cool-handle.ebil.club / washng0machine
putz u in dhe washing machin and spins ur bsky pofile pictuer !!! :D
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

nix modu;le

cool hablde 826d2100 541f660d

+106
+106
nix/module.nix
··· 1 + { 2 + lib, 3 + pkgs, 4 + config, 5 + ... 6 + }: 7 + let 8 + cfg = config.services.washing-machien; 9 + in 10 + { 11 + options.services.washing-machien = { 12 + enable = lib.mkEnableOption "washing machien"; 13 + 14 + package = lib.mkOption { 15 + type = lib.types.package; 16 + default = pkgs.callPackage ./default.nix { }; 17 + description = "The package to use for th washng machine"; 18 + }; 19 + 20 + settings = { 21 + IDENTIFIER = lib.mkOption { 22 + type = lib.types.str; 23 + description = "ur bee sky identifier"; 24 + }; 25 + BACKGROUND = lib.mkOption { 26 + type = lib.types.nullOr lib.types.str; 27 + default = null; 28 + description = "background colour"; 29 + }; 30 + AVATAR = lib.mkOption { 31 + type = lib.types.str; 32 + description = "avatar image path"; 33 + }; 34 + }; 35 + 36 + environmentFiles = lib.mkOption { 37 + type = lib.types.listOf lib.types.path; 38 + default = [ ]; 39 + description = "The environment file to use for WASHING MACHIEn"; 40 + }; 41 + }; 42 + 43 + config = lib.mkIf cfg.enable { 44 + systemd.services = { 45 + washing-machien = { 46 + description = "washing-machien"; 47 + after = [ "network.target" ]; 48 + wantedBy = [ "multi-user.target" ]; 49 + 50 + serviceConfig = { 51 + Type = "oneshot"; 52 + EnvironmentFile = cfg.environmentFiles; 53 + Environment = lib.mapAttrsToList (k: v: "${k}=${if builtins.isInt v then toString v else v}") ( 54 + lib.filterAttrs (_: v: v != null) cfg.settings 55 + ); 56 + 57 + ExecStart = "${lib.getExe cfg.package} ${cfg.settings.AVATAR}"; 58 + RemainAfterExit = false; 59 + 60 + # Hardening 61 + RemoveIPC = true; 62 + CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ]; 63 + NoNewPrivileges = true; 64 + PrivateDevices = true; 65 + ProtectClock = true; 66 + ProtectKernelLogs = true; 67 + ProtectControlGroups = true; 68 + ProtectKernelModules = true; 69 + PrivateMounts = true; 70 + SystemCallArchitectures = [ "native" ]; 71 + MemoryDenyWriteExecute = false; # required by V8 JIT 72 + RestrictNamespaces = true; 73 + RestrictSUIDSGID = true; 74 + ProtectHostname = true; 75 + LockPersonality = true; 76 + ProtectKernelTunables = true; 77 + RestrictAddressFamilies = [ 78 + "AF_UNIX" 79 + "AF_INET" 80 + "AF_INET6" 81 + ]; 82 + RestrictRealtime = true; 83 + DeviceAllow = [ "" ]; 84 + ProtectProc = "invisible"; 85 + ProcSubset = "pid"; 86 + ProtectHome = true; 87 + PrivateUsers = true; 88 + PrivateTmp = true; 89 + UMask = "0077"; 90 + }; 91 + }; 92 + }; 93 + 94 + systemd.timers.washing-machien = { 95 + description = "Run washing-machien every minute"; 96 + wantedBy = [ "timers.target" ]; 97 + 98 + timerConfig = { 99 + OnBootSec = "1min"; # first run 1 minute after boot 100 + OnUnitActiveSec = "1min"; # run every minute 101 + AccuracySec = "5s"; 102 + Unit = "washing-machien.service"; # the service to run 103 + }; 104 + }; 105 + }; 106 + }