91d02d8c84
Most of the ecosystem has moved to this formatter, and many people configured their editors to autoformat it with this formatter. Closes: https://git.snix.dev/snix/snix/issues/62 Change-Id: Icf39e7836c91fc2ae49fbe22a40a639105bfb0bd Reviewed-on: https://cl.snix.dev/c/snix/+/30671 Reviewed-by: Florian Klink <flokli@flokli.de> Tested-by: besadii Autosubmit: Ilan Joselevich <personal@ilanjoselevich.com>
56 lines
1.3 KiB
Nix
56 lines
1.3 KiB
Nix
{
|
|
config,
|
|
depot,
|
|
lib,
|
|
...
|
|
}:
|
|
|
|
let
|
|
cfg = config.services.depot.gerrit-webhook-to-irccat;
|
|
description = "receive gerrit webhooks and forward to irccat";
|
|
in
|
|
|
|
{
|
|
options.services.depot.gerrit-webhook-to-irccat = {
|
|
enable = lib.mkEnableOption description;
|
|
|
|
irccatUrl = lib.mkOption {
|
|
type = lib.types.str;
|
|
};
|
|
|
|
listenAddress = lib.mkOption {
|
|
type = lib.types.str;
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
systemd.services.gerrit-webhook-to-irccat = {
|
|
serviceConfig = {
|
|
ExecStart =
|
|
"${depot.ops.gerrit-webhook-to-irccat}/bin/gerrit-webhook-to-irccat"
|
|
+ " -irccat-url ${cfg.irccatUrl}";
|
|
Restart = "always";
|
|
RestartSec = 5;
|
|
User = "gerrit-webhook-to-irccat";
|
|
DynamicUser = true;
|
|
ProtectHome = true;
|
|
ProtectSystem = true;
|
|
MemoryDenyWriteExecute = true;
|
|
ProtectControlGroups = true;
|
|
ProtectKernelModules = true;
|
|
ProtectKernelTunables = true;
|
|
RestrictNamespaces = true;
|
|
RestrictRealtime = true;
|
|
SystemCallArchitectures = "native";
|
|
SystemCallFilter = [
|
|
"@system-service"
|
|
"~@privileged"
|
|
];
|
|
};
|
|
};
|
|
systemd.sockets.gerrit-webhook-to-irccat = {
|
|
wantedBy = [ "sockets.target" ];
|
|
socketConfig.ListenStream = cfg.listenAddress;
|
|
};
|
|
};
|
|
}
|