From a3d4baad773e4a6d6da77e5d085e6459f3ef5379 Mon Sep 17 00:00:00 2001 From: "Burfeind, Jan-Niklas" Date: Fri, 20 Feb 2026 14:43:08 +0100 Subject: [PATCH] labgrid.coordinator.service: Provide the service based on the example in contrib/ in the project repo. Provide three new options: - enable (default: False) - debug (default: False) - bindAddress (default: 0.0.0.0) - package (default: python313Packages.labgrid) - port (default: 22408) Co-authored-by: Rouven Czerwinski --- nixos/modules/module-list.nix | 1 + .../development/labgrid/coordinator.nix | 96 +++++++++++++++++++ 2 files changed, 97 insertions(+) create mode 100644 nixos/modules/services/development/labgrid/coordinator.nix diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 8ea3e232594a..ff6978d5b751 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -604,6 +604,7 @@ ./services/development/hoogle.nix ./services/development/jupyter/default.nix ./services/development/jupyterhub/default.nix + ./services/development/labgrid/coordinator.nix ./services/development/livebook.nix ./services/development/lorri.nix ./services/development/nixseparatedebuginfod2.nix diff --git a/nixos/modules/services/development/labgrid/coordinator.nix b/nixos/modules/services/development/labgrid/coordinator.nix new file mode 100644 index 000000000000..472d631b7bed --- /dev/null +++ b/nixos/modules/services/development/labgrid/coordinator.nix @@ -0,0 +1,96 @@ +{ + config, + pkgs, + lib, + ... +}: + +let + cfg = config.services.labgrid.coordinator; +in +{ + meta = { + maintainers = with lib.maintainers; [ + aiyion + emantor + ]; + }; + + options = { + services.labgrid.coordinator = { + bindAddress = lib.mkOption { + default = "0.0.0.0"; + type = lib.types.str; + description = "Bind address for the labgrid coordinator."; + }; + + debug = lib.mkOption { + default = false; + type = with lib.types; bool; + description = '' + Whether to enable debug mode. + ''; + }; + + enable = lib.mkEnableOption "Labgrid Coordinator"; + + openFirewall = lib.mkOption { + default = false; + type = with lib.types; bool; + description = '' + Whether to automatically open the coordinator listen port in the firewall. + ''; + }; + + package = lib.mkPackageOption pkgs [ "python3Packages" "labgrid" ] { }; + + port = lib.mkOption { + default = 20408; + type = lib.types.port; + description = "Coordinator port to bind to."; + }; + }; + }; + + config = lib.mkIf cfg.enable { + networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall [ cfg.port ]; + + systemd.services.labgrid-coordinator = { + after = [ "network-online.target" ]; + description = "Labgrid Coordinator"; + serviceConfig = { + Environment = ''"PYTHONUNBUFFERED=1"''; + ExecStart = "${lib.getBin cfg.package}/bin/labgrid-coordinator ${lib.optionalString cfg.debug "--debug"} --listen ${cfg.bindAddress}:${toString cfg.port}"; + Restart = "on-failure"; + DynamicUser = "yes"; + StateDirectory = "labgrid-coordinator"; + WorkingDirectory = "/var/lib/labgrid-coordinator"; + CapabilityBoundingSet = ""; + LockPersonality = true; + MemoryDenyWriteExecute = true; + PrivateDevices = true; + PrivateUsers = true; + ProcSubset = "pid"; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectProc = "invisible"; + RestrictRealtime = true; + RestrictAddressFamilies = "AF_INET AF_INET6"; + RestrictNamespaces = true; + SystemCallArchitectures = "native"; + SystemCallFilter = [ + "@system-service" + "~@privileged" + "~@resources" + ]; + }; + wantedBy = [ "multi-user.target" ]; + wants = [ "network-online.target" ]; + }; + }; +}