0.0.0" edition = "2021" diff --git a/nixos-module.nix b/nixos-module.nix new file mode 100644 index 0000000..cae865b --- /dev/null +++ b/nixos-module.nix @@ -0,0 +1,78 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.services.caveman; + + hunterDefaultSettings = { + redis = "redis://127.0.0.1:${toString cfg.redis.port}/"; + hosts = [ "mastodon.social" "fosstodon.org" "chaos.social" "dresden.network" ]; + interval_after_error = 7200; + max_workers = 16; + }; + + hunterConfigFile = builtins.toFile "hunter.yaml" ( + builtins.toJSON ( + lib.recursiveUpdate hunterDefaultSettings cfg.hunter.settings + ) + ); + +in +{ + options.services.caveman = with lib; { + redis.port = mkOption { + type = types.int; + default = 6379; + }; + redis.maxmemory = mkOption { + type = types.int; + default = 1024 * 1024 * 1024; + }; + redis.maxmemory-samples = mkOption { + type = types.int; + default = 8; + }; + + hunter.enable = mkEnableOption "caveman hunter"; + + hunter.settings = mkOption { + type = types.anything; + default = hunterDefaultSettings; + }; + }; + + config = { + services.redis.servers.caveman = lib.mkIf cfg.hunter.enable { + enable = true; + port = cfg.redis.port; + settings = { + inherit (cfg.redis) maxmemory maxmemory-samples; + maxmemory-policy = "allkeys-lru"; + }; + }; + + systemd.services.caveman-hunter = lib.mkIf cfg.hunter.enable { + wantedBy = [ "multi-user.target" ]; + requires = [ "redis-caveman.service" ]; + after = [ "redis-caveman.service" "network-online.target" ]; + serviceConfig = { + ExecStart = "${pkgs.caveman-hunter}/bin/caveman-hunter ${hunterConfigFile}"; + Type = "notify"; + WatchdogSec = 60; + Restart = "always"; + RestartSec = 10; + DynamicUser = true; + User = "caveman-hunter"; + ProtectSystem = "strict"; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + RestrictNamespaces = true; + RestrictRealtime = true; + LockPersonality = true; + MemoryDenyWriteExecute = true; + }; + }; + }; +}