nixos/modules/services/networking/robustirc-bridge.nix

   1 { config, lib, pkgs, ... }:
   2
   3 with lib;
   4
   5 let
   6   cfg = config.services.robustirc-bridge;
   7 in
   8 {
   9   options = {
  10     services.robustirc-bridge = {
  11       enable = mkEnableOption "RobustIRC bridge";
  12
  13       extraFlags = mkOption {
  14         type = types.listOf types.str;
  15         default = [];
  16         description = ''Extra flags passed to the {command}`robustirc-bridge` command. See [RobustIRC Documentation](https://robustirc.net/docs/adminguide.html#_bridge) or robustirc-bridge(1) for details.'';
  17         example = [
  18           "-network robustirc.net"
  19         ];
  20       };
  21     };
  22   };
  23
  24   config = mkIf cfg.enable {
  25     systemd.services.robustirc-bridge = {
  26       description = "RobustIRC bridge";
  27       documentation = [
  28         "man:robustirc-bridge(1)"
  29         "https://robustirc.net/"
  30       ];
  31       wantedBy = [ "multi-user.target" ];
  32       after = [ "network.target" ];
  33
  34       serviceConfig = {
  35         DynamicUser = true;
  36         ExecStart = "${pkgs.robustirc-bridge}/bin/robustirc-bridge ${concatStringsSep " " cfg.extraFlags}";
  37         Restart = "on-failure";
  38
  39         # Hardening
  40         PrivateDevices = true;
  41         ProtectSystem = true;
  42         ProtectHome = true;
  43         PrivateTmp = true;
  44       };
  45     };
  46   };
  47 }