diff options
| author | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2026-03-22 15:58:42 +0100 |
|---|---|---|
| committer | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2026-03-22 16:02:04 +0100 |
| commit | c633046cdda8e7a46ad7a9d85e0749f36e5ab0a8 (patch) | |
| tree | 8be69736262c6c4b10b91cef6ec962d269eb8bb0 /modules/by-name/ro | |
| parent | update.sh: Replace building and test running by the already existing scripts (diff) | |
| download | nixos-server-c633046cdda8e7a46ad7a9d85e0749f36e5ab0a8.zip | |
{modules,tests}/rocie: Init
Diffstat (limited to 'modules/by-name/ro')
| -rw-r--r-- | modules/by-name/ro/rocie/module.nix | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/modules/by-name/ro/rocie/module.nix b/modules/by-name/ro/rocie/module.nix new file mode 100644 index 0000000..1e419b8 --- /dev/null +++ b/modules/by-name/ro/rocie/module.nix @@ -0,0 +1,59 @@ +{ + config, + lib, + ... +}: let + cfg = config.vhack.rocie; + data = "/var/lib/rocie"; +in { + options.vhack.rocie = { + enable = lib.mkEnableOption "Rocie integration into vhack.eu"; + + domain = lib.mkOption { + type = lib.types.str; + description = "The domain where to deploy rocie"; + }; + + loginSecret = lib.mkOption { + type = lib.types.path; + description = "The age encrypted secret file for rocie, passed to agenix"; + }; + }; + + config = lib.mkIf cfg.enable { + rocie = { + enable = true; + inherit (cfg) domain; + + dbPath = "${data}/database.db"; + + secretKeyFile = config.age.secrets.rocie_secret.path; + }; + + vhack.persist.directories = [ + { + directory = data; + user = "rocie"; + group = "rocie"; + mode = "0700"; + } + ]; + + users = { + groups.rocie = { + gid = config.vhack.constants.ids.gids.rocie; + }; + users.rocie = { + group = "rocie"; + uid = config.vhack.constants.ids.uids.rocie; + }; + }; + + age.secrets.rocie_secret = { + file = cfg.loginSecret; + mode = "700"; + owner = "rocie"; + group = "rocie"; + }; + }; +} |