nix/modules/spindle.nix at sl/spindle-rewrite

pompy.dev / tangled-core
forked from tangled.org/core
fork atom
this repo has no description
fork atom
tangled-core / nix / modules / spindle.nix
at sl/spindle-rewrite 180 lines 5.7 kB view raw
wrap content
  1{
  2  config,
  3  pkgs,
  4  lib,
  5  ...
  6}: let
  7  cfg = config.services.tangled.spindle;
  8in
  9  with lib; {
 10    options = {
 11      services.tangled.spindle = {
 12        enable = mkOption {
 13          type = types.bool;
 14          default = false;
 15          description = "Enable a tangled spindle";
 16        };
 17        package = mkOption {
 18          type = types.package;
 19          description = "Package to use for the spindle";
 20        };
 21        tap-package = mkOption {
 22          type = types.package;
 23          description = "Package to use for the spindle";
 24        };
 25
 26        atpRelayUrl = mkOption {
 27          type = types.str;
 28          default = "https://relay1.us-east.bsky.network";
 29          description = "atproto relay";
 30        };
 31
 32        server = {
 33          listenAddr = mkOption {
 34            type = types.str;
 35            default = "0.0.0.0:6555";
 36            description = "Address to listen on";
 37          };
 38
 39          dbPath = mkOption {
 40            type = types.path;
 41            default = "/var/lib/spindle/spindle.db";
 42            description = "Path to the database file";
 43          };
 44
 45          hostname = mkOption {
 46            type = types.str;
 47            example = "my.spindle.com";
 48            description = "Hostname for the server (required)";
 49          };
 50
 51          plcUrl = mkOption {
 52            type = types.str;
 53            default = "https://plc.directory";
 54            description = "atproto PLC directory";
 55          };
 56
 57          jetstreamEndpoint = mkOption {
 58            type = types.str;
 59            default = "wss://jetstream1.us-west.bsky.network/subscribe";
 60            description = "Jetstream endpoint to subscribe to";
 61          };
 62
 63          dev = mkOption {
 64            type = types.bool;
 65            default = false;
 66            description = "Enable development mode (disables signature verification)";
 67          };
 68
 69          owner = mkOption {
 70            type = types.str;
 71            example = "did:plc:qfpnj4og54vl56wngdriaxug";
 72            description = "DID of owner (required)";
 73          };
 74
 75          maxJobCount = mkOption {
 76            type = types.int;
 77            default = 2;
 78            example = 5;
 79            description = "Maximum number of concurrent jobs to run";
 80          };
 81
 82          queueSize = mkOption {
 83            type = types.int;
 84            default = 100;
 85            example = 100;
 86            description = "Maximum number of jobs queue up";
 87          };
 88
 89          secrets = {
 90            provider = mkOption {
 91              type = types.str;
 92              default = "sqlite";
 93              description = "Backend to use for secret management, valid options are 'sqlite', and 'openbao'.";
 94            };
 95
 96            openbao = {
 97              proxyAddr = mkOption {
 98                type = types.str;
 99                default = "http://127.0.0.1:8200";
100              };
101              mount = mkOption {
102                type = types.str;
103                default = "spindle";
104              };
105            };
106          };
107        };
108
109        pipelines = {
110          nixery = mkOption {
111            type = types.str;
112            default = "nixery.tangled.sh"; # note: this is *not* on tangled.org yet
113            description = "Nixery instance to use";
114          };
115
116          workflowTimeout = mkOption {
117            type = types.str;
118            default = "5m";
119            description = "Timeout for each step of a pipeline";
120          };
121        };
122      };
123    };
124
125    config = mkIf cfg.enable {
126      virtualisation.docker.enable = true;
127
128      systemd.services.spindle-tap = {
129        description = "spindle tap service";
130        after = ["network.target" "docker.service"];
131        wantedBy = ["multi-user.target"];
132        serviceConfig = {
133          LogsDirectory = "spindle-tap";
134          StateDirectory = "spindle-tap";
135          Environment = [
136            "TAP_BIND=:2480"
137            "TAP_PLC_URL=${cfg.server.plcUrl}"
138            "TAP_RELAY_URL=${cfg.atpRelayUrl}"
139            "TAP_COLLECTION_FILTERS=${concatStringsSep "," [
140              "sh.tangled.repo"
141              "sh.tangled.repo.collaborator"
142              "sh.tangled.spindle.member"
143            ]}"
144          ];
145          ExecStart = "${getExe cfg.tap-package} run";
146        };
147      };
148
149      systemd.services.spindle = {
150        description = "spindle service";
151        after = ["network.target" "docker.service"];
152        wantedBy = ["multi-user.target"];
153        path = [
154          pkgs.git
155        ];
156        serviceConfig = {
157          LogsDirectory = "spindle";
158          StateDirectory = "spindle";
159          Environment = [
160            "SPINDLE_SERVER_LISTEN_ADDR=${cfg.server.listenAddr}"
161            "SPINDLE_SERVER_DB_PATH=${cfg.server.dbPath}"
162            "SPINDLE_SERVER_HOSTNAME=${cfg.server.hostname}"
163            "SPINDLE_SERVER_PLC_URL=${cfg.server.plcUrl}"
164            "SPINDLE_SERVER_JETSTREAM_ENDPOINT=${cfg.server.jetstreamEndpoint}"
165            "SPINDLE_SERVER_DEV=${lib.boolToString cfg.server.dev}"
166            "SPINDLE_SERVER_OWNER=${cfg.server.owner}"
167            "SPINDLE_SERVER_MAX_JOB_COUNT=${toString cfg.server.maxJobCount}"
168            "SPINDLE_SERVER_QUEUE_SIZE=${toString cfg.server.queueSize}"
169            "SPINDLE_SERVER_SECRETS_PROVIDER=${cfg.server.secrets.provider}"
170            "SPINDLE_SERVER_SECRETS_OPENBAO_PROXY_ADDR=${cfg.server.secrets.openbao.proxyAddr}"
171            "SPINDLE_SERVER_SECRETS_OPENBAO_MOUNT=${cfg.server.secrets.openbao.mount}"
172            "SPINDLE_NIXERY_PIPELINES_NIXERY=${cfg.pipelines.nixery}"
173            "SPINDLE_NIXERY_PIPELINES_WORKFLOW_TIMEOUT=${cfg.pipelines.workflowTimeout}"
174          ];
175          ExecStart = "${cfg.package}/bin/spindle";
176          Restart = "always";
177        };
178      };
179    };
180  }