{ config, lib, ... }: let inherit (lib) mkIf mkOption mkEnableOption listToAttrs ; inherit (lib.types) enum listOf submodule nonEmptyStr str bool ; inherit (lib.my) mkPortOption slugify; cfg = config.modules.services.rsync-daemon; in { options.modules.services.rsync-daemon = { enable = mkEnableOption "rsync daemon"; openFirewall = mkOption { type = bool; default = false; description = "Whether to open the firewall"; }; port = mkPortOption 9523 "rsyncd"; address = mkOption { type = nonEmptyStr; default = "0.0.0.0"; description = "The address rsyncd should listen on"; }; location = mkOption { type = nonEmptyStr; default = "/var/lib/rsync-backups"; }; modules = mkOption { default = { }; type = listOf (submodule { options = { mode = mkOption { type = enum [ "read" "write" "both" ]; default = "read"; }; name = mkOption { type = nonEmptyStr; default = ""; description = "MANDATORY: The name of the module"; }; comment = mkOption { type = str; default = ""; description = "A descriptive comment for the module."; }; }; }); }; }; config = mkIf cfg.enable { networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.port ]; systemd.tmpfiles.settings."10-nginx-daemon" = listToAttrs ( map (mod: { name = "${cfg.location}/${slugify mod.name}"; value.d = { group = "nogroup"; mode = "0777"; user = "nobody"; }; }) cfg.modules ); modules.fixes.services.rsyncd = { enable = true; settings = { globalSection = { inherit (cfg) port address; }; sections = listToAttrs ( map (mod: { inherit (mod) name; value = { inherit (mod) comment; path = "${cfg.location}/${slugify mod.name}"; "read only" = mod.mode == "read" || mod.mode == "both"; "write only" = mod.mode == "write" || mod.mode == "both"; }; }) cfg.modules ); }; }; }; }