diff options
author | Igor Pashev <pashev.igor@gmail.com> | 2016-09-23 12:41:01 +0300 |
---|---|---|
committer | Igor Pashev <pashev.igor@gmail.com> | 2016-09-23 12:41:49 +0300 |
commit | af337a12e6f084556400fa93c71304ad63f1efa6 (patch) | |
tree | ad5125cbfb2e812f4a507b182b875526b2a2d0e9 /apps/sproxy-web.nix | |
download | nixsap-af337a12e6f084556400fa93c71304ad63f1efa6.tar.gz |
Initial commit
Diffstat (limited to 'apps/sproxy-web.nix')
-rw-r--r-- | apps/sproxy-web.nix | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/apps/sproxy-web.nix b/apps/sproxy-web.nix new file mode 100644 index 0000000..351e82d --- /dev/null +++ b/apps/sproxy-web.nix @@ -0,0 +1,71 @@ +{ config, pkgs, lib, ... }: + +let + + inherit (builtins) toString ; + inherit (lib) + concatStrings filter hasPrefix mkEnableOption mkIf mkOption + optionalString types ; + inherit (types) + int nullOr path str ; + + cfg = config.nixsap.apps.sproxy-web; + + ExecStart = concatStrings [ + "${pkgs.sproxy-web}/bin/sproxy-web" + (optionalString (cfg.connectionString != null) " -c '${cfg.connectionString}'") + (if (cfg.port != null) + then " -p ${toString cfg.port}" + else " -s '${cfg.socket}'") + ]; + + keys = filter (f: f != null && hasPrefix "/run/keys/" f) [ cfg.pgPassFile ]; + +in { + options.nixsap.apps.sproxy-web = { + enable = mkEnableOption "Sproxy Web"; + user = mkOption { + description = "User to run as"; + default = "sproxy-web"; + type = str; + }; + connectionString = mkOption { + description = "PostgreSQL connection string"; + type = str; + example = "user=sproxy-web dbname=sproxy port=6001"; + }; + pgPassFile = mkOption { + description = "postgreSQL password file (secret)"; + default = null; + type = nullOr path; + }; + socket = mkOption { + description = "UNIX socket to listen on. Ignored when TCP port is set"; + default = "/tmp/sproxy-web.sock"; + type = path; + }; + port = mkOption { + description = "TCP port to listen on (insecure)"; + type = nullOr int; + default = null; + }; + }; + + config = mkIf cfg.enable { + nixsap.system.users.daemons = [ cfg.user ]; + nixsap.deployment.keyrings.${cfg.user} = keys; + systemd.services.sproxy-web = { + description = "Web interface to Sproxy database"; + wantedBy = [ "multi-user.target" ]; + wants = [ "keys.target" ]; + after = [ "keys.target" "network.target" "local-fs.target" ]; + serviceConfig = { + inherit ExecStart; + Restart = "on-failure"; + User = cfg.user; + }; + environment.PGPASSFILE = cfg.pgPassFile; + }; + }; +} + |