diff --git a/bun.lock b/bun.lock old mode 100644 new mode 100755 diff --git a/bunfig.toml b/bunfig.toml old mode 100644 new mode 100755 diff --git a/flake.nix b/flake.nix old mode 100644 new mode 100755 diff --git a/justfile b/justfile old mode 100644 new mode 100755 diff --git a/nix/devShells/flake-module.nix b/nix/devShells/flake-module.nix old mode 100644 new mode 100755 diff --git a/nix/modules/customer-portal/default.nix b/nix/modules/customer-portal/default.nix old mode 100644 new mode 100755 diff --git a/nix/modules/customer-portal/flake-module.nix b/nix/modules/customer-portal/flake-module.nix old mode 100644 new mode 100755 index 041d2c1..b11b86f --- a/nix/modules/customer-portal/flake-module.nix +++ b/nix/modules/customer-portal/flake-module.nix @@ -1,16 +1,144 @@ -{ ... }: +{ moduleWithSystem, ... }: { - flake = { - nixosModules = { - # default = self'.nixosModules.amarth-customer-portal; + flake.nixosModules.default = moduleWithSystem ( + perSystem@{ config, lib, pkgs, utils, ... }: + nixos@{ ... }: + let + inherit (lib) mkEnableOption mkPackageOption mkOption mkIf types; - # amarth-customer-portal = { ... }: { - # imports = [ ./default.nix ]; - # }; + format = pkgs.formats.json {}; - default = { ... }: { - imports = [ ./default.nix ]; + cfg = config.services.amarth-customer-portal; + in + { + options.services.amarth-customer-portal = { + enable = mkEnableOption "Enable Amarth cloud's customer portal."; + + package = mkPackageOption config.packages "amarth-customer-portal" {}; + + openFirewall = mkOption { + type = types.bool; + default = false; + example = "true"; + description = '' + Open the configured port in the firewall. + ''; + }; + + user = lib.mkOption { + type = types.str; + default = "amarth"; + description = '' + User account under which FileBrowser runs. + ''; + }; + + group = lib.mkOption { + type = types.str; + default = "amarth"; + description = '' + Group under which FileBrowser runs. + ''; + }; + + settings = mkOption { + default = {}; + description = '' + ''; + type = types.submodule { + freeformType = format.type; + + options = { + address = mkOption { + default = "localhost"; + description = '' + The address to listen on. + ''; + type = types.str; + }; + + port = mkOption { + type = types.port; + default = 8080; + description = '' + Which port to run the portal on. + ''; + }; + + dataDir = lib.mkOption { + default = "/var/lib/amarth/customer-portal"; + description = '' + Directory where the portal persists files. + ''; + type = types.path; + }; + }; + }; + }; }; - }; - }; + + config = mkIf cfg.enable { + systemd = { + services.amarthCustomerPortal = { + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + description = "Amarth cloud's customer portal"; + + serviceConfig = { + ExecStart = utils.escapeSystemdExecArgs [ + (lib.getExe cfg.package) + "--config" + (format.generate "config.json" cfg.settings) + ]; + + StateDirectory = "amarth-customer-portal"; + CacheDirectory = "amarth-customer-portal"; + WorkingDirectory = cfg.settings.dataDir; + + User = cfg.user; + Group = cfg.group; + UMask = "0077"; + + NoNewPrivileges = true; + PrivateDevices = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectControlGroups = true; + MemoryDenyWriteExecute = true; + LockPersonality = true; + RestrictAddressFamilies = [ + "AF_UNIX" + "AF_INET" + "AF_INET6" + ]; + DevicePolicy = "closed"; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + }; + }; + + tmpfiles.settings.amarth-customer-portal = { + "${cfg.settings.dataDir}".d = { + inherit (cfg) user group; + mode = "0700"; + }; + }; + }; + + users = { + users = mkIf (cfg.user == "amarth") { + amarth = { inherit (cfg) group; isSystemUser = true; }; + }; + + groups = mkIf (cfg.group == "amarth") { + amarth = {}; + }; + }; + + networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.settings.port ]; + }; + } + ); } \ No newline at end of file diff --git a/nix/modules/flake-module.nix b/nix/modules/flake-module.nix old mode 100644 new mode 100755 diff --git a/nix/packages/flake-module.nix