Start using Nix as a reproducible build tool

nix/modules/lnbits-service.nix

@@ -0,0 +1,106 @@
+{ config, pkgs, lib, ... }:
+
+let
+  defaultUser = "lnbits";
+  cfg = config.services.lnbits;
+  inherit (lib) mkOption mkIf types optionalAttrs;
+in
+
+{
+  options = {
+    services.lnbits = {
+      enable = mkOption {
+        default = false;
+        type = types.bool;
+        description = ''
+          Whether to enable the lnbits service
+        '';
+      };
+      openFirewall = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to open the ports used by lnbits in the firewall for the server
+        '';
+      };
+      package = mkOption {
+        type = types.package;
+        default = pkgs.lnbits;
+        description = ''
+          The lnbits package to use.
+        '';
+      };
+      stateDir = mkOption {
+        type = types.path;
+        default = "/var/lib/lnbits";
+        description = ''
+          The lnbits state directory which LNBITS_DATA_FOLDER will be set to
+        '';
+      };
+      host = mkOption {
+        type = types.str;
+        default = "127.0.0.1";
+        description = ''
+          The host to bind to
+        '';
+      };
+      port = mkOption {
+        type = types.port;
+        default = 8231;
+        description = ''
+          The port to run on
+        '';
+      };
+      user = mkOption {
+        type = types.str;
+        default = "lnbits";
+        description = "user to run lnbits as";
+      };
+      group = mkOption {
+        type = types.str;
+        default = "lnbits";
+        description = "group to run lnbits as";
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    users.users = optionalAttrs (cfg.user == defaultUser) {
+      ${defaultUser} = {
+        isSystemUser = true;
+        group = defaultUser;
+      };
+    };
+
+    users.groups = optionalAttrs (cfg.group == defaultUser) {
+      ${defaultUser} = { };
+    };
+
+    systemd.tmpfiles.rules = [
+      "d ${cfg.stateDir}                            0700 ${cfg.user} ${cfg.group} - -"
+    ];
+
+    systemd.services.lnbits = {
+      enable = true;
+      description = "lnbits";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network-online.target" ];
+      environment = {
+        LNBITS_DATA_FOLDER = "${cfg.stateDir}";
+      };
+      serviceConfig = {
+        User = cfg.user;
+        Group = cfg.group;
+        WorkingDirectory = "${cfg.package.src}";
+        StateDirectory = "${cfg.stateDir}";
+        ExecStart = "${lib.getExe cfg.package} --port ${toString cfg.port} --host ${cfg.host}";
+        Restart = "always";
+        PrivateTmp = true;
+      };
+    };
+    networking.firewall = mkIf cfg.openFirewall {
+      allowedTCPPorts = [ cfg.port ];
+    };
+  };
+}
+

nix/tests/default.nix

@@ -0,0 +1,4 @@
+{ pkgs, makeTest, inputs }:
+{
+  vmTest = import ./nixos-module { inherit pkgs makeTest inputs; };
+}

nix/tests/nixos-module/default.nix

@@ -0,0 +1,25 @@
+{ pkgs, makeTest, inputs }:
+makeTest {
+  nodes = {
+    client = { config, pkgs, ... }: {
+      environment.systemPackages = [ pkgs.curl ];
+    };
+    lnbits = { ... }: {
+      imports = [ inputs.self.nixosModules.${pkgs.hostPlatform.system}.default ];
+      services.lnbits = {
+        enable = true;
+        openFirewall = true;
+        host = "0.0.0.0";
+      };
+    };
+  };
+  testScript = { nodes, ... }: ''
+    start_all()
+    lnbits.wait_for_open_port(${toString nodes.lnbits.config.services.lnbits.port})
+    client.wait_for_unit("multi-user.target")
+    with subtest("Check that the lnbits webserver can be reached."):
+        assert "<title>LNbits</title>" in client.succeed(
+            "curl -sSf http:/lnbits:8231/ | grep title"
+        )
+  '';
+}