packages/redpanda-connect/module.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80

{
  lib,
  config,
  pkgs,
  ...
}:
let
  cfg = config.services.redpanda-connect;
in
{
  options.services.redpanda-connect = {
    enable = lib.mkEnableOption "Enable Redpanda Connect";
    package = lib.mkOption {
      type = lib.types.package;
      default = (pkgs.callPackage ./package.nix { });
      description = "The Redpanda Connect package";
    };
    pipelines = lib.mkOption {
      type = lib.types.attrsOf (
        lib.types.submodule {
          options = {
            enable = lib.mkEnableOption "Enable the pipeline";
            allowSudo = lib.mkEnableOption "Allow sudo";
            config = lib.mkOption {
              type = lib.types.attrs;
              description = "The configuration for the pipeline";
            };
          };
        }
      );
    };
  };

  config = lib.mkIf cfg.enable (
    let
      sudoEnabledServices = builtins.filter (pipeline: pipeline.value.allowSudo) (lib.attrsToList cfg.pipelines);
    in
    {
      systemd.services = builtins.listToAttrs (
        lib.mapAttrsToList (name: pipeline: {
          name = "redpanda-connect-${name}";
          value = {
            wantedBy = [ "multi-user.target" ];
            serviceConfig = {
              Type = "simple";
              ExecStart =
                let
                  configFile = pkgs.writeText "redpanda-connect-${name}.json" (builtins.toJSON pipeline.config);
                in
                "${cfg.package}/bin/redpanda-connect run ${configFile}";
              Restart = "always";
              RestartSec = "5";
              DynamicUser = !pipeline.allowSudo;
              User = if pipeline.allowSudo then "root" else null;
            };
          };
        }) cfg.pipelines
      );

      #security.polkit.extraConfig = builtins.concatStringsSep "\n" (
      #  builtins.map (value: ''
      #    polkit.addRule(function(action, subject) {
      #      if (action.id == "org.freedesktop.systemd1.manage-units" &&
      #          action.lookup("unit") == "redpanda-connect-${value.name}") {
      #        return polkit.Result.YES;
      #      }
      #    });
      #  '') sudoEnabledServices
      #);

      #users.users.redpanda-connect-sudo = {
      #  isSystemUser = true;
      #  description = "Redpanda Connect sudo user";
      #  createHome = false;
      #  shell = "/run/current-system/sw/bin/nologin";
      #  group = "nogroup"; # We don't need a group...
      #};
    }
  );
}