mirror of
https://github.com/anotherhadi/default-creds.git
synced 2026-04-02 11:32:11 +02:00
140 lines
3.6 KiB
Nix
140 lines
3.6 KiB
Nix
{
|
||
description = "default-creds – Open-source default credentials database";
|
||
|
||
inputs = {
|
||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
|
||
|
||
bun2nix = {
|
||
url = "github:nix-community/bun2nix";
|
||
inputs.nixpkgs.follows = "nixpkgs";
|
||
};
|
||
};
|
||
|
||
outputs = {
|
||
self,
|
||
nixpkgs,
|
||
bun2nix,
|
||
}: let
|
||
system = "x86_64-linux";
|
||
pkgs = nixpkgs.legacyPackages.${system};
|
||
|
||
bun2nixPkg = bun2nix.packages.${system}.default;
|
||
|
||
default-creds = pkgs.stdenv.mkDerivation (finalAttrs: {
|
||
pname = "default-creds";
|
||
version = "1.0.0";
|
||
|
||
src = ./.;
|
||
|
||
nativeBuildInputs = [
|
||
pkgs.bun
|
||
bun2nixPkg.hook
|
||
];
|
||
|
||
bunDeps = bun2nixPkg.fetchBunDeps {
|
||
bunNix = ./bun.nix;
|
||
};
|
||
|
||
buildPhase = ''
|
||
runHook preBuild
|
||
bun run build
|
||
runHook postBuild
|
||
'';
|
||
|
||
installPhase = ''
|
||
runHook preInstall
|
||
|
||
mkdir -p $out/share/default-creds/src
|
||
|
||
cp -r dist $out/share/default-creds/dist
|
||
cp -r src/data $out/share/default-creds/src/data
|
||
cp package.json $out/share/default-creds/package.json
|
||
cp -r node_modules $out/share/default-creds/node_modules
|
||
|
||
mkdir -p $out/bin
|
||
cat > $out/bin/default-creds << EOF
|
||
#!/bin/sh
|
||
export HOST="\''${HOST:-127.0.0.1}"
|
||
export PORT="\''${PORT:-4321}"
|
||
exec ${pkgs.nodejs}/bin/node $out/share/default-creds/dist/server/entry.mjs
|
||
EOF
|
||
chmod +x $out/bin/default-creds
|
||
|
||
runHook postInstall
|
||
'';
|
||
|
||
meta = {
|
||
description = "Open-source database of factory-set credentials";
|
||
homepage = "https://github.com/anotherhadi/default-creds";
|
||
license = pkgs.lib.licenses.mit;
|
||
mainProgram = "default-creds";
|
||
};
|
||
});
|
||
in {
|
||
packages.${system} = {
|
||
inherit default-creds;
|
||
default = default-creds;
|
||
};
|
||
|
||
devShells.${system}.default = pkgs.mkShell {
|
||
packages = [
|
||
pkgs.bun
|
||
bun2nixPkg
|
||
];
|
||
};
|
||
|
||
nixosModules.default = {
|
||
config,
|
||
lib,
|
||
...
|
||
}: let
|
||
cfg = config.services.default-creds;
|
||
in {
|
||
options.services.default-creds = {
|
||
enable = lib.mkEnableOption "default-creds credential search service";
|
||
|
||
port = lib.mkOption {
|
||
type = lib.types.port;
|
||
default = 4321;
|
||
description = "TCP port the service will listen on.";
|
||
};
|
||
};
|
||
|
||
config = lib.mkIf cfg.enable {
|
||
systemd.services.default-creds = {
|
||
description = "default-creds – default credentials database";
|
||
wantedBy = ["multi-user.target"];
|
||
after = ["network.target"];
|
||
|
||
environment = {
|
||
HOST = "127.0.0.1";
|
||
PORT = toString cfg.port;
|
||
};
|
||
|
||
serviceConfig = {
|
||
ExecStart = "${self.packages.${system}.default}/bin/default-creds";
|
||
WorkingDirectory = "${self.packages.${system}.default}/share/default-creds";
|
||
Restart = "on-failure";
|
||
RestartSec = "5s";
|
||
|
||
DynamicUser = true;
|
||
|
||
NoNewPrivileges = true;
|
||
PrivateTmp = true;
|
||
ProtectSystem = "strict";
|
||
ProtectHome = true;
|
||
CapabilityBoundingSet = "";
|
||
AmbientCapabilities = "";
|
||
LockPersonality = true;
|
||
MemoryDenyWriteExecute = false;
|
||
RestrictNamespaces = true;
|
||
RestrictRealtime = true;
|
||
};
|
||
};
|
||
};
|
||
};
|
||
|
||
nixosModules.default-creds = self.nixosModules.default;
|
||
};
|
||
}
|