59 lines
1.2 KiB
Nix
59 lines
1.2 KiB
Nix
{
|
|
pkgs,
|
|
config,
|
|
...
|
|
}: let
|
|
containerStateDir = "/data";
|
|
hostStateDir = "/opt/tangd";
|
|
servicePort = 8081;
|
|
in {
|
|
networking.firewall.allowedTCPPorts = [servicePort];
|
|
|
|
containers."tang" = {
|
|
autoStart = true;
|
|
ephemeral = true;
|
|
bindMounts."${containerStateDir}" = {
|
|
hostPath = hostStateDir;
|
|
isReadOnly = false;
|
|
};
|
|
|
|
config = {
|
|
config,
|
|
pkgs,
|
|
...
|
|
}: {
|
|
networking.firewall.enable = false;
|
|
|
|
users.groups."_tang" = {};
|
|
|
|
users.users."_tang" = {
|
|
group = "_tang";
|
|
isSystemUser = true;
|
|
};
|
|
|
|
environment.systemPackages = with pkgs; [jose tang];
|
|
|
|
systemd.services."tangd@" = {
|
|
enable = true;
|
|
serviceConfig = {
|
|
ExecStartPre = "${pkgs.bash}/bin/bash -c \"mkdir -p ${containerStateDir}/tang-db\"";
|
|
ExecStart = "${pkgs.tang}/libexec/tangd ${containerStateDir}/tang-db";
|
|
User = "_tang";
|
|
Group = "_tang";
|
|
};
|
|
};
|
|
|
|
systemd.sockets."tangd" = {
|
|
enable = true;
|
|
listenStreams = ["${toString servicePort}"];
|
|
wantedBy = ["sockets.target"];
|
|
socketConfig = {
|
|
Accept = true;
|
|
};
|
|
};
|
|
|
|
system.stateVersion = "22.11";
|
|
};
|
|
};
|
|
}
|