60 lines
1.9 KiB
Nix
60 lines
1.9 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
let
|
|
cfg = config.services.pretix;
|
|
mkTimer = { description, unit, onCalendar }: {
|
|
inherit description;
|
|
requires = [ "pretix-migrate.service" ];
|
|
after = [ "network.target" ];
|
|
wantedBy = [ "timers.target" ];
|
|
timerConfig = {
|
|
Persistent = true;
|
|
OnCalendar = onCalendar;
|
|
Unit = unit;
|
|
};
|
|
};
|
|
in
|
|
{
|
|
options.services.pretix-banktool = with lib; with lib.types; {
|
|
enable = mkEnableOption "Enable tool to query bank account and sync transaction data to pretix server.";
|
|
days = mkOption {
|
|
type = types.int;
|
|
description = "The timeframe of transaction to fetch from the bank in days.";
|
|
};
|
|
secretsFile = mkOption {
|
|
type = types.path;
|
|
description = ''
|
|
Path of file containing secrets for pretix banktool.
|
|
'';
|
|
};
|
|
};
|
|
config = {
|
|
systemd.services.pretix-banktool = lib.mkIf cfg.enable {
|
|
description = "Tool to query bank account and sync transaction data to pretix server.";
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
DynamicUser = true;
|
|
CapabilityBoundingSet = null;
|
|
PrivateUsers = true;
|
|
ProtectHome = true;
|
|
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
|
|
RestrictNamespaces = true;
|
|
SystemCallFilter = "@system-service";
|
|
LoadCredential = "config:${cfg.secretsFile}";
|
|
};
|
|
script = "${pkgs.pretix-banktool}/bin/pretix-banktool upload \"$CREDENTIALS_DIRECTORY/config\" --days=${toString cfg.days}";
|
|
};
|
|
|
|
systemd.timers.pretix-banktool = lib.mkIf cfg.enable {
|
|
description = "Run tool to query bank account and sync transaction data to pretix server.";
|
|
after = [ "network.target" ];
|
|
wantedBy = [ "timers.target" ];
|
|
timerConfig = {
|
|
Persistent = true;
|
|
OnCalendar = "*-*-* *:00:00";
|
|
Unit = "pretix-banktool.service";
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|