Commit 17315e63 authored by Jack Rosenberg's avatar Jack Rosenberg Committed by jack rosenberg
Browse files

nixos/newt: declarative resource management

parent 0b9bb8f8

nixos/modules/services/networking/newt.nix

+28 −3
Original line number Diff line number Diff line
@@ -21,6 +21,8 @@ let 
    // {

      description = "value coercible to CLI argument";

    };

  format = pkgs.formats.yaml { };

  blueprint-file = format.generate "blueprint.yml" cfg.blueprint;

in

{

  imports = [
@@ -48,13 +50,35 @@ in 
        };

        description = "Settings for Newt module, see [Newt CLI docs](https://github.com/fosrl/newt?tab=readme-ov-file#cli-args) for more information.";

      };

      blueprint = lib.mkOption {

        inherit (format) type;

        default = { };

        example = {

          proxy-resources = {

            jellyfin = {

              name = "Jellyfin";

              protocol = "http";

              full-domain = "jfn.example.com";

              targets = [

                {

                  hostname = "localhost";

                  method = "http";

                  port = 8096;

                }

              ];

              auth.sso-enabled = true;

            };

          };

        };

        description = "Blueprint for declarative settings, see [Newt Blueprint docs](https://docs.pangolin.net/manage/blueprints#blueprints) for more information.";

      };



      # provide path to file to keep secrets out of the nix store

      environmentFile = lib.mkOption {

        type = with lib.types; nullOr path;

        default = null;

        description = ''

          Path to a file containing sensitive environment variables for Newt. See <https://docs.fossorial.io/Newt/overview#cli-args>

          Path to a file containing sensitive environment variables for Newt. See [Client credentials](https://docs.pangolin.net/manage/clients/credentials) for more information.

          These will overwrite anything defined in the config.

          The file should contain environment-variable assignments like:

          NEWT_ID=2ix2t8xk22ubpfy
@@ -81,9 +105,10 @@ in 
      environment = {

        HOME = "/var/lib/private/newt";

      };

      # the flag values will all be overwritten if also defined in the env file

      serviceConfig = {

        ExecStart = "${lib.getExe cfg.package} ${lib.cli.toCommandLineShellGNU { } cfg.settings}";

        ExecStart = "${lib.getExe cfg.package} ${

          lib.cli.toCommandLineShellGNU { } (lib.recursiveUpdate cfg.settings { inherit blueprint-file; })

        }";

        DynamicUser = true;

        StateDirectory = "newt";

        StateDirectoryMode = "0700";