Added nix module for zia-server

MarcelCoding · Dec 9, 2023 · c500995 · c500995
1 parent 8f9156b
commit c500995
Show file tree

Hide file tree

Showing 4 changed files with 135 additions and 34 deletions.
diff --git a/derivation.nix b/derivation.nix
@@ -0,0 +1,12 @@
+{ pkgs, fenix, system, cargoToml, ... }:
+let
+  manifest = (pkgs.lib.importTOML cargoToml).package;
+in
+pkgs.rustPlatform.buildRustPackage {
+  pname = manifest.name;
+  version = manifest.version;
+  cargoLock.lockFile = ./Cargo.lock;
+  src = pkgs.lib.cleanSource ./.;
+  cargoBuildFlags = "-p ${manifest.name}";
+  nativeBuildInputs = [ fenix.packages.${system}.stable.toolchain ];
+}
diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -10,32 +10,33 @@
   };
 
   outputs = { self, nixpkgs, flake-utils, fenix }:
-    flake-utils.lib.eachDefaultSystem (system:
-      let
-        pkgs = (import nixpkgs) {
-          inherit system;
-        };
-      in
-      rec {
-        packages = {
-          zia-client = let manifest = (pkgs.lib.importTOML ./zia-client/Cargo.toml).package; in pkgs.rustPlatform.buildRustPackage {
-            pname = manifest.name;
-            version = manifest.version;
-            cargoLock.lockFile = ./Cargo.lock;
-            src = pkgs.lib.cleanSource ./.;
-            cargoBuildFlags = "-p ${manifest.name}";
-            nativeBuildInputs = [ fenix.packages.${system}.stable.toolchain ];
+    flake-utils.lib.eachDefaultSystem
+      (system:
+        let
+          pkgs = (import nixpkgs) {
+            inherit system;
           };
+        in
+        {
+          packages = {
+            zia-client = pkgs.callPackage ./derivation.nix {
+              inherit fenix;
+              cargoToml = ./zia-client/Cargo.toml;
+            };
 
-          zia-server = let manifest = (pkgs.lib.importTOML ./zia-server/Cargo.toml).package; in pkgs.rustPlatform.buildRustPackage {
-            pname = manifest.name;
-            version = manifest.version;
-            cargoLock.lockFile = ./Cargo.lock;
-            src = pkgs.lib.cleanSource ./.;
-            cargoBuildFlags = "-p ${manifest.name}";
-            nativeBuildInputs = [ fenix.packages.${system}.stable.toolchain ];
+            zia-server = pkgs.callPackage ./derivation.nix {
+              inherit fenix;
+              cargoToml = ./zia-server/Cargo.toml;
+            };
           };
-        };
-      }
-    );
+        }
+      ) // {
+      overlays.default = final: prev: {
+        inherit (self.packages.${final.system}) zia-server zia-client;
+      };
+
+      nixosModules = {
+        zia-server = import ./nixos-modules/zia-server.nix;
+      };
+    };
 }
diff --git a/nixos-modules/zia-server.nix b/nixos-modules/zia-server.nix
@@ -0,0 +1,88 @@
+{ config, pkgs, lib, ... }:
+
+let
+  cfg = config.services.zia-server;
+  ziaServerName = name: "zia-server" + "-" + name;
+  enabledServers = lib.filterAttrs (name: conf: conf.enable) config.services.zia-server.servers;
+in
+{
+  options = {
+    services.zia-server = {
+      package = lib.mkOption {
+        type = lib.types.package;
+        default = pkgs.zia-server;
+        defaultText = lib.literalExpression "pkgs.zia-server";
+        description = lib.mdDoc "Which Zia Server derivation to use.";
+      };
+
+      servers = lib.mkOption {
+        type = lib.types.attrsOf (lib.types.submodule ({ config, name, ... }: {
+          options = {
+            enable = lib.mkEnableOption (lib.mdDoc "Zia Server.");
+            listen-addr = lib.mkOption {
+              type = lib.types.str;
+              description = lib.mkDoc "The socket address zia should be listening on.";
+              default = null;
+            };
+            upstream = lib.mkOption {
+              type = lib.types.str;
+              description = lib.mkDoc "The socket address of the udp upstream zia should redirect all traffic to.";
+              default = null;
+            };
+            mode = lib.mkOption {
+              type = lib.types.enum [ "ws" ];
+              description = lib.mkDoc "The mode zia sould be listening with.";
+              default = "ws";
+            };
+            user = lib.mkOption {
+              type = lib.types.str;
+              default = lib.ziaServerName name;
+              defaultText = lib.literalExpression ''
+                "zia-server-''${name}"
+              '';
+              description = lib.mdDoc "The username and groupname for zia-server.";
+            };
+            openFirewall = lib.mkOption {
+              type = lib.types.bool;
+              default = false;
+              description = lib.mdDoc "Whether to open ports in the firewall for the server.";
+            };
+          };
+        }));
+      };
+    };
+  };
+
+  config = lib.mkIf (enabledServers != { }) {
+    environment.systemPackages = [ cfg.package ];
+
+    users.users = lib.mapAttrs'
+      (name: conf: lib.nameValuePair (ziaServerName name) {
+        description = "System user for the zia-server instance ${name}";
+        isSystemUser = true;
+        group = ziaServerName name;
+      })
+      enabledServers;
+
+    users.groups = lib.mapAttrs'
+      (name: conf: lib.nameValuePair (ziaServerName name) { })
+      enabledServers;
+
+    systemd.services = lib.mapAttrs'
+      (name: conf: lib.nameValuePair (ziaServerName name) {
+        description = "Zia Server - ${ziaServerName name}";
+
+        wantedBy = [ "multi-user.target" ];
+        after = [ "network.target" ];
+
+        serviceConfig = {
+          ExecStart = "${cfg.package}/bin/zia-server";
+          Type = "notify";
+          # User and group
+          User = conf.user;
+          Group = conf.user;
+        };
+      })
+      enabledServers;
+  };
+}