copy nb configuration and modules

utils/modules/tang.nix

@@ -0,0 +1,81 @@
+{ config, pkgs, ... }:
+let
+  user = "tang";
+  group = "tang";
+in {
+
+  environment.systemPackages = with pkgs; [
+    jose
+    tang
+  ];
+
+  systemd.paths.tangd-update = {
+    pathConfig = {
+      PathChanged = "/var/db/tang";
+      MakeDirectory = true;
+      DirectoryMode = "0700";
+    };
+  };
+
+  systemd.services.tangd-update = {
+    description = "Tang update";
+    path = [ pkgs.jose ];
+    serviceConfig = {
+      Type = "oneshot";
+      StandardError = "journal";
+      ExecStart = "${pkgs.tang}/libexec/tangd-update /var/db/tang /var/cache/tang";
+    };
+  };
+
+  systemd.services.tangd-keygen = {
+    description = "Tang keygen";
+    documentation = [ "man:tang(8)" ];
+    path = [ pkgs.jose ];
+    serviceConfig = {
+      Type = "oneshot";
+      StandardError = "journal";
+      ExecStart = "${pkgs.tang}/libexec/tangd-keygen /var/db/tang";
+    };
+  };
+
+  systemd.services."tangd@" = {
+    description = "Tang Server";
+    documentation = [ "man:tang(8)" ];
+    path = [ pkgs.jose ];
+    serviceConfig = {
+
+      StandardInput = "socket";
+      StandardOutput = "socket";
+      StandardError = "journal";
+      ExecStart = "${pkgs.tang}/libexec/tangd /var/cache/tang";
+    };
+  };
+
+  systemd.sockets.tangd = {
+    description = "Tang Server socket";
+    documentation = [ "man:tang(8)" ];
+    requires = [
+      "tangd-keygen.service"
+      "tangd-update.service"
+      "tangd-update.path"
+    ];
+    after = [
+      "tangd-keygen.service"
+      "tangd-update.service"
+    ];
+    wantedBy = [ "multi-user.target" ];
+    socketConfig = {
+      ListenStream = 8000;
+      Accept = true;
+    };
+  };
+
+  # users.groups.tang = {};
+  # users.users.tang = {
+  #   isSystemUser  = true;
+  #   group = "tang";
+  #   home  = "/var/db/tang";
+  #   createHome  = true;
+  #   description  = "Tang system user";
+  # };
+}