Skip to content

Commit

Permalink
flake.nix: propagate tailscale version number when deploying with nix
Browse files Browse the repository at this point in the history
  • Loading branch information
@stepbrobd
stepbrobd committed Dec 30, 2024
1 parent d55b2a3 commit 3d530fd
Show file tree
Hide file tree
Showing 2 changed files with 162 additions and 165 deletions.
59 changes: 36 additions & 23 deletions flake.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

268 changes: 126 additions & 142 deletions flake.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,159 +3,143 @@

inputs = {
nixpkgs.url = "nixpkgs/nixpkgs-unstable";
flake-utils.url = "github:numtide/flake-utils";
parts.url = "github:hercules-ci/flake-parts";
systems.url = "github:nix-systems/default";
};

outputs =
{ self
, nixpkgs
, flake-utils
, ...
}:
let
golinkVersion =
if (self ? shortRev)
then self.shortRev
else "dev";
in
{
overlay = final: prev:
let
pkgs = nixpkgs.legacyPackages.${prev.system};
in
rec {
golink = pkgs.buildGo123Module rec {
pname = "golink";
version = golinkVersion;
src = pkgs.nix-gitignore.gitignoreSource [ ] ./.;

vendorHash = "sha256-myGEAOCJkeKGTzyLD6yBC10yHULxcbOnzseGVtYD7qM="; # SHA based on vendoring go.mod
};
outputs = inputs @ { self, parts, ... }: parts.lib.mkFlake { inherit inputs; } {
systems = import inputs.systems;

perSystem = { pkgs, ... }: {
formatter = pkgs.nixpkgs-fmt;

devShells.default = pkgs.mkShell { buildInputs = [ pkgs.go_1_23 ]; };

packages.default =
pkgs.buildGo123Module {
pname = "golink";
version =
if (self ? shortRev)
then self.shortRev
else "dev";
src = pkgs.nix-gitignore.gitignoreSource [ ] ./.;
ldflags =
let
tsVersion = with builtins; head (match
".*tailscale.com v([0-9]+\.[0-9]+\.[0-9]+-[a-zA-Z]+).*"
(readFile ./go.mod));
in
[
"-w"
"-s"
"-X tailscale.com/version.longStamp=${tsVersion}"
"-X tailscale.com/version.shortStamp=${tsVersion}"
];
vendorHash = "sha256-myGEAOCJkeKGTzyLD6yBC10yHULxcbOnzseGVtYD7qM="; # SHA based on vendoring go.mod
};
}
// flake-utils.lib.eachDefaultSystem
(system:
};

flake.overlays.default = final: prev: {
golink = self.packages.${prev.system}.default;
};

flake.nixosModules.default = { config, lib, pkgs, ... }:
let
pkgs = import nixpkgs {
overlays = [ self.overlay ];
inherit system;
};
cfg = config.services.golink;
inherit (lib)
concatStringsSep
escapeShellArg
mkEnableOption
mkIf
mkOption
optionalString
optionals
types
;
in
rec {
# `nix develop`
devShell = pkgs.mkShell { buildInputs = [ pkgs.go_1_21 ]; };
{
options.services.golink = {
enable = mkEnableOption "Enable golink";

package = mkOption {
type = types.package;
description = ''
golink package to use
'';
default = pkgs.golink;
};

# `nix build`
packages = with pkgs; {
inherit golink;
};
dataDir = mkOption {
type = types.path;
default = "/var/lib/golink";
description = "Path to data dir";
};

defaultPackage = pkgs.golink;
user = mkOption {
type = types.str;
default = "golink";
description = "User account under which golink runs.";
};

group = mkOption {
type = types.str;
default = "golink";
description = "Group account under which golink runs.";
};

# `nix run`
apps.golink = flake-utils.lib.mkApp {
drv = packages.golink;
databaseFile = mkOption {
type = types.path;
default = "/var/lib/golink/golink.db";
description = "Path to SQLite database";
};

tailscaleAuthKeyFile = mkOption {
type = types.path;
description = "Path to file containing the Tailscale Auth Key";
};

verbose = mkOption {
type = types.bool;
default = false;
};
};
defaultApp = apps.golink;

overlays.default = self.overlay;
})
// {
nixosModules.default =
{ pkgs
, lib
, config
, ...
}:
let
cfg = config.services.golink;
in
{
options = with lib; {
services.golink = {
enable = mkEnableOption "Enable golink";

package = mkOption {
type = types.package;
description = ''
golink package to use
'';
default = pkgs.golink;
};

dataDir = mkOption {
type = types.path;
default = "/var/lib/golink";
description = "Path to data dir";
};

user = mkOption {
type = types.str;
default = "golink";
description = "User account under which golink runs.";
};

group = mkOption {
type = types.str;
default = "golink";
description = "Group account under which golink runs.";
};

databaseFile = mkOption {
type = types.path;
default = "/var/lib/golink/golink.db";
description = "Path to SQLite database";
};

tailscaleAuthKeyFile = mkOption {
type = types.path;
description = "Path to file containing the Tailscale Auth Key";
};

verbose = mkOption {
type = types.bool;
default = false;
};
};

config = mkIf cfg.enable {
nixpkgs.overlays = [ self.overlays.default ];

users.groups."${cfg.group}" = { };
users.users."${cfg.user}" = {
home = cfg.dataDir;
createHome = true;
group = "${cfg.group}";
isSystemUser = true;
isNormalUser = false;
description = "user for golink service";
};
config = lib.mkIf cfg.enable {
users.users."${cfg.user}" = {
home = cfg.dataDir;
createHome = true;
group = "${cfg.group}";
isSystemUser = true;
isNormalUser = false;
description = "user for golink service";
};
users.groups."${cfg.group}" = { };

systemd.services.golink = {
enable = true;
script =
let
args =
[
"--sqlitedb ${cfg.databaseFile}"
]
++ lib.optionals cfg.verbose [ "--verbose" ];
in
''
${lib.optionalString (cfg.tailscaleAuthKeyFile != null) ''
export TS_AUTHKEY="$(head -n1 ${lib.escapeShellArg cfg.tailscaleAuthKeyFile})"
''}
${cfg.package}/bin/golink ${builtins.concatStringsSep " " args}
'';
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = cfg.user;
Group = cfg.group;
Restart = "always";
RestartSec = "15";
WorkingDirectory = "${cfg.dataDir}";
};

systemd.services.golink = {
enable = true;
script =
let
args = [ "--sqlitedb ${cfg.databaseFile}" ] ++ optionals cfg.verbose [ "--verbose" ];
in
''
${optionalString (cfg.tailscaleAuthKeyFile != null) ''
export TS_AUTHKEY="$(head -n1 ${escapeShellArg cfg.tailscaleAuthKeyFile})"
''}
${cfg.package}/bin/golink ${concatStringsSep " " args}
'';
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = cfg.user;
Group = cfg.group;
Restart = "always";
RestartSec = "15";
WorkingDirectory = "${cfg.dataDir}";
};
};
};
};
};
};
}

0 comments on commit 3d530fd

Please sign in to comment.