summary refs log tree commit diff
path: root/packages/redpanda-connect/module.nix
diff options
context:
space:
mode:
Diffstat (limited to 'packages/redpanda-connect/module.nix')
-rw-r--r--packages/redpanda-connect/module.nix80
1 files changed, 80 insertions, 0 deletions
diff --git a/packages/redpanda-connect/module.nix b/packages/redpanda-connect/module.nix
new file mode 100644

index 0000000..4a4c300
--- /dev/null
+++ b/packages/redpanda-connect/module.nix
@@ -0,0 +1,80 @@
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.services.redpanda-connect;
+in
+{
+  options.services.redpanda-connect = {
+    enable = lib.mkEnableOption "Enable Redpanda Connect";
+    package = lib.mkOption {
+      type = lib.types.package;
+      default = (pkgs.callPackage ./package.nix { });
+      description = "The Redpanda Connect package";
+    };
+    pipelines = lib.mkOption {
+      type = lib.types.attrsOf (
+        lib.types.submodule {
+          options = {
+            enable = lib.mkEnableOption "Enable the pipeline";
+            allowSudo = lib.mkEnableOption "Allow sudo";
+            config = lib.mkOption {
+              type = lib.types.attrs;
+              description = "The configuration for the pipeline";
+            };
+          };
+        }
+      );
+    };
+  };
+
+  config = lib.mkIf cfg.enable (
+    let
+      sudoEnabledServices = builtins.filter (pipeline: pipeline.value.allowSudo) (lib.attrsToList cfg.pipelines);
+    in
+    {
+      systemd.services = builtins.listToAttrs (
+        lib.mapAttrsToList (name: pipeline: {
+          name = "redpanda-connect-${name}";
+          value = {
+            wantedBy = [ "multi-user.target" ];
+            serviceConfig = {
+              Type = "simple";
+              ExecStart =
+                let
+                  configFile = pkgs.writeText "redpanda-connect-${name}.json" (builtins.toJSON pipeline.config);
+                in
+                "${cfg.package}/bin/redpanda-connect run ${configFile}";
+              Restart = "always";
+              RestartSec = "5";
+              DynamicUser = !pipeline.allowSudo;
+              User = if pipeline.allowSudo then "root" else null;
+            };
+          };
+        }) cfg.pipelines
+      );
+
+      #security.polkit.extraConfig = builtins.concatStringsSep "\n" (
+      #  builtins.map (value: ''
+      #    polkit.addRule(function(action, subject) {
+      #      if (action.id == "org.freedesktop.systemd1.manage-units" &&
+      #          action.lookup("unit") == "redpanda-connect-${value.name}") {
+      #        return polkit.Result.YES;
+      #      }
+      #    });
+      #  '') sudoEnabledServices
+      #);
+
+      #users.users.redpanda-connect-sudo = {
+      #  isSystemUser = true;
+      #  description = "Redpanda Connect sudo user";
+      #  createHome = false;
+      #  shell = "/run/current-system/sw/bin/nologin";
+      #  group = "nogroup"; # We don't need a group...
+      #};
+    }
+  );
+}
generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-07-04 04:38:18 +0000