nix: add module + VM configs

nix/module.nix

@@ -0,0 +1,191 @@
+{ config, pkgs, lib, ... }: let
+  cfg = config.services.worblehat;
+
+  format = pkgs.formats.toml { };
+in {
+  options.services.worblehat = {
+    enable = lib.mkEnableOption "worblehat, the little kiosk library";
+
+    package = lib.mkPackageOption pkgs "worblehat" { };
+
+    screenPackage = lib.mkPackageOption pkgs "screen" { };
+
+    createLocalDatabase = lib.mkEnableOption "" // {
+      description = ''
+        Whether to set up a local postgres database automatically.
+
+        ::: {.note}
+        You must set up postgres manually before enabling this option.
+        :::
+      '';
+    };
+
+    kioskMode = lib.mkEnableOption "" // {
+      description = ''
+        Whether to let worblehat take over the entire machine.
+
+        This will restrict the machine to a single TTY and make the program unquittable.
+        You can still get access to PTYs via SSH and similar, if enabled.
+      '';
+    };
+
+    limitScreenHeight = lib.mkOption {
+      type = with lib.types; nullOr ints.unsigned;
+      default = null;
+      example = 42;
+      description = ''
+        If set, limits the height of the screen worblehat uses to the given number of lines.
+      '';
+    };
+
+    limitScreenWidth = lib.mkOption {
+      type = with lib.types; nullOr ints.unsigned;
+      default = null;
+      example = 80;
+      description = ''
+        If set, limits the width of the screen worblehat uses to the given number of columns.
+      '';
+    };
+
+    settings = lib.mkOption {
+      description = "Configuration for worblehat";
+      default = { };
+      type = lib.types.submodule {
+        freeformType = format.type;
+      };
+    };
+  };
+
+  config = lib.mkIf cfg.enable (lib.mkMerge [
+    {
+      services.worblehat.settings = lib.pipe ../config-template.toml [
+        builtins.readFile
+        builtins.fromTOML
+        (x: lib.recursiveUpdate x {
+          flask = {
+            TESTING = false;
+            DEBUG = false;
+          };
+        })
+        (lib.mapAttrsRecursive (_: lib.mkDefault))
+      ];
+    }
+    {
+      environment.systemPackages = [ cfg.package ];
+
+      environment.etc."worblehat/config.toml".source = format.generate "worblehat-config.toml" cfg.settings;
+
+      users = {
+        users.worblehat = {
+          group = "worblehat";
+          isNormalUser = true;
+        };
+        groups.worblehat = { };
+      };
+
+      services.worblehat.settings.database.type = "postgresql";
+      services.worblehat.settings.database.postgresql = {
+        host = "/run/postgresql";
+      };
+
+      services.postgresql = lib.mkIf cfg.createLocalDatabase {
+        ensureDatabases = [ "worblehat" ];
+        ensureUsers = [{
+          name = "worblehat";
+          ensureDBOwnership = true;
+          ensureClauses.login = true;
+        }];
+      };
+
+      systemd.services.worblehat-setup-database = lib.mkIf cfg.createLocalDatabase {
+        description = "Dibbler database setup";
+        wantedBy = [ "default.target" ];
+        after = [ "postgresql.service" ];
+        unitConfig = {
+          ConditionPathExists = "!/var/lib/worblehat/.db-setup-done";
+        };
+        serviceConfig = {
+          Type = "oneshot";
+          ExecStart = "${lib.getExe cfg.package} --config /etc/worblehat/config.toml create-db";
+          ExecStartPost = "${lib.getExe' pkgs.coreutils "touch"} /var/lib/worblehat/.db-setup-done";
+          StateDirectory = "worblehat";
+
+          User = "worblehat";
+          Group = "worblehat";
+        };
+      };
+    }
+    (lib.mkIf cfg.kioskMode {
+      boot.kernelParams = [
+        "console=tty1"
+      ];
+
+      users.users.worblehat = {
+        extraGroups = [ "lp" ];
+        shell = (pkgs.writeShellScriptBin "login-shell" "${lib.getExe cfg.screenPackage} -x worblehat") // {
+          shellPath = "/bin/login-shell";
+        };
+      };
+
+      services.worblehat.settings.general = {
+        quit_allowed = false;
+        stop_allowed = false;
+      };
+
+      systemd.services.worblehat-screen-session = {
+        description = "Worblehat Screen Session";
+        wantedBy = [
+          "default.target"
+        ];
+        after = if cfg.createLocalDatabase then [
+          "postgresql.service"
+          "worblehat-setup-database.service"
+        ] else [
+          "network.target"
+        ];
+        serviceConfig = {
+          Type = "forking";
+          RemainAfterExit = false;
+          Restart = "always";
+          RestartSec = "5s";
+          SuccessExitStatus = 1;
+
+          User = "worblehat";
+          Group = "worblehat";
+
+          ExecStartPre = "-${lib.getExe cfg.screenPackage} -X -S worblehat kill";
+          ExecStart = let
+            screenArgs = lib.escapeShellArgs [
+              # -dm creates the screen in detached mode without accessing it
+              "-dm"
+
+              # Session name
+              "-S"
+              "worblehat"
+
+              # Set optimal output mode instead of VT100 emulation
+              "-O"
+
+              # Enable login mode, updates utmp entries
+              "-l"
+            ];
+
+            worblehatArgs = lib.cli.toCommandLineShellGNU { } {
+              config = "/etc/worblehat/config.toml";
+            };
+
+          in "${lib.getExe cfg.screenPackage} ${screenArgs} ${lib.getExe cfg.package} ${worblehatArgs} cli";
+          ExecStartPost =
+            lib.optionals (cfg.limitScreenWidth != null) [
+              "${lib.getExe cfg.screenPackage} -X -S worblehat width ${toString cfg.limitScreenWidth}"
+            ]
+            ++ lib.optionals (cfg.limitScreenHeight != null) [
+              "${lib.getExe cfg.screenPackage} -X -S worblehat height ${toString cfg.limitScreenHeight}"
+            ];
+        };
+      };
+
+      services.getty.autologinUser = "worblehat";
+    })
+  ]);
+}

