From 295271b546ebb598a27325d86793ed88c63bbde4 Mon Sep 17 00:00:00 2001 From: Ethel Morgan Date: Tue, 7 Jul 2020 23:02:10 +0100 Subject: add dispatch server & NixOS module --- nixos/modules/module-list.nix | 7 ++- nixos/modules/services/dispatch.nix | 108 ++++++++++++++++++++++++++++++++++++ 2 files changed, 112 insertions(+), 3 deletions(-) create mode 100644 nixos/modules/services/dispatch.nix (limited to 'nixos') diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 0a778ee..43de9f8 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -10,12 +10,10 @@ ./services/ambience.nix ./services/catbus-lgtv.nix ./services/catbus-lifx.nix - ./sites/cgit.nix - ./sites/go.nix - ./sites/recipes.nix ./services/catbus-networkpresence.nix ./services/catbus-snapcast.nix ./services/catbus-wakeonlan.nix + ./services/dispatch.nix ./services/dlnatoad.nix ./services/helix-directory-jackalope.nix ./services/helix-directory.nix @@ -24,5 +22,8 @@ ./services/snapclient.nix ./services/ssh.nix ./services/upmpdcli.nix + ./sites/cgit.nix + ./sites/go.nix + ./sites/recipes.nix ./users/eth.nix ] diff --git a/nixos/modules/services/dispatch.nix b/nixos/modules/services/dispatch.nix new file mode 100644 index 0000000..c5f8005 --- /dev/null +++ b/nixos/modules/services/dispatch.nix @@ -0,0 +1,108 @@ +{ config, lib, pkgs, ... }: +with lib; + +let + + cfg = config.eth.services.dispatch; + + systemdDirectoryName = "dispatch"; + runtimeDirectory = "/run/${systemdDirectoryName}"; + socket = "${runtimeDirectory}/listen.sock"; + + configJSON = pkgs.writeText "config.json" (builtins.toJSON { + rules = cfg.rules; + }); + +in { + + options.eth.services.dispatch = { + enable = mkEnableOption "Whether to enable dispatch"; + + socket = mkOption { + type = types.path; + readOnly = true; + description = "Path of the UNIX socket to listen on."; + default = socket; + }; + + rules = mkOption { + type = types.attrsOf (types.submodule { + options = { + triggers = mkOption { + type = types.listOf (types.submodule { + options = { + url = mkOption { + type = types.str; + example = "/gitolite-repo-updated"; + }; + formValues = mkOption { + type = types.attrsOf types.str; + example = { + repo = "catbus-web-ui"; + }; + default = {}; + }; + }; + }); + default = []; + }; + actions = mkOption { + type = types.listOf (types.submodule { + options = { + url = mkOption { + type = types.str; + example = "https://build.eth.moe/deploy"; + }; + formValues = mkOption { + type = types.attrsOf types.str; + example = { + project = "catbus-web-ui"; + }; + default = {}; + }; + }; + }); + default = []; + }; + }; + }); + example = { + "update Catbus UI" = { + triggers = [ + { url = "/gitolite-repo-updated"; formValues = { repo = "catbus-web-ui"; }; } + ]; + output = [ + { url = "https://build.eth.moe/deploy"; formValues = { project = "catbus-web-ui"; }; } + ]; + }; + }; + default = {}; + }; + }; + + + config = mkIf cfg.enable { + systemd.services.dispatch = { + enable = true; + description = "Webhook & MQTT dispatch server"; + wants = [ "network.target" ]; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + DynamicUser = true; + Group = config.services.nginx.group; + + RuntimeDirectory = systemdDirectoryName; + + ExecStart = "${pkgs.eth.dispatch}/bin/dispatch -config-path ${configJSON} -listen ${socket}"; + + NoNewPrivileges = true; + ProtectHome = true; + ProtectKernelTunables = true; + ProtectControlGroups = true; + ProtectKernelModules = true; + }; + }; + }; + +} -- cgit v1.2.3