marlin/attestation/server/default.nix at master · marlinprotocol/marlin · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
{
  nixpkgs,
  systemConfig,
  crane,
}: let
  system = systemConfig.system;
  pkgs = nixpkgs.legacyPackages."${system}";
  crane' = crane.mkLib pkgs;
  commonArgs = {
    strictDeps = true;
    doCheck = false;
    # DOES NOT run the check command
    # short circuits it by running the true command instead
    cargoCheckCommand = "true";

    src = crane'.cleanCargoSource ./.;
    nativeBuildInputs = [
      pkgs.pkg-config
      pkgs.autoPatchelfHook
    ];
    buildInputs = [
      pkgs.tpm2-tss
      pkgs.libgcc
    ];
  };
  deps = crane'.buildDepsOnly commonArgs;
in {
  standard = rec {
    default = crane'.buildPackage (commonArgs
      // {
        cargoArtifacts = deps;
        cargoExtraArgs = "--bin attestation-server";
      });

    service = {...} @ args: let
      service-name = args.service-name or "attestation-server";
      listen-addr = args.listen-addr or "0.0.0.0:1300";
      public-key = args.public-key or "/root/x25519.pub";
      user-data = args.user-data or "/dev/null";
      port = pkgs.lib.toInt (pkgs.lib.last (pkgs.lib.splitString ":" listen-addr));
    in {
      # systemd service
      systemd.services.${service-name} = {
        description = "Run attestation server";
        wantedBy = ["multi-user.target"];
        after = ["local-fs.target" "network.target" "tpm2.target"];
        serviceConfig = {
          Type = "simple";
          ExecStart = ''
            ${default}/bin/attestation-server \
              --listen-addr ${listen-addr} \
              --public-key ${public-key} \
              --user-data ${user-data}
          '';
          Restart = "always";
        };
      };

      # firewall rule
      networking.firewall.allowedTCPPorts = [port];
    };
  };
  custom = rec {
    default = crane'.buildPackage (commonArgs
      // {
        cargoArtifacts = deps;
        cargoExtraArgs = "--bin attestation-server-custom";
      });

    service = {...} @ args: let
      service-name = args.service-name or "attestation-server-custom";
      listen-addr = args.listen-addr or "0.0.0.0:1350";
      port = pkgs.lib.toInt (pkgs.lib.last (pkgs.lib.splitString ":" listen-addr));
    in {
      # systemd service
      systemd.services.${service-name} = {
        description = "Run custom attestation server";
        wantedBy = ["multi-user.target"];
        after = ["local-fs.target" "network.target" "tpm2.target"];
        serviceConfig = {
          Type = "simple";
          ExecStart = ''
            ${default}/bin/attestation-server-custom \
              --listen-addr ${listen-addr}
          '';
          Restart = "always";
        };
      };

      # firewall rule
      networking.firewall.allowedTCPPorts = [port];
    };
  };
}