{ description = "monfari"; inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; outputs = { self, nixpkgs, systems, }: let inherit (nixpkgs) lib; eachSystem = f: lib.genAttrs (import systems) (system: f { inherit system; pkgs = nixpkgs.legacyPackages.${system}; ownPkgs = self.packages.${system}; }); in { devShells = eachSystem ({pkgs, ...}: { default = pkgs.beam.packages.erlang_26.callPackage ./shell.nix {}; }); packages = eachSystem ({pkgs, ...}: { default = pkgs.beam.packages.erlang_26.callPackage ./default.nix { inherit self; }; }); nixosModules = { default = { lib, pkgs, config, ... }: let monfari = self.packages.${pkgs.system}.default; gen-secret = pkgs.writeShellScript "gen-secret" '' (umask 077; [ -f $1/$2 ] || ${pkgs.coreutils}/bin/head -c 128 /dev/urandom | ${pkgs.coreutils}/bin/base64 -w0 > $1/$2) ''; secret = var: dir: file: '' ${gen-secret} "${dir}" "${file}" ${var}=$(${pkgs.coreutils}/bin/cat "${dir}/${file}") ''; script = pkgs.writeShellScriptBin "monfari" '' ${secret "RELEASE_COOKIE" "/run/monfari" "cookie"} RELEASE_COOKIE="$RELEASE_COOKIE" ${lib.getExe monfari} "$@" ''; cfg = config.services.bluepython508.monfari; in { options.services.bluepython508.monfari = { enable = lib.mkEnableOption "monfari"; host = lib.mkOption { type = lib.types.str; }; bind = lib.mkOption { type = lib.types.str; }; }; config.environment.systemPackages = lib.mkIf cfg.enable [ script ]; config.systemd.services.monfari = lib.mkIf cfg.enable { description = "monfari"; environment = { SERVER = "true"; DATABASE_PATH = "/var/lib/monfari/db.sqlite"; BIND = ""; PHX_HOST = cfg.host; }; script = '' ${secret "SECRET_KEY_BASE" "/var/lib/monfari" "secret-key-base"} SECRET_KEY_BASE="$SECRET_KEY_BASE" ${lib.getExe script} start ''; wantedBy = [ "multi-user.target" ]; serviceConfig = { RuntimeDirectory = "monfari"; DynamicUser = true; }; }; }; }; }; }