{ config, lib, pkgs, ... }: let cfg = config.services.caveman; hunterDefaultSettings = { redis = "redis://127.0.0.1:${toString cfg.redis.port}/"; hosts = [ "mastodon.social" "fosstodon.org" "chaos.social" "dresden.network" ]; max_workers = 16; }; hunterSettings = lib.recursiveUpdate hunterDefaultSettings cfg.hunter.settings; hunterConfigFile = builtins.toFile "hunter.yaml" ( builtins.toJSON hunterSettings ); in { options.services.caveman = with lib; { redis.port = mkOption { type = types.int; default = 6379; }; redis.maxmemory = mkOption { type = types.int; default = 1024 * 1024 * 1024; }; redis.maxmemory-samples = mkOption { type = types.int; default = 8; }; hunter.enable = mkEnableOption "caveman hunter"; hunter.settings = mkOption { type = types.anything; default = hunterDefaultSettings; }; hunter.logLevel = mkOption { type = types.enum [ "ERROR" "WARN" "INFO" "DEBUG" "TRACE" ]; default = "DEBUG"; }; }; config = { services.redis.servers.caveman = lib.mkIf cfg.hunter.enable { enable = true; port = cfg.redis.port; settings = { inherit (cfg.redis) maxmemory maxmemory-samples; maxmemory-policy = "allkeys-lru"; }; }; systemd.services.caveman-hunter = lib.mkIf cfg.hunter.enable { wantedBy = [ "multi-user.target" ]; requires = [ "redis-caveman.service" ]; after = [ "redis-caveman.service" "network-online.target" ]; environment.RUST_LOG = "caveman=${cfg.hunter.logLevel}"; serviceConfig = { ExecStart = "${pkgs.caveman-hunter}/bin/caveman-hunter ${hunterConfigFile}"; Type = "notify"; WatchdogSec = 60; Restart = "always"; RestartSec = 10; DynamicUser = true; User = "caveman-hunter"; ProtectSystem = "strict"; ProtectHome = true; ProtectHostname = true; ProtectKernelLogs = true; ProtectKernelModules = true; ProtectKernelTunables = true; RestrictNamespaces = true; RestrictRealtime = true; LockPersonality = true; MemoryDenyWriteExecute = true; LimitNOFile = 2 * hunterSettings.max_workers; }; }; }; }