first

templates/nixos-module/default.nix

@@ -0,0 +1,136 @@
+# NixOS Module Template
+# This is a template for creating new NixOS modules in m3ta-nixpkgs
+# Copy this template and modify it for your specific module
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.m3ta.myModule; # Replace 'myModule' with your module name
+in {
+  # Define options that users can set in their configuration
+  options.m3ta.myModule = {
+    enable = mkEnableOption "my custom module"; # Replace with your module description
+
+    # Example: String option
+    package = mkOption {
+      type = types.package;
+      default = pkgs.hello; # Replace with your default package
+      defaultText = literalExpression "pkgs.hello";
+      description = "The package to use for this module";
+    };
+
+    # Example: String option
+    dataDir = mkOption {
+      type = types.path;
+      default = "/var/lib/mymodule";
+      description = "Directory where data will be stored";
+    };
+
+    # Example: Port number
+    port = mkOption {
+      type = types.port;
+      default = 8080;
+      description = "Port to listen on";
+    };
+
+    # Example: String option
+    user = mkOption {
+      type = types.str;
+      default = "mymodule";
+      description = "User account under which the service runs";
+    };
+
+    # Example: Group option
+    group = mkOption {
+      type = types.str;
+      default = "mymodule";
+      description = "Group under which the service runs";
+    };
+
+    # Example: Boolean option
+    openFirewall = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Whether to open the firewall for the service port";
+    };
+
+    # Example: List of strings
+    extraArgs = mkOption {
+      type = types.listOf types.str;
+      default = [];
+      example = ["--verbose" "--debug"];
+      description = "Additional command-line arguments to pass";
+    };
+
+    # Example: Attribute set (key-value pairs)
+    settings = mkOption {
+      type = types.attrs;
+      default = {};
+      example = literalExpression ''
+        {
+          logLevel = "info";
+          timeout = 30;
+        }
+      '';
+      description = "Configuration settings as attribute set";
+    };
+  };
+
+  # Define what happens when the module is enabled
+  config = mkIf cfg.enable {
+    # Create a system user
+    users.users.${cfg.user} = {
+      isSystemUser = true;
+      group = cfg.group;
+      home = cfg.dataDir;
+      createHome = true;
+      description = "My module service user";
+    };
+
+    users.groups.${cfg.group} = {};
+
+    # Define a systemd service
+    systemd.services.mymodule = {
+      description = "My Custom Module Service";
+      wantedBy = ["multi-user.target"];
+      after = ["network.target"];
+
+      serviceConfig = {
+        Type = "simple";
+        User = cfg.user;
+        Group = cfg.group;
+        WorkingDirectory = cfg.dataDir;
+        ExecStart = "${cfg.package}/bin/myprogram ${concatStringsSep " " cfg.extraArgs}";
+        Restart = "on-failure";
+        RestartSec = 5;
+
+        # Security hardening
+        PrivateTmp = true;
+        NoNewPrivileges = true;
+        ProtectSystem = "strict";
+        ProtectHome = true;
+        ReadWritePaths = [cfg.dataDir];
+      };
+    };
+
+    # Open firewall if requested
+    networking.firewall = mkIf cfg.openFirewall {
+      allowedTCPPorts = [cfg.port];
+    };
+
+    # Add package to system packages (optional)
+    environment.systemPackages = [cfg.package];
+
+    # Example: Create configuration file
+    # environment.etc."mymodule/config.json".text = builtins.toJSON cfg.settings;
+  };
+
+  # Module metadata
+  meta = {
+    maintainers = with lib.maintainers; []; # Add your name if in nixpkgs
+    doc = ./default.md; # Optional: Link to documentation
+  };
+}