Monorepo for Tangled
tangled.org
tangled.org
1{
2 config,
3 pkgs,
4 lib,
5 ...
6}: let
7 cfg = config.services.did-method-plc;
8in
9 with lib; {
10 options.services.did-method-plc = {
11 enable = mkEnableOption "did-method-plc server";
12 package = mkPackageOption pkgs "did-method-plc" {};
13 };
14 config = mkIf cfg.enable {
15 services.postgresql = {
16 enable = true;
17 package = pkgs.postgresql_14;
18 ensureDatabases = ["plc"];
19 ensureUsers = [
20 {
21 name = "pg";
22 # ensurePermissions."DATABASE plc" = "ALL PRIVILEGES";
23 }
24 ];
25 authentication = ''
26 local all all trust
27 host all all 127.0.0.1/32 trust
28 '';
29 };
30 systemd.services.did-method-plc = {
31 description = "did-method-plc";
32
33 after = ["postgresql.service"];
34 wants = ["postgresql.service"];
35 wantedBy = ["multi-user.target"];
36
37 environment = let
38 db_creds_json = builtins.toJSON {
39 username = "pg";
40 password = "";
41 host = "127.0.0.1";
42 port = 5432;
43 };
44 in {
45 # TODO: inherit from config
46 DEBUG_MODE = "1";
47 LOG_ENABLED = "true";
48 LOG_LEVEL = "debug";
49 LOG_DESTINATION = "1";
50 ENABLE_MIGRATIONS = "true";
51 DB_CREDS_JSON = db_creds_json;
52 DB_MIGRATE_CREDS_JSON = db_creds_json;
53 PLC_VERSION = "0.0.1";
54 PORT = "8080";
55 };
56
57 serviceConfig = {
58 ExecStart = getExe cfg.package;
59 User = "plc";
60 Group = "plc";
61 StateDirectory = "plc";
62 StateDirectoryMode = "0755";
63 Restart = "always";
64
65 # Hardening
66 };
67 };
68 users = {
69 users.plc = {
70 group = "plc";
71 isSystemUser = true;
72 };
73 groups.plc = {};
74 };
75 };
76 }