discuss: Add discuss module, plus firewall support

Author: dehnert

modules/default.nix

@@ -2,5 +2,6 @@
   # Add your NixOS modules here
   #
   # my-module = ./my-module;
+  discussd = ./discussd.nix;
   remctld = ./remctld.nix;
 }

modules/discussd.nix

@@ -0,0 +1,56 @@
+{ lib, pkgs, config, options, ...
+}:
+let
+  cfg = config.services.discussd;
+  athena-pkgs = import ../pkgs { inherit pkgs; };
+in
+{
+  options.services.discussd = (let
+    mkOption = lib.mkOption;
+    mkEnableOption = lib.mkEnableOption;
+    types = lib.types;
+  in {
+    enable = mkEnableOption "discussd";
+    openFirewall = mkOption {
+      description = "open firewall for discuss (if service enabled)";
+      default = true;
+      type = types.bool;
+    };
+  });
+
+  config = lib.mkIf cfg.enable {
+    users.groups.discuss = { };
+    users.users.discuss = {
+      description = "Discuss server";
+      isSystemUser = true;
+      group = "discuss";
+    };
+
+    # systemd unit
+    systemd.services."discussd@" = {
+      description = "Discuss server";
+      documentation = [ "man:discussd(8)" ];
+      requires = [ "discussd.socket" ];
+      serviceConfig = {
+	#Type = "simple";
+	#NotifyAccess = "main";
+	#Restart = "always";
+	User = "discuss";
+	StandardInput = "socket";
+	PrivateTmp = true;
+	PrivateUsers = true;
+	ExecStart = "${athena-pkgs.discuss}/sbin/discussd";
+      };
+    };
+    systemd.sockets.discussd = {
+      description = "discussd listening socket";
+      documentation = [ "man:discussd(8)" ];
+      socketConfig = {
+	ListenStream = 2100;
+	Accept = true;
+      };
+      wantedBy= [ "sockets.target" ];
+    };
+    networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall [2100];
+  };
+}

modules/remctld.nix

@@ -13,13 +13,13 @@ in
 
     remctl_options = {
       executable = mkOption {
-	type = types.string;
+	type = types.str;
 	example = "/bin/echo";
 	description = "Executable to run";
       };
 
       help = mkOption {
-	type = types.nullOr types.string;
+	type = types.nullOr types.str;
 	example = "--help";
 	default = null;
 	description = "Argument for the command that will print help for the subcommand";
@@ -30,20 +30,25 @@ in
       #sudo
       #summary
       user = mkOption {
-	type = types.nullOr types.string;
+	type = types.nullOr types.str;
 	example = "apache2";
 	default = null;
 	description = "user to run the command as";
       };
 
       acl = mkOption {
-	type = types.listOf types.string;
+	type = types.listOf types.str;
 	default = ["ANYUSER"];
 	description = "ACL for the command";
       };
     };
   in {
     enable = mkEnableOption "remctld";
+    openFirewall = mkOption {
+      description = "open firewall for discuss (if service enabled)";
+      default = true;
+      type = types.bool;
+    };
     commands = mkOption {
       description = "command definitions";
       type = types.attrsOf (types.attrsOf (types.submodule {
@@ -77,5 +82,6 @@ in
     # systemd unit
     systemd.packages = [ athena-pkgs.remctl ];
     systemd.sockets.remctld.wantedBy = ["multi-user.target"];
+    networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall [4373];
   };
 }

pkgs/discuss.nix

@@ -36,5 +36,12 @@ in stdenv.mkDerivation {
   ];
 
   #configureFlags = ["--without-krb4" "--with-krb5" "--with-zephyr"];
-  configureFlags = ["--without-krb4" "--with-krb5" "--without-zephyr"];
+  configureFlags = [
+    "--without-krb4" "--with-krb5" "--without-zephyr"
+  ];
+  preConfigure = ''
+  configureFlagsArray+=(
+    "CFLAGS=-DDSC_SETUP=\\\"$out/bin/dsc_setup\\\""
+  )
+  '';
 }