Add NixOS service modules to git tracking

The nix/modules directory was untracked, causing flake evaluation to fail when referencing ./nix/modules. This adds 9 service module definitions created during T024 NixOS packaging. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-09 17:34:41 +09:00 · 2025-12-09 17:34:41 +09:00 · baa3e038f9
commit baa3e038f9
parent 519da1d3d5
9 changed files with 646 additions and 0 deletions
--- a/nix/modules/chainfire.nix
+++ b/nix/modules/chainfire.nix
@ -0,0 +1,87 @@
+{ config, lib, pkgs, ... }:
+
+let
+  cfg = config.services.chainfire;
+in
+{
+  options.services.chainfire = {
+    enable = lib.mkEnableOption "chainfire service";
+
+    port = lib.mkOption {
+      type = lib.types.port;
+      default = 2379;
+      description = "Port for chainfire API";
+    };
+
+    raftPort = lib.mkOption {
+      type = lib.types.port;
+      default = 2380;
+      description = "Port for chainfire Raft protocol";
+    };
+
+    gossipPort = lib.mkOption {
+      type = lib.types.port;
+      default = 2381;
+      description = "Port for chainfire gossip protocol";
+    };
+
+    dataDir = lib.mkOption {
+      type = lib.types.path;
+      default = "/var/lib/chainfire";
+      description = "Data directory for chainfire";
+    };
+
+    settings = lib.mkOption {
+      type = lib.types.attrs;
+      default = {};
+      description = "Additional configuration settings";
+    };
+
+    package = lib.mkOption {
+      type = lib.types.package;
+      default = pkgs.chainfire-server or (throw "chainfire-server package not found");
+      description = "Package to use for chainfire";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    # Create system user
+    users.users.chainfire = {
+      isSystemUser = true;
+      group = "chainfire";
+      description = "Chainfire service user";
+      home = cfg.dataDir;
+    };
+
+    users.groups.chainfire = {};
+
+    # Create systemd service
+    systemd.services.chainfire = {
+      description = "Chainfire Distributed Configuration Service";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+
+      serviceConfig = {
+        Type = "simple";
+        User = "chainfire";
+        Group = "chainfire";
+        Restart = "on-failure";
+        RestartSec = "10s";
+
+        # State directory management
+        StateDirectory = "chainfire";
+        StateDirectoryMode = "0750";
+
+        # Security hardening
+        NoNewPrivileges = true;
+        PrivateTmp = true;
+        ProtectSystem = "strict";
+        ProtectHome = true;
+        ReadWritePaths = [ cfg.dataDir ];
+
+        # Start command
+        ExecStart = "${cfg.package}/bin/chainfire-server --api-addr 0.0.0.0:${toString cfg.port} --raft-addr 0.0.0.0:${toString cfg.raftPort} --gossip-addr 0.0.0.0:${toString cfg.gossipPort} --data-dir ${cfg.dataDir}";
+      };
+    };
+  };
+}
--- a/nix/modules/default.nix
+++ b/nix/modules/default.nix
@ -0,0 +1,12 @@
+{
+  imports = [
+    ./chainfire.nix
+    ./flaredb.nix
+    ./iam.nix
+    ./plasmavmc.nix
+    ./novanet.nix
+    ./flashdns.nix
+    ./fiberlb.nix
+    ./lightningstor.nix
+  ];
+}
--- a/nix/modules/fiberlb.nix
+++ b/nix/modules/fiberlb.nix
@ -0,0 +1,76 @@
+{ config, lib, pkgs, ... }:
+
+let
+  cfg = config.services.fiberlb;
+in
+{
+  options.services.fiberlb = {
+    enable = lib.mkEnableOption "fiberlb service";
+
+    port = lib.mkOption {
+      type = lib.types.port;
+      default = 7000;
+      description = "Port for fiberlb API";
+    };
+
+    dataDir = lib.mkOption {
+      type = lib.types.path;
+      default = "/var/lib/fiberlb";
+      description = "Data directory for fiberlb";
+    };
+
+    settings = lib.mkOption {
+      type = lib.types.attrs;
+      default = {};
+      description = "Additional configuration settings";
+    };
+
+    package = lib.mkOption {
+      type = lib.types.package;
+      default = pkgs.fiberlb-server or (throw "fiberlb-server package not found");
+      description = "Package to use for fiberlb";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    # Create system user
+    users.users.fiberlb = {
+      isSystemUser = true;
+      group = "fiberlb";
+      description = "FiberLB service user";
+      home = cfg.dataDir;
+    };
+
+    users.groups.fiberlb = {};
+
+    # Create systemd service
+    systemd.services.fiberlb = {
+      description = "FiberLB Load Balancing Service";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" "iam.service" "flaredb.service" ];
+      requires = [ "iam.service" "flaredb.service" ];
