Skip to content

Commit 29421a0

Browse files
Samasaur1Samasaur1
committed
initial nixos module attempt
1 parent b47644d commit 29421a0

File tree

3 files changed

+74
-1
lines changed

3 files changed

+74
-1
lines changed

default.nix

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,9 @@
66
, zlib
77
, stdenv
88
, darwin
9+
, pandoc
10+
, texlive
11+
, makeWrapper
912
}:
1013

1114
rustPlatform.buildRustPackage rec {
@@ -24,11 +27,20 @@ rustPlatform.buildRustPackage rec {
2427
libgit2
2528
openssl
2629
zlib
30+
makeWrapper
2731
] ++ lib.optionals stdenv.isDarwin [
2832
darwin.apple_sdk.frameworks.IOKit
2933
darwin.apple_sdk.frameworks.Security
3034
];
3135

36+
postFixup = ''
37+
wrapProgram $out/bin/remote-text-server \
38+
--set PATH ${lib.makeBinPath [
39+
pandoc
40+
texlive
41+
]}
42+
'';
43+
3244
env = {
3345
OPENSSL_NO_VENDOR = true;
3446
VERGEN_IDEMPOTENT = true;

flake.nix

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@
1313
(system: gen nixpkgs.legacyPackages.${system});
1414
in {
1515
packages = forAllSystems (pkgs: rec {
16-
remote-text-server = pkgs.callPackage ./. { };
16+
remote-text-server = pkgs.callPackage ./. { texlive = pkgs.texliveFull; };
1717
default = remote-text-server;
1818
dockerImage = pkgs.dockerTools.buildImage {
1919
name = "remote-text-server";
@@ -23,5 +23,9 @@
2323
};
2424
};
2525
});
26+
nixosModules = rec {
27+
remote-text-server = import ./module.nix;
28+
default = remote-text-server;
29+
};
2630
};
2731
}

module.nix

Lines changed: 57 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,57 @@
1+
{ config, pkgs, lib, ... }:
2+
3+
with lib;
4+
5+
let
6+
cfg = config.services.remote-text-server;
7+
in
8+
{
9+
options.services.remote-text-server = {
10+
enable = mkEnableOption "remote-text-server";
11+
package = mkOption {
12+
default = pkgs.callPackage ./. { texlive = pkgs.texliveFull; };
13+
defaultText = "remote-text-server";
14+
description = "The remote-text-server package to use";
15+
type = types.package;
16+
};
17+
port = mkOption {
18+
type = types.port;
19+
default = 7870;
20+
example = 46264;
21+
description = "The port to listen on. Currently ignored and always uses 3030";
22+
};
23+
};
24+
25+
config = mkIf cfg.enable {
26+
systemd.services.remote-text-server = {
27+
description = "RemoteText Server";
28+
29+
script = ''
30+
cd $STATE_DIRECTORY
31+
${cfg.package}/bin/remote-text-server --port ${toString cfg.port}
32+
'';
33+
34+
serviceConfig = {
35+
DynamicUser = true;
36+
# EnvironmentFile = "/etc/jekyll-comments-env";
37+
StateDirectory = "remote-text-server";
38+
39+
PrivateDevices = true;
40+
PrivateMounts = true;
41+
PrivateUsers = true;
42+
ProtectControlGroups = true;
43+
ProtectHome = true;
44+
ProtectHostname = true;
45+
ProtectKernelLogs = true;
46+
ProtectKernelModules = true;
47+
ProtectKernelTunables = true;
48+
};
49+
50+
wantedBy = [ "multi-user.target" ];
51+
after = [ "network-online.target" ];
52+
wants = [ "network-online.target" ];
53+
};
54+
# unnecessary bc tailscale is open. also should be set by the end user
55+
# networking.firewall.interfaces."tailscale0".allowedTCPPorts = [ cfg.port ];
56+
};
57+
}

0 commit comments

Comments
 (0)