Move rest of the modules outside of nixops

[perso/Immae/Config/Nix.git] / modules / private / pub / default.nix

diff --git a/modules/private/pub/default.nix b/modules/private/pub/default.nix
new file mode 100644 (file)
index 0000000..c31c8eb
--- /dev/null
+++ b/modules/private/pub/default.nix
@@ -0,0 +1,52 @@
+{ lib, pkgs, config, myconfig,  ... }:
+{
+  options = {
+    myServices.pub.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = ''
+        Whether to enable pub user.
+      '';
+    };
+  };
+
+  config = lib.mkIf config.myServices.pub.enable {
+    users.users.pub = let
+      restrict = pkgs.runCommand "restrict" { 
+        file = ./restrict;
+        buildInputs = [ pkgs.makeWrapper ];
+      } ''
+        mkdir -p $out/bin
+        cp $file $out/bin/restrict
+        chmod a+x $out/bin/restrict
+        patchShebangs $out/bin/restrict
+        wrapProgram $out/bin/restrict \
+          --prefix PATH : ${lib.makeBinPath [ pkgs.bubblewrap pkgs.rrsync ]} \
+          --set TMUX_RESTRICT ${./tmux.restrict.conf}
+      '';
+      purple-hangouts = pkgs.purple-hangouts.overrideAttrs(old: {
+        installPhase = ''
+          install -Dm755 -t $out/lib/purple-2/ libhangouts.so
+          for size in 16 22 24 48; do
+            install -TDm644 hangouts$size.png $out/share/pixmaps/pidgin/protocols/$size/hangouts.png
+          done
+          '';
+      });
+    in {
+      createHome = true;
+      description = "Restricted shell user";
+      home = "/var/lib/pub";
+      uid = myconfig.env.users.pub.uid;
+      useDefaultShell = true;
+      packages = [
+        restrict
+        pkgs.tmux
+        (pkgs.pidgin.override { plugins = [
+          pkgs.purple-plugin-pack purple-hangouts
+          pkgs.purple-discord pkgs.purple-facebook
+          pkgs.telegram-purple
+        ]; })
+        ];
+    };
+  };
+}