+
+      serviceConfig = {
+        Type = "simple";
+        User = "fiberlb";
+        Group = "fiberlb";
+        Restart = "on-failure";
+        RestartSec = "10s";
+
+        # State directory management
+        StateDirectory = "fiberlb";
+        StateDirectoryMode = "0750";
+
+        # Security hardening
+        NoNewPrivileges = true;
+        PrivateTmp = true;
+        ProtectSystem = "strict";
+        ProtectHome = true;
+        ReadWritePaths = [ cfg.dataDir ];
+
+        # Start command
+        ExecStart = "${cfg.package}/bin/fiberlb-server --port ${toString cfg.port} --data-dir ${cfg.dataDir}";
+      };
+    };
+  };
+}
--- a/nix/modules/flaredb.nix
+++ b/nix/modules/flaredb.nix
@ -0,0 +1,82 @@
+{ config, lib, pkgs, ... }:
+
+let
+  cfg = config.services.flaredb;
+in
+{
+  options.services.flaredb = {
+    enable = lib.mkEnableOption "flaredb service";
+
+    port = lib.mkOption {
+      type = lib.types.port;
+      default = 2479;
+      description = "Port for flaredb API";
+    };
+
+    raftPort = lib.mkOption {
+      type = lib.types.port;
+      default = 2480;
+      description = "Port for flaredb Raft protocol";
+    };
+
+    dataDir = lib.mkOption {
+      type = lib.types.path;
+      default = "/var/lib/flaredb";
+      description = "Data directory for flaredb";
+    };
+
+    settings = lib.mkOption {
+      type = lib.types.attrs;
+      default = {};
+      description = "Additional configuration settings";
+    };
+
+    package = lib.mkOption {
+      type = lib.types.package;
+      default = pkgs.flaredb-server or (throw "flaredb-server package not found");
+      description = "Package to use for flaredb";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    # Create system user
+    users.users.flaredb = {
+      isSystemUser = true;
+      group = "flaredb";
+      description = "FlareDB service user";
+      home = cfg.dataDir;
+    };
+
+    users.groups.flaredb = {};
+
+    # Create systemd service
+    systemd.services.flaredb = {
+      description = "FlareDB Distributed Database Service";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" "chainfire.service" ];
+      requires = [ "chainfire.service" ];
+
+      serviceConfig = {
+        Type = "simple";
+        User = "flaredb";
+        Group = "flaredb";
+        Restart = "on-failure";
+        RestartSec = "10s";
+
+        # State directory management
+        StateDirectory = "flaredb";
+        StateDirectoryMode = "0750";
+
+        # Security hardening
+        NoNewPrivileges = true;
+        PrivateTmp = true;
+        ProtectSystem = "strict";
+        ProtectHome = true;
+        ReadWritePaths = [ cfg.dataDir ];
+
+        # Start command
+        ExecStart = "${cfg.package}/bin/flaredb-server --api-addr 0.0.0.0:${toString cfg.port} --raft-addr 0.0.0.0:${toString cfg.raftPort} --data-dir ${cfg.dataDir}";
+      };
+    };
+  };
+}
--- a/nix/modules/flashdns.nix
+++ b/nix/modules/flashdns.nix
@ -0,0 +1,85 @@
+{ config, lib, pkgs, ... }:
+
+let
+  cfg = config.services.flashdns;
+in
+{
+  options.services.flashdns = {
+    enable = lib.mkEnableOption "flashdns service";
+
+    port = lib.mkOption {
+      type = lib.types.port;
+      default = 6000;
+      description = "Port for flashdns API";
+    };
+
+    dnsPort = lib.mkOption {
+      type = lib.types.port;
+      default = 53;
+      description = "Port for flashdns DNS service";
+    };
+
+    dataDir = lib.mkOption {
+      type = lib.types.path;
+      default = "/var/lib/flashdns";
+      description = "Data directory for flashdns";
+    };
+
+    settings = lib.mkOption {
+      type = lib.types.attrs;
+      default = {};
+      description = "Additional configuration settings";
+    };
+
+    package = lib.mkOption {
+      type = lib.types.package;
+      default = pkgs.flashdns-server or (throw "flashdns-server package not found");
+      description = "Package to use for flashdns";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    # Create system user
+    users.users.flashdns = {
+      isSystemUser = true;
+      group = "flashdns";
+      description = "FlashDNS service user";
+      home = cfg.dataDir;
+    };
+
+    users.groups.flashdns = {};
+
+    # Create systemd service
+    systemd.services.flashdns = {
+      description = "FlashDNS Distributed DNS Service";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" "iam.service" "flaredb.service" ];
+      requires = [ "iam.service" "flaredb.service" ];
+
+      serviceConfig = {
+        Type = "simple";
