diff options
Diffstat (limited to 'nixos/modules/sentinel.nix')
| -rw-r--r-- | nixos/modules/sentinel.nix | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/nixos/modules/sentinel.nix b/nixos/modules/sentinel.nix new file mode 100644 index 0000000..5362524 --- /dev/null +++ b/nixos/modules/sentinel.nix @@ -0,0 +1,53 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + + options = { + + services.sentinel = { + + enable = mkOption { + type = types.bool; + default = false; + description = '' + Whether to enable the Turris Sentinel attact prevention system. + ''; + }; + deviceToken = mkOption { + type = types.str; + description = '' + Turris Sentinel token. You can use `sentinel-device-token -c` to get new one. + ''; + }; + + faillogs = { + enable = mkOption { + type = types.bool; + default = true; + description = '' + Whether to enable the Turris Sentinel fail logs collector. + The services.sentinel.enable has to be enabled as well. + ''; + }; + }; + }; + + }; + + + config = mkIf config.services.sentinel.enable { + environment.systemPackages = [ pkgs.sentinel-proxy ]; + #environment.etc.cups.source = "/var/lib/cups"; + + #systemd.services.sentinel-proxy = { + # description = "Turris Sentinel proxy"; + # wantedBy = [ "multi-user.target" ]; + # path = [ sentinel-proxy ]; + # serviceConfig.ExecStart = "${sentinel-proxy}/bin/sentinel-proxy -f "; + #}; + + }; + +} |