{ config, inputs, pkgs, ... }: let dataDir = "/srv/data/SHINOBI/shinobi"; shinobiConfigJson = builtins.toJSON { ffmpegBinary = "${pkgs.ffmpeg}/bin/ffmpeg"; port = 38080; db = { host = "127.0.0.1"; port = 3306; user = "majesticflame"; database = "ccio"; }; }; configFile = pkgs.writeText "shinobi-conf.json" shinobiConfigJson; secretFile = config.age.secrets.shinobi-secrets.path; inherit (inputs.self.packages.${pkgs.system}) shinobi; in { age.secrets.shinobi-secrets = { file = ../../../secrets/shinobi-secrets.age; owner = "shinobi"; group = "shinobi"; mode = "0400"; }; services.mysql = { enable = true; settings.mysqld.bind-address = "127.0.0.1"; package = pkgs.mariadb; dataDir = "/srv/data/DB/mariadb"; }; users.users.shinobi = { isSystemUser = true; group = "shinobi"; }; users.groups.shinobi = {}; systemd.tmpfiles.rules = [ "d '${dataDir}' 0750 shinobi shinobi - -" ]; systemd.services.shinobi = { wantedBy = [ "multi-user.target" ]; path = [ pkgs.bash pkgs.nodejs-14_x ]; preStart = '' ${pkgs.jq}/bin/jq --slurp '.[0] * .[1]' ${configFile} ${secretFile} | install -Dm600 -o shinobi -g shinobi /dev/stdin ${dataDir}/conf.json ''; serviceConfig = { WorkingDirectory = dataDir; User = "shinobi"; ExecStart = "${pkgs.nodejs-14_x}/bin/node ${shinobi}/bin/shinobi"; KillSignal = "HUP"; OOMPolicy = "continue"; Restart = "on-abnormal"; RestartSec = "5s"; }; environment.NODE_PATH = "${shinobi}/lib/node_modules/shinobi/node_modules"; }; networking.firewall.allowedTCPPorts = [ 38080 ]; }