+        User = "flashdns";
+        Group = "flashdns";
+        Restart = "on-failure";
+        RestartSec = "10s";
+
+        # State directory management
+        StateDirectory = "flashdns";
+        StateDirectoryMode = "0750";
+
+        # Security hardening
+        NoNewPrivileges = true;
+        PrivateTmp = true;
+        ProtectSystem = "strict";
+        ProtectHome = true;
+        ReadWritePaths = [ cfg.dataDir ];
+
+        # DNS requires binding to privileged port 53
+        AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
+
+        # Start command
+        ExecStart = "${cfg.package}/bin/flashdns-server --port ${toString cfg.port} --data-dir ${cfg.dataDir}";
+      };
+    };
+  };
+}
--- a/nix/modules/iam.nix
+++ b/nix/modules/iam.nix
@ -0,0 +1,76 @@
+{ config, lib, pkgs, ... }:
+
+let
+  cfg = config.services.iam;
+in
+{
+  options.services.iam = {
+    enable = lib.mkEnableOption "iam service";
+
+    port = lib.mkOption {
+      type = lib.types.port;
+      default = 3000;
+      description = "Port for iam API";
+    };
+
+    dataDir = lib.mkOption {
+      type = lib.types.path;
+      default = "/var/lib/iam";
+      description = "Data directory for iam";
+    };
+
+    settings = lib.mkOption {
+      type = lib.types.attrs;
+      default = {};
+      description = "Additional configuration settings";
+    };
+
+    package = lib.mkOption {
+      type = lib.types.package;
+      default = pkgs.iam-server or (throw "iam-server package not found");
+      description = "Package to use for iam";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    # Create system user
+    users.users.iam = {
+      isSystemUser = true;
+      group = "iam";
+      description = "IAM service user";
+      home = cfg.dataDir;
+    };
+
+    users.groups.iam = {};
+
+    # Create systemd service
+    systemd.services.iam = {
+      description = "IAM Identity and Access Management Service";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" "flaredb.service" ];
+      requires = [ "flaredb.service" ];
+
+      serviceConfig = {
+        Type = "simple";
+        User = "iam";
+        Group = "iam";
+        Restart = "on-failure";
+        RestartSec = "10s";
+
+        # State directory management
+        StateDirectory = "iam";
+        StateDirectoryMode = "0750";
+
+        # Security hardening
+        NoNewPrivileges = true;
+        PrivateTmp = true;
+        ProtectSystem = "strict";
+        ProtectHome = true;
+        ReadWritePaths = [ cfg.dataDir ];
+
+        # Start command
+        ExecStart = "${cfg.package}/bin/iam-server --port ${toString cfg.port} --data-dir ${cfg.dataDir}";
+      };
+    };
+  };
+}
--- a/nix/modules/lightningstor.nix
+++ b/nix/modules/lightningstor.nix
@ -0,0 +1,76 @@
+{ config, lib, pkgs, ... }:
+
+let
+  cfg = config.services.lightningstor;
+in
+{
+  options.services.lightningstor = {
+    enable = lib.mkEnableOption "lightningstor service";
+
+    port = lib.mkOption {
+      type = lib.types.port;
+      default = 8000;
+      description = "Port for lightningstor API";
+    };
+
+    dataDir = lib.mkOption {
+      type = lib.types.path;
+      default = "/var/lib/lightningstor";
+      description = "Data directory for lightningstor";
+    };
+
+    settings = lib.mkOption {
+      type = lib.types.attrs;
+      default = {};
+      description = "Additional configuration settings";
+    };
+
+    package = lib.mkOption {
+      type = lib.types.package;
+      default = pkgs.lightningstor-server or (throw "lightningstor-server package not found");
+      description = "Package to use for lightningstor";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    # Create system user
+    users.users.lightningstor = {
+      isSystemUser = true;
+      group = "lightningstor";
+      description = "LightningStor service user";
+      home = cfg.dataDir;
+    };
+
+    users.groups.lightningstor = {};
+
+    # Create systemd service
+    systemd.services.lightningstor = {
+      description = "LightningStor Object Storage Service";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" "iam.service" "flaredb.service" ];
+      requires = [ "iam.service" "flaredb.service" ];
+
+      serviceConfig = {
+        Type = "simple";
+        User = "lightningstor";
+        Group = "lightningstor";
+        Restart = "on-failure";
+        RestartSec = "10s";
+
+        # State directory management
+        StateDirectory = "lightningstor";
+        StateDirectoryMode = "0750";
+
+        # Security hardening
