65 lines
1.5 KiB
Nix
65 lines
1.5 KiB
Nix
{
|
|
lib,
|
|
config,
|
|
pkgs,
|
|
...
|
|
}:
|
|
let
|
|
cfg = config.modules.services.network-status;
|
|
in
|
|
{
|
|
options.modules.services.network-status = {
|
|
enable = lib.mkEnableOption "Enable network status socket service";
|
|
|
|
port = lib.mkOption {
|
|
type = lib.types.int;
|
|
default = 8473;
|
|
description = "TCP port to listen on for network status requests";
|
|
};
|
|
|
|
interface = lib.mkOption {
|
|
type = lib.types.str;
|
|
default = "koti";
|
|
description = "Network interface to allow access from";
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
users.users.network-status = {
|
|
isSystemUser = true;
|
|
group = "network-status";
|
|
description = "Network status socket service user";
|
|
};
|
|
|
|
users.groups.network-status = { };
|
|
|
|
systemd.sockets.network-status = {
|
|
description = "Network Status Socket";
|
|
wantedBy = [ "sockets.target" ];
|
|
socketConfig = {
|
|
ListenStream = cfg.port;
|
|
Accept = true;
|
|
};
|
|
};
|
|
|
|
systemd.services."network-status@" = {
|
|
description = "Network Status Service";
|
|
serviceConfig = {
|
|
Type = "simple";
|
|
User = "network-status";
|
|
Group = "systemd-network";
|
|
SupplementaryGroups = [ "systemd-network" ];
|
|
StandardOutput = "socket";
|
|
StandardInput = "socket";
|
|
ExecStart = lib.concatStringsSep " " [
|
|
(lib.getExe' pkgs.systemd "networkctl")
|
|
"status"
|
|
"--json=short"
|
|
];
|
|
};
|
|
};
|
|
|
|
modules.firewall.interfaces.${cfg.interface} = lib.mkDefault [ "network-status" ];
|
|
};
|
|
}
|