nixpkgs/nixos/modules/services/web-servers/meguca.nix

159 lines
5 KiB
Nix
Raw Normal View History

2018-05-18 01:56:58 +02:00
{ config, lib, pkgs, ... }:
let
cfg = config.services.meguca;
postgres = config.services.postgresql;
2018-08-03 17:59:06 +02:00
in with lib; {
2018-05-18 01:56:58 +02:00
options.services.meguca = {
enable = mkEnableOption "meguca";
2018-08-03 17:59:06 +02:00
dataDir = mkOption {
2018-05-18 01:56:58 +02:00
type = types.path;
2018-08-03 17:59:06 +02:00
default = "/var/lib/meguca";
example = "/home/okina/meguca";
2018-05-18 01:56:58 +02:00
description = "Location where meguca stores it's database and links.";
};
password = mkOption {
type = types.str;
default = "meguca";
2018-08-03 17:59:06 +02:00
example = "dumbpass";
2018-05-18 01:56:58 +02:00
description = "Password for the meguca database.";
};
passwordFile = mkOption {
type = types.path;
default = "/run/keys/meguca-password-file";
2018-08-03 17:59:06 +02:00
example = "/home/okina/meguca/keys/pass";
description = "Password file for the meguca database.";
};
2018-05-18 01:56:58 +02:00
reverseProxy = mkOption {
type = types.nullOr types.str;
default = null;
2018-08-03 17:59:06 +02:00
example = "192.168.1.5";
2018-05-18 01:56:58 +02:00
description = "Reverse proxy IP.";
};
sslCertificate = mkOption {
type = types.nullOr types.str;
default = null;
2018-08-03 17:59:06 +02:00
example = "/home/okina/meguca/ssl.cert";
2018-05-18 01:56:58 +02:00
description = "Path to the SSL certificate.";
};
listenAddress = mkOption {
type = types.nullOr types.str;
default = null;
2018-08-03 17:59:06 +02:00
example = "127.0.0.1:8000";
2018-05-18 01:56:58 +02:00
description = "Listen on a specific IP address and port.";
};
cacheSize = mkOption {
type = types.nullOr types.int;
2018-05-18 01:56:58 +02:00
default = null;
2018-08-03 17:59:06 +02:00
example = 256;
2018-05-18 01:56:58 +02:00
description = "Cache size in MB.";
};
postgresArgs = mkOption {
type = types.str;
2018-08-03 17:59:06 +02:00
example = "user=meguca password=dumbpass dbname=meguca sslmode=disable";
2018-05-18 01:56:58 +02:00
description = "Postgresql connection arguments.";
};
postgresArgsFile = mkOption {
type = types.path;
default = "/run/keys/meguca-postgres-args";
2018-08-03 17:59:06 +02:00
example = "/home/okina/meguca/keys/postgres";
description = "Postgresql connection arguments file.";
};
2018-05-18 01:56:58 +02:00
compressTraffic = mkOption {
type = types.bool;
default = false;
description = "Compress all traffic with gzip.";
};
assumeReverseProxy = mkOption {
type = types.bool;
default = false;
description = "Assume the server is behind a reverse proxy, when resolving client IPs.";
};
httpsOnly = mkOption {
type = types.bool;
default = false;
description = "Serve and listen only through HTTPS.";
};
};
config = mkIf cfg.enable {
2018-08-03 17:59:06 +02:00
security.sudo.enable = cfg.enable;
services.postgresql.enable = cfg.enable;
services.meguca.passwordFile = mkDefault (pkgs.writeText "meguca-password-file" cfg.password);
services.meguca.postgresArgsFile = mkDefault (pkgs.writeText "meguca-postgres-args" cfg.postgresArgs);
services.meguca.postgresArgs = mkDefault "user=meguca password=${cfg.password} dbname=meguca sslmode=disable";
2018-05-18 01:56:58 +02:00
systemd.services.meguca = {
description = "meguca";
after = [ "network.target" "postgresql.service" ];
wantedBy = [ "multi-user.target" ];
preStart = ''
2018-08-03 17:59:06 +02:00
# Ensure folder exists or create it and links and permissions are correct
mkdir -p ${escapeShellArg cfg.dataDir}
ln -sf ${pkgs.meguca}/share/meguca/www ${escapeShellArg cfg.dataDir}
chmod 750 ${escapeShellArg cfg.dataDir}
chown -R meguca:meguca ${escapeShellArg cfg.dataDir}
2018-05-18 01:56:58 +02:00
# Ensure the database is correct or create it
${pkgs.sudo}/bin/sudo -u ${postgres.superUser} ${postgres.package}/bin/createuser \
-SDR meguca || true
${pkgs.sudo}/bin/sudo -u ${postgres.superUser} ${postgres.package}/bin/createdb \
-T template0 -E UTF8 -O meguca meguca || true
2018-06-10 05:49:27 +02:00
${pkgs.sudo}/bin/sudo -u meguca ${postgres.package}/bin/psql \
2018-08-03 17:59:06 +02:00
-c "ALTER ROLE meguca WITH PASSWORD '$(cat ${escapeShellArg cfg.passwordFile})';" || true
2018-05-18 01:56:58 +02:00
'';
script = ''
2018-08-03 17:59:06 +02:00
cd ${escapeShellArg cfg.dataDir}
${pkgs.meguca}/bin/meguca -d "$(cat ${escapeShellArg cfg.postgresArgsFile})"''
+ optionalString (cfg.reverseProxy != null) " -R ${cfg.reverseProxy}"
+ optionalString (cfg.sslCertificate != null) " -S ${cfg.sslCertificate}"
+ optionalString (cfg.listenAddress != null) " -a ${cfg.listenAddress}"
+ optionalString (cfg.cacheSize != null) " -c ${toString cfg.cacheSize}"
+ optionalString (cfg.compressTraffic) " -g"
+ optionalString (cfg.assumeReverseProxy) " -r"
+ optionalString (cfg.httpsOnly) " -s" + " start";
2018-05-18 01:56:58 +02:00
serviceConfig = {
PermissionsStartOnly = true;
Type = "forking";
User = "meguca";
Group = "meguca";
ExecStop = "${pkgs.meguca}/bin/meguca stop";
};
};
users = {
2018-08-03 17:59:06 +02:00
groups.meguca.gid = config.ids.gids.meguca;
users.meguca = {
2018-05-18 01:56:58 +02:00
description = "meguca server service user";
2018-08-03 17:59:06 +02:00
home = cfg.dataDir;
2018-05-18 01:56:58 +02:00
createHome = true;
group = "meguca";
uid = config.ids.uids.meguca;
};
};
};
2018-08-03 17:59:06 +02:00
imports = [
(mkRenamedOptionModule [ "services" "meguca" "baseDir" ] [ "services" "meguca" "dataDir" ])
];
meta.maintainers = with maintainers; [ chiiruno ];
2018-05-18 01:56:58 +02:00
}