+        NoNewPrivileges = true;
+        PrivateTmp = true;
+        ProtectSystem = "strict";
+        ProtectHome = true;
+        ReadWritePaths = [ cfg.dataDir ];
+
+        # Start command
+        ExecStart = "${cfg.package}/bin/lightningstor-server --port ${toString cfg.port} --data-dir ${cfg.dataDir}";
+      };
+    };
+  };
+}
--- a/nix/modules/novanet.nix
+++ b/nix/modules/novanet.nix
@ -0,0 +1,76 @@
+{ config, lib, pkgs, ... }:
+
+let
+  cfg = config.services.novanet;
+in
+{
+  options.services.novanet = {
+    enable = lib.mkEnableOption "novanet service";
+
+    port = lib.mkOption {
+      type = lib.types.port;
+      default = 5000;
+      description = "Port for novanet API";
+    };
+
+    dataDir = lib.mkOption {
+      type = lib.types.path;
+      default = "/var/lib/novanet";
+      description = "Data directory for novanet";
+    };
+
+    settings = lib.mkOption {
+      type = lib.types.attrs;
+      default = {};
+      description = "Additional configuration settings";
+    };
+
+    package = lib.mkOption {
+      type = lib.types.package;
+      default = pkgs.novanet-server or (throw "novanet-server package not found");
+      description = "Package to use for novanet";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    # Create system user
+    users.users.novanet = {
+      isSystemUser = true;
+      group = "novanet";
+      description = "NovaNet service user";
+      home = cfg.dataDir;
+    };
+
+    users.groups.novanet = {};
+
+    # Create systemd service
+    systemd.services.novanet = {
+      description = "NovaNet Software-Defined Networking Service";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" "iam.service" "flaredb.service" ];
+      requires = [ "iam.service" "flaredb.service" ];
+
+      serviceConfig = {
+        Type = "simple";
+        User = "novanet";
+        Group = "novanet";
+        Restart = "on-failure";
+        RestartSec = "10s";
+
+        # State directory management
+        StateDirectory = "novanet";
+        StateDirectoryMode = "0750";
+
+        # Security hardening
+        NoNewPrivileges = true;
+        PrivateTmp = true;
+        ProtectSystem = "strict";
+        ProtectHome = true;
+        ReadWritePaths = [ cfg.dataDir ];
+
+        # Start command
+        ExecStart = "${cfg.package}/bin/novanet-server --port ${toString cfg.port} --data-dir ${cfg.dataDir}";
+      };
+    };
+  };
+}
--- a/nix/modules/plasmavmc.nix
+++ b/nix/modules/plasmavmc.nix
@ -0,0 +1,76 @@
+{ config, lib, pkgs, ... }:
+
+let
+  cfg = config.services.plasmavmc;
+in
+{
+  options.services.plasmavmc = {
+    enable = lib.mkEnableOption "plasmavmc service";
+
+    port = lib.mkOption {
+      type = lib.types.port;
+      default = 4000;
+      description = "Port for plasmavmc API";
+    };
+
+    dataDir = lib.mkOption {
+      type = lib.types.path;
+      default = "/var/lib/plasmavmc";
+      description = "Data directory for plasmavmc";
+    };
+
+    settings = lib.mkOption {
+      type = lib.types.attrs;
+      default = {};
+      description = "Additional configuration settings";
+    };
+
+    package = lib.mkOption {
+      type = lib.types.package;
+      default = pkgs.plasmavmc-server or (throw "plasmavmc-server package not found");
+      description = "Package to use for plasmavmc";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    # Create system user
+    users.users.plasmavmc = {
+      isSystemUser = true;
+      group = "plasmavmc";
+      description = "PlasmaVMC service user";
+      home = cfg.dataDir;
+    };
+
+    users.groups.plasmavmc = {};
+
+    # Create systemd service
+    systemd.services.plasmavmc = {
+      description = "PlasmaVMC Virtual Machine Compute Service";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" "iam.service" "flaredb.service" ];
+      requires = [ "iam.service" "flaredb.service" ];
+
+      serviceConfig = {
+        Type = "simple";
+        User = "plasmavmc";
+        Group = "plasmavmc";
+        Restart = "on-failure";
+        RestartSec = "10s";
+
+        # State directory management
+        StateDirectory = "plasmavmc";
+        StateDirectoryMode = "0750";
+
+        # Security hardening
+        NoNewPrivileges = true;
+        PrivateTmp = true;
+        ProtectSystem = "strict";
+        ProtectHome = true;
+        ReadWritePaths = [ cfg.dataDir ];
+
+        # Start command
+        ExecStart = "${cfg.package}/bin/plasmavmc-server --port ${toString cfg.port} --data-dir ${cfg.dataDir}";
+      };
+    };
+  };
+}