| blob | 51817124cb1d613e465a674bfbf8493fdf961f86 |
1 {
2 config,
3 lib,
4 pkgs,
5 ...
6 }:
7 let
8 cfg = config.services.gateone;
9 in
10 {
11 options = {
12 services.gateone = {
13 enable = lib.mkEnableOption "GateOne server";
14 pidDir = lib.mkOption {
15 default = "/run/gateone";
16 type = lib.types.path;
17 description = "Path of pid files for GateOne.";
18 };
19 settingsDir = lib.mkOption {
20 default = "/var/lib/gateone";
21 type = lib.types.path;
22 description = "Path of configuration files for GateOne.";
23 };
24 };
25 };
26 config = lib.mkIf cfg.enable {
27 environment.systemPackages = with pkgs.pythonPackages; [
28 gateone
29 pkgs.openssh
30 pkgs.procps
31 pkgs.coreutils
32 pkgs.cacert
33 ];
35 users.users.gateone = {
36 description = "GateOne privilege separation user";
37 uid = config.ids.uids.gateone;
38 home = cfg.settingsDir;
39 };
40 users.groups.gateone.gid = config.ids.gids.gateone;
42 systemd.services.gateone = with pkgs; {
43 description = "GateOne web-based terminal";
44 path = [
45 pythonPackages.gateone
46 nix
47 openssh
48 procps
49 coreutils
50 ];
51 preStart = ''
52 if [ ! -d ${cfg.settingsDir} ] ; then
53 mkdir -m 0750 -p ${cfg.settingsDir}
54 chown -R gateone:gateone ${cfg.settingsDir}
55 fi
56 if [ ! -d ${cfg.pidDir} ] ; then
57 mkdir -m 0750 -p ${cfg.pidDir}
58 chown -R gateone:gateone ${cfg.pidDir}
59 fi
60 '';
61 #unitConfig.RequiresMountsFor = "${cfg.settingsDir}";
62 serviceConfig = {
63 ExecStart = ''${pythonPackages.gateone}/bin/gateone --settings_dir=${cfg.settingsDir} --pid_file=${cfg.pidDir}/gateone.pid --gid=${toString config.ids.gids.gateone} --uid=${toString config.ids.uids.gateone}'';
64 User = "gateone";
65 Group = "gateone";
66 WorkingDirectory = cfg.settingsDir;
67 };
69 wantedBy = [ "multi-user.target" ];
70 requires = [ "network.target" ];
71 };
72 };
73 }