depot/cluster/services/idm/modules/idm-nss-ready.nix

{ lib, pkgs, ... }:

let
  idmReady = pkgs.writers.writeHaskellBin "idm-nss-ready" {
    libraries = with pkgs.haskellPackages; [ watchdog ];
  } ''
    import Control.Monad.IO.Class
    import Control.Watchdog
    import System.IO
    import System.IO.Error
    import System.Posix.User

    flushLogger :: WatchdogLogger String
    flushLogger taskErr delay = do
      defaultLogger taskErr delay
      hFlush stdout

    main :: IO ()
    main = watchdog $ do
      setInitialDelay 300_000
      setMaximumDelay 30_000_000
      setLoggingAction flushLogger
      watch $ do
        check <- liftIO $ tryIOError $ getGroupEntryForName "infra_admins"
        case check of
          Right _ -> return $ Right ()
          Left _ -> return $ Left "group not found"
  '';
in

{
  systemd.services.idm-nss-ready = {
    description = "Wait for IDM NSS";
    requires = [ "kanidm-unixd.service" "nscd.service" "nss-user-lookup.target" ];
    after = [ "kanidm-unixd.service" "nscd.service" ];
    before = [ "nss-user-lookup.target" ];
    serviceConfig = {
      ExecStart = lib.getExe idmReady;
      DynamicUser = true;
      TimeoutStartSec = "2m";
      Type = "oneshot";
    };
  };
}
cluster/services/idm: implement helpers for IDM NSS 2023-06-13 00:44:22 +03:00			`{ lib, pkgs, ... }:`

			`let`
			`idmReady = pkgs.writers.writeHaskellBin "idm-nss-ready" {`
			`libraries = with pkgs.haskellPackages; [ watchdog ];`
			`} ''`
			`import Control.Monad.IO.Class`
			`import Control.Watchdog`
cluster/services/idm: fix stdout buffering for idm-nss-ready 2023-10-22 14:09:20 +03:00			`import System.IO`
cluster/services/idm: implement helpers for IDM NSS 2023-06-13 00:44:22 +03:00			`import System.IO.Error`
			`import System.Posix.User`

cluster/services/idm: fix stdout buffering for idm-nss-ready 2023-10-22 14:09:20 +03:00			`flushLogger :: WatchdogLogger String`
			`flushLogger taskErr delay = do`
			`defaultLogger taskErr delay`
			`hFlush stdout`

cluster/services/idm: implement helpers for IDM NSS 2023-06-13 00:44:22 +03:00			`main :: IO ()`
			`main = watchdog $ do`
			`setInitialDelay 300_000`
			`setMaximumDelay 30_000_000`
cluster/services/idm: fix stdout buffering for idm-nss-ready 2023-10-22 14:09:20 +03:00			`setLoggingAction flushLogger`
cluster/services/idm: implement helpers for IDM NSS 2023-06-13 00:44:22 +03:00			`watch $ do`
			`check <- liftIO $ tryIOError $ getGroupEntryForName "infra_admins"`
			`case check of`
			`Right _ -> return $ Right ()`
			`Left _ -> return $ Left "group not found"`
			`'';`
			`in`

			`{`
			`systemd.services.idm-nss-ready = {`
			`description = "Wait for IDM NSS";`
cluster/services/idm: wait for nscd before starting idm-nss-ready 2023-10-30 02:40:43 +02:00			`requires = [ "kanidm-unixd.service" "nscd.service" "nss-user-lookup.target" ];`
			`after = [ "kanidm-unixd.service" "nscd.service" ];`
cluster/services/idm: implement helpers for IDM NSS 2023-06-13 00:44:22 +03:00			`before = [ "nss-user-lookup.target" ];`
			`serviceConfig = {`
			`ExecStart = lib.getExe idmReady;`
			`DynamicUser = true;`
			`TimeoutStartSec = "2m";`
			`Type = "oneshot";`
			`};`
			`};`
			`}`