From baa3e038f9276b7991b892bf49d5eab0fec783d3 Mon Sep 17 00:00:00 2001 From: centra Date: Tue, 9 Dec 2025 17:34:41 +0900 Subject: [PATCH] Add NixOS service modules to git tracking MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The nix/modules directory was untracked, causing flake evaluation to fail when referencing ./nix/modules. This adds 9 service module definitions created during T024 NixOS packaging. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 --- nix/modules/chainfire.nix | 87 +++++++++++++++++++++++++++++++++++ nix/modules/default.nix | 12 +++++ nix/modules/fiberlb.nix | 76 ++++++++++++++++++++++++++++++ nix/modules/flaredb.nix | 82 +++++++++++++++++++++++++++++++++ nix/modules/flashdns.nix | 85 ++++++++++++++++++++++++++++++++++ nix/modules/iam.nix | 76 ++++++++++++++++++++++++++++++ nix/modules/lightningstor.nix | 76 ++++++++++++++++++++++++++++++ nix/modules/novanet.nix | 76 ++++++++++++++++++++++++++++++ nix/modules/plasmavmc.nix | 76 ++++++++++++++++++++++++++++++ 9 files changed, 646 insertions(+) create mode 100644 nix/modules/chainfire.nix create mode 100644 nix/modules/default.nix create mode 100644 nix/modules/fiberlb.nix create mode 100644 nix/modules/flaredb.nix create mode 100644 nix/modules/flashdns.nix create mode 100644 nix/modules/iam.nix create mode 100644 nix/modules/lightningstor.nix create mode 100644 nix/modules/novanet.nix create mode 100644 nix/modules/plasmavmc.nix diff --git a/nix/modules/chainfire.nix b/nix/modules/chainfire.nix new file mode 100644 index 0000000..1e58116 --- /dev/null +++ b/nix/modules/chainfire.nix @@ -0,0 +1,87 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.services.chainfire; +in +{ + options.services.chainfire = { + enable = lib.mkEnableOption "chainfire service"; + + port = lib.mkOption { + type = lib.types.port; + default = 2379; + description = "Port for chainfire API"; + }; + + raftPort = lib.mkOption { + type = lib.types.port; + default = 2380; + description = "Port for chainfire Raft protocol"; + }; + + gossipPort = lib.mkOption { + type = lib.types.port; + default = 2381; + description = "Port for chainfire gossip protocol"; + }; + + dataDir = lib.mkOption { + type = lib.types.path; + default = "/var/lib/chainfire"; + description = "Data directory for chainfire"; + }; + + settings = lib.mkOption { + type = lib.types.attrs; + default = {}; + description = "Additional configuration settings"; + }; + + package = lib.mkOption { + type = lib.types.package; + default = pkgs.chainfire-server or (throw "chainfire-server package not found"); + description = "Package to use for chainfire"; + }; + }; + + config = lib.mkIf cfg.enable { + # Create system user + users.users.chainfire = { + isSystemUser = true; + group = "chainfire"; + description = "Chainfire service user"; + home = cfg.dataDir; + }; + + users.groups.chainfire = {}; + + # Create systemd service + systemd.services.chainfire = { + description = "Chainfire Distributed Configuration Service"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + + serviceConfig = { + Type = "simple"; + User = "chainfire"; + Group = "chainfire"; + Restart = "on-failure"; + RestartSec = "10s"; + + # State directory management + StateDirectory = "chainfire"; + StateDirectoryMode = "0750"; + + # Security hardening + NoNewPrivileges = true; + PrivateTmp = true; + ProtectSystem = "strict"; + ProtectHome = true; + ReadWritePaths = [ cfg.dataDir ]; + + # Start command + ExecStart = "${cfg.package}/bin/chainfire-server --api-addr 0.0.0.0:${toString cfg.port} --raft-addr 0.0.0.0:${toString cfg.raftPort} --gossip-addr 0.0.0.0:${toString cfg.gossipPort} --data-dir ${cfg.dataDir}"; + }; + }; + }; +} diff --git a/nix/modules/default.nix b/nix/modules/default.nix new file mode 100644 index 0000000..5d904a2 --- /dev/null +++ b/nix/modules/default.nix @@ -0,0 +1,12 @@ +{ + imports = [ + ./chainfire.nix + ./flaredb.nix + ./iam.nix + ./plasmavmc.nix + ./novanet.nix + ./flashdns.nix + ./fiberlb.nix + ./lightningstor.nix + ]; +} diff --git a/nix/modules/fiberlb.nix b/nix/modules/fiberlb.nix new file mode 100644 index 0000000..8a35423 --- /dev/null +++ b/nix/modules/fiberlb.nix @@ -0,0 +1,76 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.services.fiberlb; +in +{ + options.services.fiberlb = { + enable = lib.mkEnableOption "fiberlb service"; + + port = lib.mkOption { + type = lib.types.port; + default = 7000; + description = "Port for fiberlb API"; + }; + + dataDir = lib.mkOption { + type = lib.types.path; + default = "/var/lib/fiberlb"; + description = "Data directory for fiberlb"; + }; + + settings = lib.mkOption { + type = lib.types.attrs; + default = {}; + description = "Additional configuration settings"; + }; + + package = lib.mkOption { + type = lib.types.package; + default = pkgs.fiberlb-server or (throw "fiberlb-server package not found"); + description = "Package to use for fiberlb"; + }; + }; + + config = lib.mkIf cfg.enable { + # Create system user + users.users.fiberlb = { + isSystemUser = true; + group = "fiberlb"; + description = "FiberLB service user"; + home = cfg.dataDir; + }; + + users.groups.fiberlb = {}; + + # Create systemd service + systemd.services.fiberlb = { + description = "FiberLB Load Balancing Service"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" "iam.service" "flaredb.service" ]; + requires = [ "iam.service" "flaredb.service" ]; + + serviceConfig = { + Type = "simple"; + User = "fiberlb"; + Group = "fiberlb"; + Restart = "on-failure"; + RestartSec = "10s"; + + # State directory management + StateDirectory = "fiberlb"; + StateDirectoryMode = "0750"; + + # Security hardening + NoNewPrivileges = true; + PrivateTmp = true; + ProtectSystem = "strict"; + ProtectHome = true; + ReadWritePaths = [ cfg.dataDir ]; + + # Start command + ExecStart = "${cfg.package}/bin/fiberlb-server --port ${toString cfg.port} --data-dir ${cfg.dataDir}"; + }; + }; + }; +} diff --git a/nix/modules/flaredb.nix b/nix/modules/flaredb.nix new file mode 100644 index 0000000..6d3d979 --- /dev/null +++ b/nix/modules/flaredb.nix @@ -0,0 +1,82 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.services.flaredb; +in +{ + options.services.flaredb = { + enable = lib.mkEnableOption "flaredb service"; + + port = lib.mkOption { + type = lib.types.port; + default = 2479; + description = "Port for flaredb API"; + }; + + raftPort = lib.mkOption { + type = lib.types.port; + default = 2480; + description = "Port for flaredb Raft protocol"; + }; + + dataDir = lib.mkOption { + type = lib.types.path; + default = "/var/lib/flaredb"; + description = "Data directory for flaredb"; + }; + + settings = lib.mkOption { + type = lib.types.attrs; + default = {}; + description = "Additional configuration settings"; + }; + + package = lib.mkOption { + type = lib.types.package; + default = pkgs.flaredb-server or (throw "flaredb-server package not found"); + description = "Package to use for flaredb"; + }; + }; + + config = lib.mkIf cfg.enable { + # Create system user + users.users.flaredb = { + isSystemUser = true; + group = "flaredb"; + description = "FlareDB service user"; + home = cfg.dataDir; + }; + + users.groups.flaredb = {}; + + # Create systemd service + systemd.services.flaredb = { + description = "FlareDB Distributed Database Service"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" "chainfire.service" ]; + requires = [ "chainfire.service" ]; + + serviceConfig = { + Type = "simple"; + User = "flaredb"; + Group = "flaredb"; + Restart = "on-failure"; + RestartSec = "10s"; + + # State directory management + StateDirectory = "flaredb"; + StateDirectoryMode = "0750"; + + # Security hardening + NoNewPrivileges = true; + PrivateTmp = true; + ProtectSystem = "strict"; + ProtectHome = true; + ReadWritePaths = [ cfg.dataDir ]; + + # Start command + ExecStart = "${cfg.package}/bin/flaredb-server --api-addr 0.0.0.0:${toString cfg.port} --raft-addr 0.0.0.0:${toString cfg.raftPort} --data-dir ${cfg.dataDir}"; + }; + }; + }; +} diff --git a/nix/modules/flashdns.nix b/nix/modules/flashdns.nix new file mode 100644 index 0000000..612dec9 --- /dev/null +++ b/nix/modules/flashdns.nix @@ -0,0 +1,85 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.services.flashdns; +in +{ + options.services.flashdns = { + enable = lib.mkEnableOption "flashdns service"; + + port = lib.mkOption { + type = lib.types.port; + default = 6000; + description = "Port for flashdns API"; + }; + + dnsPort = lib.mkOption { + type = lib.types.port; + default = 53; + description = "Port for flashdns DNS service"; + }; + + dataDir = lib.mkOption { + type = lib.types.path; + default = "/var/lib/flashdns"; + description = "Data directory for flashdns"; + }; + + settings = lib.mkOption { + type = lib.types.attrs; + default = {}; + description = "Additional configuration settings"; + }; + + package = lib.mkOption { + type = lib.types.package; + default = pkgs.flashdns-server or (throw "flashdns-server package not found"); + description = "Package to use for flashdns"; + }; + }; + + config = lib.mkIf cfg.enable { + # Create system user + users.users.flashdns = { + isSystemUser = true; + group = "flashdns"; + description = "FlashDNS service user"; + home = cfg.dataDir; + }; + + users.groups.flashdns = {}; + + # Create systemd service + systemd.services.flashdns = { + description = "FlashDNS Distributed DNS Service"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" "iam.service" "flaredb.service" ]; + requires = [ "iam.service" "flaredb.service" ]; + + serviceConfig = { + Type = "simple"; + User = "flashdns"; + Group = "flashdns"; + Restart = "on-failure"; + RestartSec = "10s"; + + # State directory management + StateDirectory = "flashdns"; + StateDirectoryMode = "0750"; + + # Security hardening + NoNewPrivileges = true; + PrivateTmp = true; + ProtectSystem = "strict"; + ProtectHome = true; + ReadWritePaths = [ cfg.dataDir ]; + + # DNS requires binding to privileged port 53 + AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ]; + + # Start command + ExecStart = "${cfg.package}/bin/flashdns-server --port ${toString cfg.port} --data-dir ${cfg.dataDir}"; + }; + }; + }; +} diff --git a/nix/modules/iam.nix b/nix/modules/iam.nix new file mode 100644 index 0000000..b052cc8 --- /dev/null +++ b/nix/modules/iam.nix @@ -0,0 +1,76 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.services.iam; +in +{ + options.services.iam = { + enable = lib.mkEnableOption "iam service"; + + port = lib.mkOption { + type = lib.types.port; + default = 3000; + description = "Port for iam API"; + }; + + dataDir = lib.mkOption { + type = lib.types.path; + default = "/var/lib/iam"; + description = "Data directory for iam"; + }; + + settings = lib.mkOption { + type = lib.types.attrs; + default = {}; + description = "Additional configuration settings"; + }; + + package = lib.mkOption { + type = lib.types.package; + default = pkgs.iam-server or (throw "iam-server package not found"); + description = "Package to use for iam"; + }; + }; + + config = lib.mkIf cfg.enable { + # Create system user + users.users.iam = { + isSystemUser = true; + group = "iam"; + description = "IAM service user"; + home = cfg.dataDir; + }; + + users.groups.iam = {}; + + # Create systemd service + systemd.services.iam = { + description = "IAM Identity and Access Management Service"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" "flaredb.service" ]; + requires = [ "flaredb.service" ]; + + serviceConfig = { + Type = "simple"; + User = "iam"; + Group = "iam"; + Restart = "on-failure"; + RestartSec = "10s"; + + # State directory management + StateDirectory = "iam"; + StateDirectoryMode = "0750"; + + # Security hardening + NoNewPrivileges = true; + PrivateTmp = true; + ProtectSystem = "strict"; + ProtectHome = true; + ReadWritePaths = [ cfg.dataDir ]; + + # Start command + ExecStart = "${cfg.package}/bin/iam-server --port ${toString cfg.port} --data-dir ${cfg.dataDir}"; + }; + }; + }; +} diff --git a/nix/modules/lightningstor.nix b/nix/modules/lightningstor.nix new file mode 100644 index 0000000..924f511 --- /dev/null +++ b/nix/modules/lightningstor.nix @@ -0,0 +1,76 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.services.lightningstor; +in +{ + options.services.lightningstor = { + enable = lib.mkEnableOption "lightningstor service"; + + port = lib.mkOption { + type = lib.types.port; + default = 8000; + description = "Port for lightningstor API"; + }; + + dataDir = lib.mkOption { + type = lib.types.path; + default = "/var/lib/lightningstor"; + description = "Data directory for lightningstor"; + }; + + settings = lib.mkOption { + type = lib.types.attrs; + default = {}; + description = "Additional configuration settings"; + }; + + package = lib.mkOption { + type = lib.types.package; + default = pkgs.lightningstor-server or (throw "lightningstor-server package not found"); + description = "Package to use for lightningstor"; + }; + }; + + config = lib.mkIf cfg.enable { + # Create system user + users.users.lightningstor = { + isSystemUser = true; + group = "lightningstor"; + description = "LightningStor service user"; + home = cfg.dataDir; + }; + + users.groups.lightningstor = {}; + + # Create systemd service + systemd.services.lightningstor = { + description = "LightningStor Object Storage Service"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" "iam.service" "flaredb.service" ]; + requires = [ "iam.service" "flaredb.service" ]; + + serviceConfig = { + Type = "simple"; + User = "lightningstor"; + Group = "lightningstor"; + Restart = "on-failure"; + RestartSec = "10s"; + + # State directory management + StateDirectory = "lightningstor"; + StateDirectoryMode = "0750"; + + # Security hardening + NoNewPrivileges = true; + PrivateTmp = true; + ProtectSystem = "strict"; + ProtectHome = true; + ReadWritePaths = [ cfg.dataDir ]; + + # Start command + ExecStart = "${cfg.package}/bin/lightningstor-server --port ${toString cfg.port} --data-dir ${cfg.dataDir}"; + }; + }; + }; +} diff --git a/nix/modules/novanet.nix b/nix/modules/novanet.nix new file mode 100644 index 0000000..36f2ca8 --- /dev/null +++ b/nix/modules/novanet.nix @@ -0,0 +1,76 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.services.novanet; +in +{ + options.services.novanet = { + enable = lib.mkEnableOption "novanet service"; + + port = lib.mkOption { + type = lib.types.port; + default = 5000; + description = "Port for novanet API"; + }; + + dataDir = lib.mkOption { + type = lib.types.path; + default = "/var/lib/novanet"; + description = "Data directory for novanet"; + }; + + settings = lib.mkOption { + type = lib.types.attrs; + default = {}; + description = "Additional configuration settings"; + }; + + package = lib.mkOption { + type = lib.types.package; + default = pkgs.novanet-server or (throw "novanet-server package not found"); + description = "Package to use for novanet"; + }; + }; + + config = lib.mkIf cfg.enable { + # Create system user + users.users.novanet = { + isSystemUser = true; + group = "novanet"; + description = "NovaNet service user"; + home = cfg.dataDir; + }; + + users.groups.novanet = {}; + + # Create systemd service + systemd.services.novanet = { + description = "NovaNet Software-Defined Networking Service"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" "iam.service" "flaredb.service" ]; + requires = [ "iam.service" "flaredb.service" ]; + + serviceConfig = { + Type = "simple"; + User = "novanet"; + Group = "novanet"; + Restart = "on-failure"; + RestartSec = "10s"; + + # State directory management + StateDirectory = "novanet"; + StateDirectoryMode = "0750"; + + # Security hardening + NoNewPrivileges = true; + PrivateTmp = true; + ProtectSystem = "strict"; + ProtectHome = true; + ReadWritePaths = [ cfg.dataDir ]; + + # Start command + ExecStart = "${cfg.package}/bin/novanet-server --port ${toString cfg.port} --data-dir ${cfg.dataDir}"; + }; + }; + }; +} diff --git a/nix/modules/plasmavmc.nix b/nix/modules/plasmavmc.nix new file mode 100644 index 0000000..0cec913 --- /dev/null +++ b/nix/modules/plasmavmc.nix @@ -0,0 +1,76 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.services.plasmavmc; +in +{ + options.services.plasmavmc = { + enable = lib.mkEnableOption "plasmavmc service"; + + port = lib.mkOption { + type = lib.types.port; + default = 4000; + description = "Port for plasmavmc API"; + }; + + dataDir = lib.mkOption { + type = lib.types.path; + default = "/var/lib/plasmavmc"; + description = "Data directory for plasmavmc"; + }; + + settings = lib.mkOption { + type = lib.types.attrs; + default = {}; + description = "Additional configuration settings"; + }; + + package = lib.mkOption { + type = lib.types.package; + default = pkgs.plasmavmc-server or (throw "plasmavmc-server package not found"); + description = "Package to use for plasmavmc"; + }; + }; + + config = lib.mkIf cfg.enable { + # Create system user + users.users.plasmavmc = { + isSystemUser = true; + group = "plasmavmc"; + description = "PlasmaVMC service user"; + home = cfg.dataDir; + }; + + users.groups.plasmavmc = {}; + + # Create systemd service + systemd.services.plasmavmc = { + description = "PlasmaVMC Virtual Machine Compute Service"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" "iam.service" "flaredb.service" ]; + requires = [ "iam.service" "flaredb.service" ]; + + serviceConfig = { + Type = "simple"; + User = "plasmavmc"; + Group = "plasmavmc"; + Restart = "on-failure"; + RestartSec = "10s"; + + # State directory management + StateDirectory = "plasmavmc"; + StateDirectoryMode = "0750"; + + # Security hardening + NoNewPrivileges = true; + PrivateTmp = true; + ProtectSystem = "strict"; + ProtectHome = true; + ReadWritePaths = [ cfg.dataDir ]; + + # Start command + ExecStart = "${cfg.package}/bin/plasmavmc-server --port ${toString cfg.port} --data-dir ${cfg.dataDir}"; + }; + }; + }; +}