nixos/archisteamfarm: don't use asf abbreviation for more clarity
This commit is contained in:
parent
b9019a84b7
commit
2d324fc242
|
@ -121,6 +121,9 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
|
|||
We have added a warning for services that are
|
||||
`after = [ "network-online.target" ]` but do not depend on it (e.g. using `wants`).
|
||||
|
||||
- `services.archisteamfarm` no longer uses the abbreviation `asf` for its state directory (`/var/lib/asf`), user and group (both `asf`). Instead the long name `archisteamfarm` is used.
|
||||
Configurations with `system.stateVersion` 23.11 or earlier, default to the old stateDirectory until the 24.11 release and must either set the option explicitly or move the data to the new directory.
|
||||
|
||||
- `networking.iproute2.enable` now does not set `environment.etc."iproute2/rt_tables".text`.
|
||||
|
||||
Setting `environment.etc."iproute2/{CONFIG_FILE_NAME}".text` will override the whole configuration file instead of appending it to the upstream configuration file.
|
||||
|
|
|
@ -506,7 +506,7 @@
|
|||
./services/editors/haste.nix
|
||||
./services/editors/infinoted.nix
|
||||
./services/finance/odoo.nix
|
||||
./services/games/asf.nix
|
||||
./services/games/archisteamfarm.nix
|
||||
./services/games/crossfire-server.nix
|
||||
./services/games/deliantra-server.nix
|
||||
./services/games/factorio.nix
|
||||
|
|
|
@ -7,7 +7,7 @@ let
|
|||
|
||||
format = pkgs.formats.json { };
|
||||
|
||||
asf-config = format.generate "ASF.json" (cfg.settings // {
|
||||
configFile = format.generate "ASF.json" (cfg.settings // {
|
||||
# we disable it because ASF cannot update itself anyways
|
||||
# and nixos takes care of restarting the service
|
||||
# is in theory not needed as this is already the default for default builds
|
||||
|
@ -76,7 +76,7 @@ in
|
|||
|
||||
dataDir = mkOption {
|
||||
type = types.path;
|
||||
default = "/var/lib/asf";
|
||||
default = "/var/lib/archisteamfarm";
|
||||
description = lib.mdDoc ''
|
||||
The ASF home directory used to store all data.
|
||||
If left as the default value this directory will automatically be created before the ASF server starts, otherwise the sysadmin is responsible for ensuring the directory exists with appropriate ownership and permissions.'';
|
||||
|
@ -99,7 +99,7 @@ in
|
|||
ipcPasswordFile = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
description = lib.mdDoc "Path to a file containing the password. The file must be readable by the `asf` user/group.";
|
||||
description = lib.mdDoc "Path to a file containing the password. The file must be readable by the `archisteamfarm` user/group.";
|
||||
};
|
||||
|
||||
ipcSettings = mkOption {
|
||||
|
@ -130,7 +130,7 @@ in
|
|||
};
|
||||
passwordFile = mkOption {
|
||||
type = types.path;
|
||||
description = lib.mdDoc "Path to a file containing the password. The file must be readable by the `asf` user/group.";
|
||||
description = lib.mdDoc "Path to a file containing the password. The file must be readable by the `archisteamfarm` user/group.";
|
||||
};
|
||||
enabled = mkOption {
|
||||
type = types.bool;
|
||||
|
@ -152,7 +152,7 @@ in
|
|||
example = {
|
||||
exampleBot = {
|
||||
username = "alice";
|
||||
passwordFile = "/var/lib/asf/secrets/password";
|
||||
passwordFile = "/var/lib/archisteamfarm/secrets/password";
|
||||
settings = { SteamParentalCode = "1234"; };
|
||||
};
|
||||
};
|
||||
|
@ -161,31 +161,33 @@ in
|
|||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
# TODO: drop with 24.11
|
||||
services.archisteamfarm.dataDir = lib.mkIf (lib.versionAtLeast config.system.stateVersion "24.05") (lib.mkDefault "/var/lib/asf");
|
||||
|
||||
users = {
|
||||
users.asf = {
|
||||
users.archisteamfarm = {
|
||||
home = cfg.dataDir;
|
||||
isSystemUser = true;
|
||||
group = "asf";
|
||||
group = "archisteamfarm";
|
||||
description = "Archis-Steam-Farm service user";
|
||||
};
|
||||
groups.asf = { };
|
||||
groups.archisteamfarm = { };
|
||||
};
|
||||
|
||||
systemd.services = {
|
||||
asf = {
|
||||
archisteamfarm = {
|
||||
description = "Archis-Steam-Farm Service";
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
serviceConfig = mkMerge [
|
||||
(mkIf (cfg.dataDir == "/var/lib/asf") {
|
||||
StateDirectory = "asf";
|
||||
(mkIf (lib.hasPrefix "/var/lib/" cfg.dataDir) {
|
||||
StateDirectory = lib.last (lib.splitString "/" cfg.dataDir);
|
||||
StateDirectoryMode = "700";
|
||||
})
|
||||
{
|
||||
User = "asf";
|
||||
Group = "asf";
|
||||
User = "archisteamfarm";
|
||||
Group = "archisteamfarm";
|
||||
WorkingDirectory = cfg.dataDir;
|
||||
Type = "simple";
|
||||
ExecStart = "${lib.getExe cfg.package} --no-restart --process-required --service --system-required --path ${cfg.dataDir}";
|
||||
|
@ -217,12 +219,10 @@ in
|
|||
RestrictNamespaces = true;
|
||||
RestrictRealtime = true;
|
||||
RestrictSUIDSGID = true;
|
||||
SystemCallArchitectures = "native";
|
||||
UMask = "0077";
|
||||
|
||||
# we luckily already have systemd v247+
|
||||
SecureBits = "noroot-locked";
|
||||
SystemCallArchitectures = "native";
|
||||
SystemCallFilter = [ "@system-service" "~@privileged" ];
|
||||
UMask = "0077";
|
||||
}
|
||||
];
|
||||
|
||||
|
@ -242,7 +242,7 @@ in
|
|||
''
|
||||
mkdir -p config
|
||||
|
||||
cp --no-preserve=mode ${asf-config} config/ASF.json
|
||||
cp --no-preserve=mode ${configFile} config/ASF.json
|
||||
|
||||
${optionalString (cfg.ipcPasswordFile != null) ''
|
||||
${replaceSecretBin} '#ipcPassword#' '${cfg.ipcPasswordFile}' config/ASF.json
|
Loading…
Reference in New Issue
Block a user