diff options
| author | seth <[email protected]> | 2023-05-21 18:11:53 -0400 |
|---|---|---|
| committer | seth <[email protected]> | 2023-05-21 18:11:53 -0400 |
| commit | d1878f3e55371affe603459c540954c631d6462f (patch) | |
| tree | cd7fbdef347569aa7ed57237d96539b1500dd774 /parts/deployment.nix | |
| parent | 913f1bf789e4ad9d7bae13e13d318620cea6761b (diff) | |
feat: start using flake-parts + add nixos module
Diffstat (limited to 'parts/deployment.nix')
| -rw-r--r-- | parts/deployment.nix | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/parts/deployment.nix b/parts/deployment.nix new file mode 100644 index 0000000..f0ab7d1 --- /dev/null +++ b/parts/deployment.nix @@ -0,0 +1,82 @@ +{self, ...}: let + bin = teawiebot-smol: "${teawiebot-smol}/bin/teawiebot"; + service = pkgs: cmd: + pkgs.writeTextFile { + name = "teawiebot.service"; + text = '' + [Unit] + Description=teawiebot service + + [Service] + Environment="TOKEN=" + ExecStart="${cmd}" + DynamicUser=yes + ProtectSystem=strict + ProtectHome=yes + ProtectKernelTunables=yes + ProtectKernelModules=yes + ProtectControlGroups=yes + SystemCallFilter=@system-service + SystemCallErrorNumber=EPERM + NoNewPrivileges=yes + PrivateTmp=yes + + [Install] + WantedBy=multi-user.target + ''; + }; +in { + perSystem = { + pkgs, + system, + ... + }: let + inherit (pkgs) cacert dockerTools portableService; + inherit (self.packages.${system}) teawiebot teawiebot-smol; + cmd = bin teawiebot-smol; + in { + packages = { + container = dockerTools.buildLayeredImage { + name = "teawiebot"; + tag = "latest"; + contents = [dockerTools.caCertificates]; + config.Cmd = ["${cmd}"]; + }; + + service = portableService { + inherit (teawiebot) pname; + inherit (teawiebot-smol) version; + description = "portable service for teawiebot!"; + units = [(service pkgs cmd)]; + symlinks = [ + { + object = "${cacert}/etc/ssl"; + symlink = "/etc/ssl"; + } + ]; + }; + }; + }; + + flake = { + nixosModules = { + default = { + config, + lib, + pkgs, + ... + }: let + cfg = config.services.teawiebot; + inherit (lib) mkEnableOption mkIf; + in { + options.services.teawiebot.enable = mkEnableOption "enable teawiebot"; + + config.systemd.services = mkIf cfg.enable { + teawiebot = { + text = service pkgs (bin pkgs.teawiebot-smol); + }; + }; + }; + }; + }; +} |