Loading nixos/modules/module-list.nix +1 −0 Original line number Diff line number Diff line Loading @@ -1150,6 +1150,7 @@ ./services/networking/radicale.nix ./services/networking/radvd.nix ./services/networking/rdnssd.nix ./services/networking/realm.nix ./services/networking/redsocks.nix ./services/networking/resilio.nix ./services/networking/robustirc-bridge.nix Loading nixos/modules/services/networking/realm.nix 0 → 100644 +50 −0 Original line number Diff line number Diff line { config , lib , pkgs , ... }: let cfg = config.services.realm; configFormat = pkgs.formats.json { }; configFile = configFormat.generate "config.json" cfg.config; inherit (lib) mkEnableOption mkPackageOption mkOption mkIf types getExe; in { meta.maintainers = with lib.maintainers; [ ocfox ]; options = { services.realm = { enable = mkEnableOption "A simple, high performance relay server written in rust"; package = mkPackageOption pkgs "realm" { }; config = mkOption { type = types.submodule { freeformType = configFormat.type; }; default = { }; description = '' The realm configuration, see <https://github.com/zhboner/realm#overview> for documentation. ''; }; }; }; config = mkIf cfg.enable { systemd.services.realm = { serviceConfig = { DynamicUser = true; MemoryDenyWriteExecute = true; PrivateDevices = true; ProtectClock = true; ProtectKernelLogs = true; ProtectKernelModules = true; ProtectProc = "invisible"; ProtectKernelTunables = true; ExecStart = "${getExe cfg.package} --config ${configFile}"; AmbientCapabilities = [ "CAP_NET_ADMIN" "CAP_NET_BIND_SERVICE" ]; }; wantedBy = [ "multi-user.target" ]; }; }; } Loading
nixos/modules/module-list.nix +1 −0 Original line number Diff line number Diff line Loading @@ -1150,6 +1150,7 @@ ./services/networking/radicale.nix ./services/networking/radvd.nix ./services/networking/rdnssd.nix ./services/networking/realm.nix ./services/networking/redsocks.nix ./services/networking/resilio.nix ./services/networking/robustirc-bridge.nix Loading
nixos/modules/services/networking/realm.nix 0 → 100644 +50 −0 Original line number Diff line number Diff line { config , lib , pkgs , ... }: let cfg = config.services.realm; configFormat = pkgs.formats.json { }; configFile = configFormat.generate "config.json" cfg.config; inherit (lib) mkEnableOption mkPackageOption mkOption mkIf types getExe; in { meta.maintainers = with lib.maintainers; [ ocfox ]; options = { services.realm = { enable = mkEnableOption "A simple, high performance relay server written in rust"; package = mkPackageOption pkgs "realm" { }; config = mkOption { type = types.submodule { freeformType = configFormat.type; }; default = { }; description = '' The realm configuration, see <https://github.com/zhboner/realm#overview> for documentation. ''; }; }; }; config = mkIf cfg.enable { systemd.services.realm = { serviceConfig = { DynamicUser = true; MemoryDenyWriteExecute = true; PrivateDevices = true; ProtectClock = true; ProtectKernelLogs = true; ProtectKernelModules = true; ProtectProc = "invisible"; ProtectKernelTunables = true; ExecStart = "${getExe cfg.package} --config ${configFile}"; AmbientCapabilities = [ "CAP_NET_ADMIN" "CAP_NET_BIND_SERVICE" ]; }; wantedBy = [ "multi-user.target" ]; }; }; }
Nick Cao <nickcao@nichi.co> Co-authored-by:
oluceps <i@oluceps.uk>