48 lines
1.1 KiB
Nix
48 lines
1.1 KiB
Nix
{ pkgs, config, ... }:
|
|
|
|
let
|
|
serviceAddress = "10.10.41.11";
|
|
containerStateDir = "/data";
|
|
hostStateDir = "/srv/container/lrad";
|
|
in
|
|
{
|
|
containers."lrad" = {
|
|
privateNetwork = true;
|
|
hostAddress = "10.10.41.1";
|
|
localAddress = serviceAddress;
|
|
|
|
bindMounts."${containerStateDir}" = {
|
|
hostPath = hostStateDir;
|
|
isReadOnly = false;
|
|
};
|
|
|
|
config = { config, pkgs, ... }: {
|
|
networking.firewall.allowedTCPPorts = [ 63080 ];
|
|
|
|
#users.users."tang".isSystemUser = true;
|
|
|
|
systemd.services."tangd" = {
|
|
enable = true;
|
|
# TODO: require data/tangd to exist
|
|
serviceConfig = {
|
|
ExecStart = "${pkgs.tang}/bin/tangd ${containerStateDir}/data/tangd";
|
|
StandardInput = "socket";
|
|
StandardOutput = "socket";
|
|
StandardError = "journal";
|
|
User = "tang";
|
|
};
|
|
};
|
|
|
|
systemd.sockets."tangd" = {
|
|
enable = true;
|
|
listenStreams = [ "63080" ];
|
|
wantedBy = [ "sockets.target" ];
|
|
socketConfig = {
|
|
Accept = true;
|
|
};
|
|
};
|
|
};
|
|
|
|
};
|
|
}
|