BoomMicrophone/nixpkgs-suyu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

nixos/syncplay: add saltFile and extraArgs option (#220096)

Browse source 
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
This commit is contained in:
Katze 2023-05-12 16:01:33 +00:00 committed by GitHub
parent 1c80c494ca
commit dfb8a2a7c4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 39 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

44
nixos/modules/services/networking/syncplay.nix
View file

@ -8,7 +8,8 @@ let
cmdArgs = cmdArgs =
[ "--port" cfg.port ] [ "--port" cfg.port ]
++ optionals (cfg.salt != null) [ "--salt" cfg.salt ] ++ optionals (cfg.salt != null) [ "--salt" cfg.salt ]
++ optionals (cfg.certDir != null) [ "--tls" cfg.certDir ]; ++ optionals (cfg.certDir != null) [ "--tls" cfg.certDir ]
++ cfg.extraArgs;
in in
{ {
@ -33,7 +34,22 @@ in
default = null; default = null;
description = lib.mdDoc '' description = lib.mdDoc ''
Salt to allow room operator passwords generated by this server Salt to allow room operator passwords generated by this server
instance to still work when the server is restarted. instance to still work when the server is restarted. The salt will be
readable in the nix store and the processlist. If this is not
intended use `saltFile` instead. Mutually exclusive with
<option>services.syncplay.saltFile</option>.
'';
};
saltFile = mkOption {
type = types.nullOr types.path;
default = null;
description = lib.mdDoc ''
Path to the file that contains the server salt. This allows room
operator passwords generated by this server instance to still work
when the server is restarted. `null`, the server doesn't load the
salt from a file. Mutually exclusive with
<option>services.syncplay.salt</option>.
''; '';
}; };
@ -46,6 +62,14 @@ in
''; '';
}; };
extraArgs = mkOption {
type = types.listOf types.str;
default = [ ];
description = lib.mdDoc ''
Additional arguments to be passed to the service.
'';
};
user = mkOption { user = mkOption {
type = types.str; type = types.str;
default = "nobody"; default = "nobody";
@ -74,21 +98,31 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
assertions = [
{
assertion = cfg.salt == null || cfg.saltFile == null;
message = "services.syncplay.salt and services.syncplay.saltFile are mutually exclusive.";
}
];
systemd.services.syncplay = { systemd.services.syncplay = {
description = "Syncplay Service"; description = "Syncplay Service";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ]; after = [ "network-online.target" ];
serviceConfig = { serviceConfig = {
User = cfg.user; User = cfg.user;
Group = cfg.group; Group = cfg.group;
LoadCredential = lib.mkIf (cfg.passwordFile != null) "password:${cfg.passwordFile}"; LoadCredential = lib.optional (cfg.passwordFile != null) "password:${cfg.passwordFile}"
++ lib.optional (cfg.saltFile != null) "salt:${cfg.saltFile}";
}; };
script = '' script = ''
${lib.optionalString (cfg.passwordFile != null) '' ${lib.optionalString (cfg.passwordFile != null) ''
export SYNCPLAY_PASSWORD=$(cat "''${CREDENTIALS_DIRECTORY}/password") export SYNCPLAY_PASSWORD=$(cat "''${CREDENTIALS_DIRECTORY}/password")
''} ''}
${lib.optionalString (cfg.saltFile != null) ''
export SYNCPLAY_SALT=$(cat "''${CREDENTIALS_DIRECTORY}/salt")
''}
exec ${pkgs.syncplay-nogui}/bin/syncplay-server ${escapeShellArgs cmdArgs} exec ${pkgs.syncplay-nogui}/bin/syncplay-server ${escapeShellArgs cmdArgs}
''; '';
}; };