2 files changed, 123 insertions, 0 deletions
diff --git a/packages/redpanda-connect/module.nix b/packages/redpanda-connect/module.nix
new file mode 100644
index 0000000..4a4c300
--- /dev/null
+++ b/packages/redpanda-connect/module.nix
@@ -0,0 +1,80 @@
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.services.redpanda-connect;
+in
+{
+  options.services.redpanda-connect = {
+    enable = lib.mkEnableOption "Enable Redpanda Connect";
+    package = lib.mkOption {
+      type = lib.types.package;
+      default = (pkgs.callPackage ./package.nix { });
+      description = "The Redpanda Connect package";
+    };
+    pipelines = lib.mkOption {
+      type = lib.types.attrsOf (
+        lib.types.submodule {
+          options = {
+            enable = lib.mkEnableOption "Enable the pipeline";
+            allowSudo = lib.mkEnableOption "Allow sudo";
+            config = lib.mkOption {
+              type = lib.types.attrs;
+              description = "The configuration for the pipeline";
+            };
+          };
+        }
+      );
+    };
+  };
+
+  config = lib.mkIf cfg.enable (
+    let
+      sudoEnabledServices = builtins.filter (pipeline: pipeline.value.allowSudo) (lib.attrsToList cfg.pipelines);
+    in
+    {
+      systemd.services = builtins.listToAttrs (
+        lib.mapAttrsToList (name: pipeline: {
+          name = "redpanda-connect-${name}";
+          value = {
+            wantedBy = [ "multi-user.target" ];
+            serviceConfig = {
+              Type = "simple";
+              ExecStart =
+                let
+                  configFile = pkgs.writeText "redpanda-connect-${name}.json" (builtins.toJSON pipeline.config);
+                in
+                "${cfg.package}/bin/redpanda-connect run ${configFile}";
+              Restart = "always";
+              RestartSec = "5";
+              DynamicUser = !pipeline.allowSudo;
+              User = if pipeline.allowSudo then "root" else null;
+            };
+          };
+        }) cfg.pipelines
+      );
+
+      #security.polkit.extraConfig = builtins.concatStringsSep "\n" (
+      #  builtins.map (value: ''
+      #    polkit.addRule(function(action, subject) {
+      #      if (action.id == "org.freedesktop.systemd1.manage-units" &&
+      #          action.lookup("unit") == "redpanda-connect-${value.name}") {
+      #        return polkit.Result.YES;
+      #      }
+      #    });
+      #  '') sudoEnabledServices
+      #);
+
+      #users.users.redpanda-connect-sudo = {
+      #  isSystemUser = true;
+      #  description = "Redpanda Connect sudo user";
+      #  createHome = false;
+      #  shell = "/run/current-system/sw/bin/nologin";
+      #  group = "nogroup"; # We don't need a group...
+      #};
+    }
+  );
+}
diff --git a/packages/redpanda-connect/package.nix b/packages/redpanda-connect/package.nix
new file mode 100644
index 0000000..2f9a6d9
--- /dev/null
+++ b/packages/redpanda-connect/package.nix
@@ -0,0 +1,43 @@
+{
+  lib,
+  buildGoModule,
+  fetchFromGitHub,
+  nix-update-script,
+}:
+
+buildGoModule rec {
+  pname = "redpanda-connect";
+  version = "4.44.0";
+
+  src = fetchFromGitHub {
+    owner = "redpanda-data";
+    repo = "connect";
+    rev = "refs/tags/v${version}";
+    hash = "sha256-pwtP1zybMvq1wQ50Ob20MVR3/v1yd7BjWe1nPFLO6mU=";
+  };
+
+  proxyVendor = true;
+
+  subPackages = [
+    "cmd/redpanda-connect"
+  ];
+
+  vendorHash = "sha256-5KXJiInuEX7fEl7y3iGvxQHptoM5z3TMmg6KZ2lx/fw=";
+
+  ldflags = [
+    "-s"
+    "-w"
+    "-X github.com/redpanda-data/connect/v4/internal/cli.Version=${version}"
+  ];
+
+  passthru.updateScript = nix-update-script { };
+
+  meta = {
+    description = "Fancy stream processing made operationally mundane";
+    mainProgram = "redpanda-connect";
+    homepage = "https://www.redpanda.com/connect";
+    changelog = "https://github.com/redpanda-data/connect/blob/v${version}/CHANGELOG.md";
+    # license = lib.licenses.mixed;
+    maintainers = with lib.maintainers; [ ];
+  };
+}