jahanson/mochi
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
mochi/nixos/lib/default.nix
Joseph Hanson f5e45209ec
remove restic, add borgmatic. 
update template

update config template

update
2025-02-25 13:03:44 -06:00

69 lines
2.4 KiB
Nix
Raw Blame History

{lib, ...}:
with lib; rec {
firstOrDefault = first: default:
if first != null
then first
else default;
existsOrDefault = x: set: default:
if builtins.hasAttr x set
then builtins.getAttr x set
else default;
# Create custom package set
mkMyPkgs = pkgs: {
borgmatic = pkgs.callPackage ../../nixos/packages/borgmatic {};
};
# main service builder
mkService = options: (
let
user = existsOrDefault "user" options "568";
group = existsOrDefault "group" options "568";
# enableBackups =
# (lib.attrsets.hasAttrByPath ["persistence" "folder"] options)
# && (lib.attrsets.attrByPath ["persistence" "enable"] true options);
# Security options for containers
containerExtraOptions =
lib.optionals (lib.attrsets.attrByPath ["container" "caps" "privileged"] false options) [
"--privileged"
]
++ lib.optionals (lib.attrsets.attrByPath ["container" "caps" "readOnly"] false options) [
"--read-only"
]
++ lib.optionals (lib.attrsets.attrByPath ["container" "caps" "tmpfs"] false options) [
(map (folders: "--tmpfs=${folders}") tmpfsFolders)
]
++ lib.optionals (lib.attrsets.attrByPath ["container" "caps" "noNewPrivileges"] false options) [
"--security-opt=no-new-privileges"
]
++ lib.optionals (lib.attrsets.attrByPath ["container" "caps" "dropAll"] false options) [
"--cap-drop=ALL"
];
in {
virtualisation.oci-containers.containers.${options.app} = mkIf options.container.enable {
image = "${options.container.image}";
user = "${user}:${group}";
environment =
{
TZ = options.timeZone;
}
// options.container.env;
environmentFiles = lib.attrsets.attrByPath ["container" "envFiles"] [] options;
volumes =
["/etc/localtime:/etc/localtime:ro"]
++ lib.optionals (lib.attrsets.hasAttrByPath ["container" "persistentFolderMount"] options) [
"${options.persistence.folder}:${options.container.persistentFolderMount}:rw"
]
++ lib.attrsets.attrByPath ["container" "volumes"] [] options;
extraOptions = containerExtraOptions;
};
systemd.tmpfiles.rules = lib.optionals (lib.attrsets.hasAttrByPath [
"persistence"
"folder"
]
options) ["d ${options.persistence.folder} 0750 ${user} ${group} -"];
}
);
}
Reference in a new issue View git blame Copy permalink