-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathmodule.nix
128 lines (109 loc) · 3.92 KB
/
module.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
{ self }: # needed to reference the package from the flake's output
{ config, lib, pkgs, ... }:
let
cfg = config.services.cliff;
in
{
options.services.cliff = {
enable = lib.mkEnableOption "cliff, which lets you trigger notifications to your iPhone";
package = lib.mkPackageOption self.packages.${pkgs.system} "cliff" {
pkgsText = "inputs.cliff-server.packages.\${pkgs.system}";
};
hostname = lib.mkOption {
type = lib.types.str;
default = "cliff";
description = "Hostname that cliff will use when connecting to your Tailnet";
};
apnsKeyPath = lib.mkOption {
type = with lib.types; nullOr path;
default = null;
example = "/var/lib/cliff/AuthKey.p8";
description = ''
The path to the APNs token signing key.
You must either provide a value for this option
or set the `CLIFF_APNS_KEY_PATH` environment variable
in the environment file.
'';
};
fcmKeyPath = lib.mkOption {
type = with lib.types; nullOr path;
default = null;
example = "/var/lib/cliff/firebase-adminsdk.json";
description = ''
The path to the FCM service account credentials
You must either provide a value for this option
or set the `GOOGLE_APPLICATION_CREDENTIALS` environment
variable in the environment file.
'';
};
development = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = ''
Whether to hit the APNs development endpoint instead of the production endpoint.
Builds installed directly via Xcode send APNs tokens that must hit the development
endpoint, while builds installed via TestFlight or the App Store send APNs tokens
that must hit the production endpoint.
'';
};
environmentFile = lib.mkOption {
type = lib.types.path;
default = "/etc/cliff.env";
example = "/var/lib/cliff.env";
description = ''
Additional environment file as defined in {manpage}`systemd.exec(5)`.
You must set the following environment variables in this file:
- {env}`CLIFF_APNS_KEY_ID`
- {env}`CLIFF_APNS_TEAM_ID`
- {env}`CLIFF_APP_BUNDLE_ID`
Also, if you do not set the `apnsKeyPath` option, you must set the
{env}`CLIFF_APNS_KEY_PATH` environment variable as well. The same is
true for the `fcmKeyPath` option and the {env}`GOOGLE_APPLICATION_CREDENTIALS`
environment variable.
'';
};
user = lib.mkOption {
type = lib.types.str;
default = "cliff";
description = "User account under which cliff runs";
};
group = lib.mkOption {
type = lib.types.str;
default = "cliff";
description = "Group account under which cliff runs";
};
verbose = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Whether to enable verbose logging";
};
};
config = lib.mkIf cfg.enable {
users = {
users."${cfg.user}" = {
group = cfg.group;
shell = pkgs.bashInteractive;
home = "/var/lib/cliff";
description = "user for cliff service";
isSystemUser = true;
};
groups."${cfg.group}" = {};
};
systemd.services.cliff = {
description = "cliff system service";
wantedBy = [ "multi-user.target" ];
environment.GOOGLE_APPLICATION_CREDENTIALS = lib.mkIf (cfg.fcmKeyPath != null) cfg.fcmKeyPath;
serviceConfig = {
User = cfg.user;
Group = cfg.group;
Type = "exec";
Restart = "always";
WorkingDirectory = "/var/lib/cliff";
StateDirectory = "cliff";
ExecStart = "${lib.getExe cfg.package} --hostname ${cfg.hostname} ${lib.optionalString (cfg.apnsKeyPath != null) "--apns-key ${cfg.apnsKeyPath}"} ${lib.optionalString cfg.development "--development"}";
EnvironmentFile = [ cfg.environmentFile ];
};
};
};
}