nixify
This commit is contained in:
parent
32fafa7c20
commit
2668c878b0
|
@ -0,0 +1,101 @@
|
|||
{
|
||||
"nodes": {
|
||||
"fenix": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"rust-analyzer-src": "rust-analyzer-src"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1663570974,
|
||||
"narHash": "sha256-ncUdRdY70VdJIX6Mi+820xeD7FutADd3NbQR0BKkFYA=",
|
||||
"owner": "nix-community",
|
||||
"repo": "fenix",
|
||||
"rev": "02093d3aca186135da78b76ac28ec58031391076",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "fenix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"naersk": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1662220400,
|
||||
"narHash": "sha256-9o2OGQqu4xyLZP9K6kNe1pTHnyPz0Wr3raGYnr9AIgY=",
|
||||
"owner": "nmattia",
|
||||
"repo": "naersk",
|
||||
"rev": "6944160c19cb591eb85bbf9b2f2768a935623ed3",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nmattia",
|
||||
"repo": "naersk",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1663578619,
|
||||
"narHash": "sha256-kNgJXZIr4pi2NbDUfjj4APa+LlCmRUM4Ly2Xf70PVaw=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "a13d59408da1108fc6c9ffe4750ab7a33c581d24",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"id": "nixpkgs",
|
||||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"fenix": "fenix",
|
||||
"naersk": "naersk",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"utils": "utils"
|
||||
}
|
||||
},
|
||||
"rust-analyzer-src": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1662896065,
|
||||
"narHash": "sha256-1LkSsXzI1JTAmP/GMTz4fTJd8y/tw8R79l96q+h7mu8=",
|
||||
"owner": "rust-lang",
|
||||
"repo": "rust-analyzer",
|
||||
"rev": "2e9f1204ca01c3e20898d4a67c8b84899d394a88",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "rust-lang",
|
||||
"ref": "nightly",
|
||||
"repo": "rust-analyzer",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"utils": {
|
||||
"locked": {
|
||||
"lastModified": 1659877975,
|
||||
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
}
|
||||
},
|
||||
"root": "root",
|
||||
"version": 7
|
||||
}
|
|
@ -0,0 +1,37 @@
|
|||
{
|
||||
inputs = {
|
||||
utils.url = "github:numtide/flake-utils";
|
||||
naersk.url = "github:nmattia/naersk";
|
||||
naersk.inputs.nixpkgs.follows = "nixpkgs";
|
||||
fenix.url = "github:nix-community/fenix";
|
||||
fenix.inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, utils, fenix, naersk }: {
|
||||
nixosModule = self.nixosModules.sshlogd;
|
||||
nixosModules.sshlogd = import ./nixos-module.nix { inherit self; };
|
||||
} //
|
||||
utils.lib.eachSystem (with utils.lib.system; [ x86_64-linux aarch64-linux ]) (system: let
|
||||
pkgs = nixpkgs.legacyPackages."${system}";
|
||||
|
||||
rust = fenix.packages.${system}.stable.withComponents [
|
||||
"cargo"
|
||||
"rustc"
|
||||
"rust-src" # just for rust-analyzer
|
||||
"clippy"
|
||||
];
|
||||
|
||||
# Override the version used in naersk
|
||||
naersk-lib = naersk.lib."${system}".override {
|
||||
cargo = rust;
|
||||
rustc = rust;
|
||||
};
|
||||
|
||||
in {
|
||||
defaultPackage = self.packages.sshlogd;
|
||||
|
||||
packages.sshlogd = naersk-lib.buildPackage {
|
||||
src = ./.;
|
||||
};
|
||||
});
|
||||
}
|
|
@ -0,0 +1,64 @@
|
|||
{ self }:
|
||||
{ config, lib, pkgs, ... }: {
|
||||
options.services.sshlogd = with lib; {
|
||||
enable = mkEnableOption "sshlogd";
|
||||
listenAddr = mkOption {
|
||||
type = types.str;
|
||||
default = "0.0.0.0";
|
||||
};
|
||||
listenPort = mkOption {
|
||||
type = types.int;
|
||||
default = 22;
|
||||
};
|
||||
outputDir = mkOption {
|
||||
type = types.path;
|
||||
default = "/var/lib/sshlogd";
|
||||
};
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = "sshlogd";
|
||||
};
|
||||
group = mkOption {
|
||||
type = types.str;
|
||||
default = "sshlogd";
|
||||
};
|
||||
};
|
||||
|
||||
config =
|
||||
let
|
||||
cfg = config.services.sshlogd;
|
||||
in
|
||||
lib.mkIf cfg.enable {
|
||||
users = {
|
||||
users.${cfg.user} = {
|
||||
isSystemUser = true;
|
||||
home = "/home/sshlogd";
|
||||
createHome = true;
|
||||
group = cfg.group;
|
||||
};
|
||||
groups.${cfg.group} = {};
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d ${cfg.outputDir} 0755 ${cfg.user} ${cfg.group} -"
|
||||
];
|
||||
|
||||
systemd.services.sshlogd = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
ExecStart = "${self.packages.${pkgs.system}.sshlogd}/bin/sshlogd ${toString cfg.listenPort}";
|
||||
WorkingDirectory = cfg.outputDir;
|
||||
ReadWritePaths = cfg.outputDir;
|
||||
ProtectSystem = "full";
|
||||
Restart = "always";
|
||||
RestartSec = "60s";
|
||||
# Allow binding ports <1024
|
||||
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in New Issue