nix/nixos-configurations/vm-non-kiosk.nix

@@ -0,0 +1,54 @@
+{ self, nixpkgs, ... }:
+nixpkgs.lib.nixosSystem {
+  system = "x86_64-linux";
+  pkgs = import nixpkgs {
+    system = "x86_64-linux";
+    overlays = [
+      self.overlays.worblehat
+    ];
+  };
+  modules = [
+    "${nixpkgs}/nixos/modules/virtualisation/qemu-vm.nix"
+    "${nixpkgs}/nixos/tests/common/user-account.nix"
+
+    self.nixosModules.default
+
+    ({ config, ... }: {
+      system.stateVersion = config.system.nixos.release;
+      virtualisation.graphics = false;
+
+      users.motd = ''
+        =================================
+        Welcome to the worblehat non-kiosk vm!
+
+        Try running:
+            ${config.services.worblehat.package.meta.mainProgram} cli
+
+        Password for worblehat is 'worblehat'
+
+        To exit, press Ctrl+A, then X
+        =================================
+      '';
+
+      users.users.worblehat = {
+        isNormalUser = true;
+        password = "worblehat";
+        extraGroups = [ "wheel" ];
+      };
+
+      services.getty.autologinUser = "worblehat";
+
+      programs.vim = {
+        enable = true;
+        defaultEditor = true;
+      };
+
+      services.postgresql.enable = true;
+
+      services.worblehat = {
+        enable = true;
+        createLocalDatabase = true;
+      };
+    })
+  ];
+}

nix/nixos-configurations/vm.nix

@@ -0,0 +1,35 @@
+{ self, nixpkgs, ... }:
+nixpkgs.lib.nixosSystem {
+  system = "x86_64-linux";
+  pkgs = import nixpkgs {
+    system = "x86_64-linux";
+    overlays = [
+      self.overlays.default
+    ];
+  };
+  modules = [
+    "${nixpkgs}/nixos/modules/virtualisation/qemu-vm.nix"
+    "${nixpkgs}/nixos/tests/common/user-account.nix"
+
+    self.nixosModules.default
+
+    ({ config, ... }: {
+      system.stateVersion = config.system.nixos.release;
+      virtualisation.graphics = false;
+
+      services.postgresql.enable = true;
+
+      services.worblehat = {
+        enable = true;
+        createLocalDatabase = true;
+        kioskMode = true;
+        settings = {
+          flask = {
+            TESTING = true;
+            DEBUG = true;
+          };
+        };
+      };
+    })
+  ];
+}