b/nix/packages/flake-module.nix old mode 100644 new mode 100755 diff --git a/src/app.css b/src/app.css old mode 100644 new mode 100755 diff --git a/src/auth.client.ts b/src/auth.client.ts old mode 100644 new mode 100755 diff --git a/src/auth.server.ts b/src/auth.server.ts old mode 100644 new mode 100755 diff --git a/src/components/details/details.module.css b/src/components/details/details.module.css old mode 100644 new mode 100755 diff --git a/src/components/details/details.tsx b/src/components/details/details.tsx old mode 100644 new mode 100755 diff --git a/src/components/details/index.ts b/src/components/details/index.ts old mode 100644 new mode 100755 diff --git a/src/components/dropdown/dropdown.module.css b/src/components/dropdown/dropdown.module.css old mode 100644 new mode 100755 diff --git a/src/components/dropdown/dropdown.tsx b/src/components/dropdown/dropdown.tsx old mode 100644 new mode 100755 diff --git a/src/components/dropdown/index.ts b/src/components/dropdown/index.ts old mode 100644 new mode 100755 diff --git a/src/components/hero/hero.module.css b/src/components/hero/hero.module.css old mode 100644 new mode 100755 diff --git a/src/components/hero/hero.tsx b/src/components/hero/hero.tsx old mode 100644 new mode 100755 diff --git a/src/components/hero/index.ts b/src/components/hero/index.ts old mode 100644 new mode 100755 diff --git a/src/components/list/index.ts b/src/components/list/index.ts old mode 100644 new mode 100755 diff --git a/src/components/list/list.module.css b/src/components/list/list.module.css old mode 100644 new mode 100755 diff --git a/src/components/list/list.tsx b/src/components/list/list.tsx old mode 100644 new mode 100755 diff --git a/src/components/select/index.ts b/src/components/select/index.ts old mode 100644 new mode 100755 diff --git a/src/components/select/select.module.css b/src/components/select/select.module.css old mode 100644 new mode 100755 diff --git a/src/components/select/select.tsx b/src/components/select/select.tsx old mode 100644 new mode 100755 diff --git a/src/features/shell/index.tsx b/src/features/shell/index.tsx old mode 100644 new mode 100755 diff --git a/src/features/shell/nav.module.css b/src/features/shell/nav.module.css old mode 100644 new mode 100755 diff --git a/src/features/shell/nav.tsx b/src/features/shell/nav.tsx old mode 100644 new mode 100755 diff --git a/src/features/shell/shell.module.css b/src/features/shell/shell.module.css old mode 100644 new mode 100755 diff --git a/src/features/shell/shell.tsx b/src/features/shell/shell.tsx old mode 100644 new mode 100755 diff --git a/src/features/shell/top.module.css b/src/features/shell/top.module.css old mode 100644 new mode 100755 diff --git a/src/features/shell/top.tsx b/src/features/shell/top.tsx old mode 100644 new mode 100755 diff --git a/src/features/theme/context.ts b/src/features/theme/context.ts old mode 100644 new mode 100755 diff --git a/src/features/theme/index.ts b/src/features/theme/index.ts old mode 100644 new mode 100755 diff --git a/src/features/theme/picker.module.css b/src/features/theme/picker.module.css old mode 100644 new mode 100755 diff --git a/src/features/theme/picker.tsx b/src/features/theme/picker.tsx old mode 100644 new mode 100755 diff --git a/src/features/user/avatar.module.css b/src/features/user/avatar.module.css old mode 100644 new mode 100755 diff --git a/src/features/user/avatar.tsx b/src/features/user/avatar.tsx old mode 100644 new mode 100755 diff --git a/src/features/user/index.ts b/src/features/user/index.ts old mode 100644 new mode 100755 diff --git a/src/features/user/profile.module.css b/src/features/user/profile.module.css old mode 100644 new mode 100755 diff --git a/src/features/user/profile.tsx b/src/features/user/profile.tsx old mode 100644 new mode 100755 diff --git a/src/features/user/user.ts b/src/features/user/user.ts old mode 100644 new mode 100755 diff --git a/src/routes/(shell).tsx b/src/routes/(shell).tsx old mode 100644 new mode 100755 diff --git a/src/utilities.ts b/src/utilities.ts old mode 100644 new mode 100755