labgrid.coordinator.service: Provide the service

based on the example in contrib/ in the project repo. Provide three new options: - enable (default: False) - debug (default: False) - bindAddress (default: 0.0.0.0) - package (default: python313Packages.labgrid) - port (default: 22408) Co-authored-by: Rouven Czerwinski <rouven@czerwinskis.de>
2026-03-08 01:24:09 +01:00 · 2026-02-20 14:43:08 +01:00 · 2026-02-20 14:43:08 +01:00 · a3d4baad77
commit a3d4baad77
parent d85430e9d0
2 changed files with 97 additions and 0 deletions
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@ -604,6 +604,7 @@
  ./services/development/hoogle.nix
  ./services/development/jupyter/default.nix
  ./services/development/jupyterhub/default.nix
+  ./services/development/labgrid/coordinator.nix
  ./services/development/livebook.nix
  ./services/development/lorri.nix
  ./services/development/nixseparatedebuginfod2.nix
--- a/nixos/modules/services/development/labgrid/coordinator.nix
+++ b/nixos/modules/services/development/labgrid/coordinator.nix
@ -0,0 +1,96 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+
+let
+  cfg = config.services.labgrid.coordinator;
+in
+{
+  meta = {
+    maintainers = with lib.maintainers; [
+      aiyion
+      emantor
+    ];
+  };
+
+  options = {
+    services.labgrid.coordinator = {
+      bindAddress = lib.mkOption {
+        default = "0.0.0.0";
+        type = lib.types.str;
+        description = "Bind address for the labgrid coordinator.";
+      };
+
+      debug = lib.mkOption {
+        default = false;
+        type = with lib.types; bool;
+        description = ''
+          Whether to enable debug mode.
+        '';
+      };
+
+      enable = lib.mkEnableOption "Labgrid Coordinator";
+
+      openFirewall = lib.mkOption {
+        default = false;
+        type = with lib.types; bool;
+        description = ''
+          Whether to automatically open the coordinator listen port in the firewall.
+        '';
+      };
+
+      package = lib.mkPackageOption pkgs [ "python3Packages" "labgrid" ] { };
+
+      port = lib.mkOption {
+        default = 20408;
+        type = lib.types.port;
+        description = "Coordinator port to bind to.";
+      };
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall [ cfg.port ];
+
+    systemd.services.labgrid-coordinator = {
+      after = [ "network-online.target" ];
+      description = "Labgrid Coordinator";
+      serviceConfig = {
+        Environment = ''"PYTHONUNBUFFERED=1"'';
+        ExecStart = "${lib.getBin cfg.package}/bin/labgrid-coordinator ${lib.optionalString cfg.debug "--debug"} --listen ${cfg.bindAddress}:${toString cfg.port}";
+        Restart = "on-failure";
+        DynamicUser = "yes";
+        StateDirectory = "labgrid-coordinator";
+        WorkingDirectory = "/var/lib/labgrid-coordinator";
+        CapabilityBoundingSet = "";
+        LockPersonality = true;
+        MemoryDenyWriteExecute = true;
+        PrivateDevices = true;
+        PrivateUsers = true;
+        ProcSubset = "pid";
+        ProtectClock = true;
+        ProtectControlGroups = true;
+        ProtectHome = true;
+        ProtectHostname = true;
+        ProtectKernelLogs = true;
+        ProtectKernelModules = true;
+        ProtectKernelTunables = true;
+        ProtectProc = "invisible";
+        RestrictRealtime = true;
+        RestrictAddressFamilies = "AF_INET AF_INET6";
+        RestrictNamespaces = true;
+        SystemCallArchitectures = "native";
+        SystemCallFilter = [
+          "@system-service"
+          "~@privileged"
+          "~@resources"
+        ];
+      };
+      wantedBy = [ "multi-user.target" ];
+      wants = [ "network-online.target" ];
+    };
+  };
+}