| blob | 83a7ea24859438659a8517ca8370b2fb660186b5 |
1 { config, lib, pkgs, ...}:
2 let
3 cfg = config.services.gateone;
4 in
5 {
6 options = {
7 services.gateone = {
8 enable = lib.mkEnableOption "GateOne server";
9 pidDir = lib.mkOption {
10 default = "/run/gateone";
11 type = lib.types.path;
12 description = "Path of pid files for GateOne.";
13 };
14 settingsDir = lib.mkOption {
15 default = "/var/lib/gateone";
16 type = lib.types.path;
17 description = "Path of configuration files for GateOne.";
18 };
19 };
20 };
21 config = lib.mkIf cfg.enable {
22 environment.systemPackages = with pkgs.pythonPackages; [
23 gateone pkgs.openssh pkgs.procps pkgs.coreutils pkgs.cacert];
25 users.users.gateone = {
26 description = "GateOne privilege separation user";
27 uid = config.ids.uids.gateone;
28 home = cfg.settingsDir;
29 };
30 users.groups.gateone.gid = config.ids.gids.gateone;
32 systemd.services.gateone = with pkgs; {
33 description = "GateOne web-based terminal";
34 path = [ pythonPackages.gateone nix openssh procps coreutils ];
35 preStart = ''
36 if [ ! -d ${cfg.settingsDir} ] ; then
37 mkdir -m 0750 -p ${cfg.settingsDir}
38 chown -R gateone:gateone ${cfg.settingsDir}
39 fi
40 if [ ! -d ${cfg.pidDir} ] ; then
41 mkdir -m 0750 -p ${cfg.pidDir}
42 chown -R gateone:gateone ${cfg.pidDir}
43 fi
44 '';
45 #unitConfig.RequiresMountsFor = "${cfg.settingsDir}";
46 serviceConfig = {
47 ExecStart = ''${pythonPackages.gateone}/bin/gateone --settings_dir=${cfg.settingsDir} --pid_file=${cfg.pidDir}/gateone.pid --gid=${toString config.ids.gids.gateone} --uid=${toString config.ids.uids.gateone}'';
48 User = "gateone";
49 Group = "gateone";
50 WorkingDirectory = cfg.settingsDir;
51 };
53 wantedBy = [ "multi-user.target" ];
54 requires = [ "network.target" ];
55 };
56 };
57 }