From de1bf48711ca27f3d6e57e46085df1f667d1bf31 Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Sat, 15 Nov 2025 12:11:43 -0800 Subject: remove goget as a package and switch to fcuny-net instead --- nix/modules/fcuny.net.nix | 66 +++++++++++++++++++++++++++++++++++++++++++++++ nix/modules/goget.nix | 66 ----------------------------------------------- nix/packages/default.nix | 1 - nix/packages/goget.nix | 31 ---------------------- 4 files changed, 66 insertions(+), 98 deletions(-) create mode 100644 nix/modules/fcuny.net.nix delete mode 100644 nix/modules/goget.nix delete mode 100644 nix/packages/goget.nix (limited to 'nix') diff --git a/nix/modules/fcuny.net.nix b/nix/modules/fcuny.net.nix new file mode 100644 index 0000000..39f5bef --- /dev/null +++ b/nix/modules/fcuny.net.nix @@ -0,0 +1,66 @@ +{ + config, + lib, + pkgs, + ... +}: + +with lib; + +let + cfg = config.services.fcuny-net; +in +{ + options.services.fcuny-net = { + enable = mkEnableOption "fcuny.net service"; + + package = mkPackageOption pkgs "fcuny.net" { }; + + port = mkOption { + type = types.port; + default = 8070; + description = "Port to listen on"; + }; + + openFirewall = mkOption { + type = types.bool; + default = false; + description = "Whether to open the firewall for the goget service"; + }; + }; + + config = mkIf cfg.enable { + systemd.services.fcuny.net = { + description = "fcuny.net service"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + wants = [ "network.target" ]; + + serviceConfig = { + Type = "exec"; + DynamicUser = true; + ExecStart = "${cfg.package}/bin/fcuny-net"; + Restart = "always"; + RestartSec = "5"; + + # Security settings + NoNewPrivileges = true; + ProtectSystem = "strict"; + ProtectHome = true; + PrivateTmp = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectControlGroups = true; + RestrictSUIDSGID = true; + RestrictRealtime = true; + RestrictNamespaces = true; + LockPersonality = true; + MemoryDenyWriteExecute = true; + }; + }; + + networking.firewall = mkIf cfg.openFirewall { + allowedTCPPorts = [ cfg.port ]; + }; + }; +} diff --git a/nix/modules/goget.nix b/nix/modules/goget.nix deleted file mode 100644 index 3ed5e04..0000000 --- a/nix/modules/goget.nix +++ /dev/null @@ -1,66 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: - -with lib; - -let - cfg = config.services.goget; -in -{ - options.services.goget = { - enable = mkEnableOption "goget service"; - - package = mkPackageOption pkgs "goget" { }; - - port = mkOption { - type = types.port; - default = 8070; - description = "Port to listen on"; - }; - - openFirewall = mkOption { - type = types.bool; - default = false; - description = "Whether to open the firewall for the goget service"; - }; - }; - - config = mkIf cfg.enable { - systemd.services.goget = { - description = "goget service"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - wants = [ "network.target" ]; - - serviceConfig = { - Type = "exec"; - DynamicUser = true; - ExecStart = "${cfg.package}/bin/goget"; - Restart = "always"; - RestartSec = "5"; - - # Security settings - NoNewPrivileges = true; - ProtectSystem = "strict"; - ProtectHome = true; - PrivateTmp = true; - ProtectKernelTunables = true; - ProtectKernelModules = true; - ProtectControlGroups = true; - RestrictSUIDSGID = true; - RestrictRealtime = true; - RestrictNamespaces = true; - LockPersonality = true; - MemoryDenyWriteExecute = true; - }; - }; - - networking.firewall = mkIf cfg.openFirewall { - allowedTCPPorts = [ cfg.port ]; - }; - }; -} diff --git a/nix/packages/default.nix b/nix/packages/default.nix index 4b4195b..81fb9eb 100644 --- a/nix/packages/default.nix +++ b/nix/packages/default.nix @@ -1,6 +1,5 @@ { pkgs }: { - goget = pkgs.callPackage ./goget.nix { }; fcuny.net = pkgs.callPackage ./fcuny.net.nix { }; } diff --git a/nix/packages/goget.nix b/nix/packages/goget.nix deleted file mode 100644 index fe9e4e1..0000000 --- a/nix/packages/goget.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ - lib, - buildGoModule, -}: - -buildGoModule rec { - pname = "goget"; - version = "0.1.0"; # Consider deriving from git tags: version = builtins.substring 0 8 self.rev; - - src = ../..; - - vendorHash = "sha256-ylmCf+NJiNba0W1IhQMJVH+kwDDYU9gB6D90QAYnIyA="; - - subPackages = [ "cmd/goget" ]; - - ldflags = [ - "-s" - "-w" - ]; - - doCheck = false; - - meta = with lib; { - description = "A Go tool for getting things"; # Update with actual description - homepage = "https://github.com/yourusername/yourrepo"; # Update with your repo - license = licenses.mit; - maintainers = with maintainers; [ fcuny ]; - platforms = platforms.unix; - mainProgram = "goget"; - }; -} -- cgit v1.2.3