Add experimental NixOS module

flake.nix

@@ -29,15 +29,15 @@
       defaultPackage = packages.olivefs;
 
       # NixOS Modules
-#       nixosModules = {
+      nixosModules = {
-#         olivefsd = import ./nixos_modules/olivefsd.nix self;
+        olivefsd = import ./nixos_modules/olivefsd.nix self;
-#       };
+      };
 
       # `nix run`
-#       apps.olivefs = utils.lib.mkApp {
+      apps.olivefs = utils.lib.mkApp {
-#         drv = packages.olivefs;
+        drv = packages.olivefs;
-#       };
+      };
-#       defaultApp = apps.olivefs;
+      defaultApp = apps.olivefs;
 
       # `nix develop`
       devShell = pkgs.mkShell {

nixos_modules/olivefsd.nix

@@ -0,0 +1,114 @@
+flake: {config, pkgs, lib, ...}:
+
+let
+  cfg = config.services.olivefsd;
+  inherit (flake.packages.${pkgs.stdenv.hostPlatform.system}) olivefs;
+in
+
+with lib;
+
+{
+  options = {
+    services.olivefsd = {
+      enable = mkOption {
+        default = false;
+        type = with types; bool;
+        description = ''
+          Start the OliveFSd Search web interface.
+        '';
+      };
+
+      user = mkOption {
+        default = "olivefsd";
+        type = with types; uniq str;
+        description = ''
+          Name of the user.
+        '';
+      };
+
+      bindHost = mkOption {
+        default = "127.0.0.1";
+        type = with types; str;
+        description = ''
+          Host upon which to bind the OliveFS interface.
+        '';
+      };
+
+      bindPort = mkOption {
+        default = 7510;
+        type = with types; port;
+        description = ''
+          Port upon which to bind the OliveFS interface.
+        '';
+      };
+
+      rootDir = mkOption {
+        type = with types; path;
+        example = "/my/path/olivefsd";
+        description = ''
+          Path that is the root of the OliveFS volume.
+        '';
+      };
+
+      clients = mkOption {
+        type = with types; listOf str;
+        example = ''["mypc", "mylaptop"]'';
+        description = ''
+          Names of all the SANs to accept.
+        '';
+      };
+
+      serverKeyFile = mkOption {
+        type = with types; path;
+        description = ''
+          Server's TLS key (in DER format).
+        '';
+      };
+
+      serverCertFile = mkOption {
+        type = with types; path;
+        description = ''
+          Server's TLS cert (in DER format).
+        '';
+      };
+
+      caCertFile = mkOption {
+        type = with types; path;
+        description = ''
+          CA's TLS cert (in DER format).
+        '';
+      };
+
+      idleTimeout = mkOption {
+        type = with types; int;
+        default = 30;
+        description = ''
+          Idle connection timeout in seconds.
+        '';
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    users.users."${cfg.user}" = {
+      description = "OliveFS User";
+      isSystemUser = true;
+      group = "${cfg.user}";
+    };
+    users.groups."${cfg.user}" = {};
+
+    systemd.services.olivefsd = {
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+      description = "Start the OliveFS server.";
+
+      serviceConfig = {
+        Type = "simple";
+        User = "${cfg.user}";
+        ExecStart =
+          let cfgPath = builtins.toFile "olivefsd.toml" (import ./olivefsd_config.nix { inherit cfg lib; });
+          in ''${olivefs}/bin/olivefsd serve ${cfgPath}'';
+      };
+    };
+  };
+}

nixos_modules/olivefsd_config.nix

@@ -0,0 +1,29 @@
+{ cfg, lib }:
+let
+
+  clientSection =
+    clientName:
+    ''
+    [clients.${clientName}]
+    '';
+
+  clientSections = map clientSection cfg.clients;
+
+in
+''
+[listen]
+listen_to = "${cfg.bindHost}:${builtins.toString cfg.bindPort}"
+
+# Must be kept secret.
+server_key = "${cfg.serverKeyFile}"
+
+server_certificate = "${cfg.serverCertFile}"
+ca_certificate = "${cfg.caCertFile}"
+
+timeout = ${builtins.toString cfg.idleTimeout}
+
+[service]
+root = "${cfg.rootDir}"
+
+${lib.strings.concatStrings clientSections}
+''