jalil/webnsupdate
1
0
Fork 0
Code Issues 1 Pull requests Activity Actions

[fix] module.nix: various issues

Browse source
This commit is contained in:
Jalil David Salamé Messina 2024-05-08 21:37:19 +02:00
parent 43d62fa7d6
commit 2c7f9fc632
Signed by: jalil
GPG key ID: F016B9E770737A0B
2 changed files with 23 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
default.nix
View file

@ -20,5 +20,6 @@ in
inherit description; inherit description;
license = lib.licenses.mit; license = lib.licenses.mit;
homepage = "https://github.com/jalil-salame/webnsupdate"; homepage = "https://github.com/jalil-salame/webnsupdate";
mainProgram = "webnsupdate";
}; };
} }

44
module.nix
View file

@ -99,27 +99,25 @@ in {
if cfg.recordsFile != null if cfg.recordsFile != null
then cfg.recordsFile then cfg.recordsFile
else pkgs.writeText "webnsrecords" cfg.records; else pkgs.writeText "webnsrecords" cfg.records;
cmd = lib.concatStringsSep " " ([lib.getExe pkgs.websnupdate] args = lib.strings.escapeShellArgs [
++ lib.strings.escapeShellArgs [ "--records"
"--records" recordsFile
recordsFile "--key-file"
"--key-file" cfg.keyFile
cfg.keyFile "--password-file"
"--password-file" cfg.passwordFile
cfg.passwordFile "--address"
"--address" cfg.bindIp
cfg.bindIp "--port"
"--port" (builtins.toString cfg.bindPort)
(builtins.toString cfg.bindPort) "--ttl"
"--ttl" (builtins.toString cfg.ttl)
(builtins.toString cfg.ttl) ];
]); cmd = "${lib.getExe pkgs.webnsupdate} ${args}";
in in
lib.mkIf cfg.enable { lib.mkIf cfg.enable {
warnings = [ # warnings =
(lib.optional (!config.services.bind.enable) # lib.optional (!config.services.bind.enable) "`webnsupdate` is expected to be used alongside `bind`. This is an unsopported configuration.";
"`webnsupdate` is expected to be used alongside `bind`. This is an unsopported configuration.")
];
assertions = [ assertions = [
{ {
assertion = (cfg.records != null || cfg.recordsFile != null) && !(cfg.records != null && cfg.recordsFile != null); assertion = (cfg.records != null || cfg.recordsFile != null) && !(cfg.records != null && cfg.recordsFile != null);
@ -134,14 +132,15 @@ in {
preStart = "${cmd} verify"; preStart = "${cmd} verify";
startLimitIntervalSec = 60; startLimitIntervalSec = 60;
serviceConfig = { serviceConfig = {
ExecStart = cmd; ExecStart = [cmd];
Restart = "always"; Type = "exec";
Restart = "on-failure";
RestartSec = "10s"; RestartSec = "10s";
# User and group # User and group
User = cfg.user; User = cfg.user;
Group = cfg.group; Group = cfg.group;
# Runtime directory and mode # Runtime directory and mode
RuntimeDirectory = "websnupdate"; RuntimeDirectory = "webnsupdate";
RuntimeDirectoryMode = "0750"; RuntimeDirectoryMode = "0750";
# Cache directory and mode # Cache directory and mode
CacheDirectory = "webnsupdate"; CacheDirectory = "webnsupdate";
@ -153,6 +152,7 @@ in {
UMask = "0027"; UMask = "0027";
# Security # Security
NoNewPrivileges = true; NoNewPrivileges = true;
ProtectHome = true;
}; };
}; };
}; };