nix-infra/config/hosts/public-web-static/spaceapid.nix

58 lines
1.7 KiB
Nix
Raw Permalink Normal View History

{ pkgs, ... }:
let
2024-08-04 21:03:29 +02:00
version = "v0.1.0";
spaceapidSrc = pkgs.fetchgit {
url = "https://git.hamburg.ccc.de/CCCHH/spaceapid.git";
2024-08-04 21:03:29 +02:00
rev = version;
hash = "sha256-2SDhliltzyydPPZdNn/htDydiK/SHQcYyG/dQ0EyFrY=";
};
spaceapid = pkgs.buildGoModule rec {
pname = "spaceapid";
2024-08-04 21:03:29 +02:00
inherit version;
src = spaceapidSrc;
ldflags = [
2024-08-04 21:03:29 +02:00
"-X main.version=${version}"
];
# Since spaceapid doesn't have any dependencies, we can set this to null and
# use the nonexistend vendored dependencies.
vendorHash = null;
};
spaceapidConfigResponse = pkgs.writeText "spaceapid-config-ccchh-response.json" (builtins.readFile spaceapid-config/ccchh-response.json);
spaceapidConfigDynamic = pkgs.writeText "spaceapid-config-ccchh-dynamic.json" (builtins.readFile spaceapid-config/ccchh-dynamic.json);
in
{
users.users.spaceapi = {
isSystemUser = true;
group = "spaceapi";
};
users.groups.spaceapi = { };
systemd.services.spaceapid = {
enable = true;
description = "Daemon hosting the SpaceAPI";
unitConfig = {
Wants = [ "network-online.target" ];
After = [ "network.target" "network-online.target" ];
};
serviceConfig = {
ExecStart = "${spaceapid}/bin/spaceapid -c ${spaceapidConfigResponse},${spaceapidConfigDynamic},/run/secrets/spaceapid_config_ccchh_credentials";
User = "spaceapi";
Group = "spaceapi";
Restart = "on-failure";
StateDirectory = "spaceapid";
};
wantedBy = [ "multi-user.target" ];
};
sops.secrets."spaceapid_config_ccchh_credentials" = {
mode = "0440";
owner = "spaceapi";
group = "spaceapi";
restartUnits = [ "spaceapid.service" ];
};
}