{ config, self, lib, inputs, pkgs, ... }: with lib; let cfg = config.services.malobeo.gitea-translator; in { options = { services.malobeo.gitea-translator = { enable = mkOption { default = false; type = types.bool; description = lib.mdDoc "Start a webserver for hydra to use the gitea pull request api."; }; baseurl = mkOption { type = types.str; default = "git.dynamicdiscord.de"; description = lib.mdDoc "Base URL of the Gitea instance."; }; owner = mkOption { type = types.str; default = "malobeo"; description = lib.mdDoc "Repository owner on the Gitea instance."; }; repo = mkOption { type = types.str; default = "infrastructure"; description = lib.mdDoc "Repository name on the Gitea instance."; }; host = mkOption { type = types.str; default = "127.0.0.1"; description = lib.mdDoc "Address the server binds to."; }; port = mkOption { type = types.port; default = 27364; description = lib.mdDoc "Port the server listens on."; }; }; }; config = mkIf cfg.enable { systemd.services.gitea-translator = { description = "Gitea Pull Request Translator for Hydra"; after = [ "network-online.target" ]; wants = [ "network-online.target" ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { ExecStart = '' ${pkgs.python3}/bin/python3 ${inputs.self + /scripts/gitea_hydra_server.py} \ --baseurl ${cfg.baseurl} \ --owner ${cfg.owner} \ --repo ${cfg.repo} \ --host ${cfg.host} \ --port ${toString cfg.port} ''; Restart = "on-failure"; RestartSec = 5; # Hardening because why not DynamicUser = true; NoNewPrivileges = true; ProtectSystem = "strict"; ProtectHome = true; PrivateTmp = true; PrivateDevices = true; }; }; }; }