From 0bdc5e269be16aeaa946dd136051d8e4d15c6014 Mon Sep 17 00:00:00 2001 From: makefu Date: Wed, 21 Oct 2015 14:45:27 +0200 Subject: [PATCH] services/misc/bepasty: init at 2015-10-21 This module implements a way to start one or more bepasty servers. It supports configuring the listen address of gunicorn and how bepasty behaves internally. Configuring multiple bepasty servers provides a way to serve pastes externally without authentication and provide creating,listing,deleting pastes interally. nginx can be used to provide access via hostname + listen address. `configuration.nix`: services.bepasty = { enable = true; servers = { internal = { defaultPermissions = "admin,list,create,read,delete"; secretKey = "secret"; bind = "127.0.0.1:8000"; }; external = { defaultPermissions = "read"; bind = "127.0.0.1:8001"; secretKey = "another-secret"; }; }; }; --- nixos/modules/misc/ids.nix | 2 + nixos/modules/module-list.nix | 1 + nixos/modules/services/misc/bepasty.nix | 151 ++++++++++++++++++++++++ 3 files changed, 154 insertions(+) create mode 100644 nixos/modules/services/misc/bepasty.nix diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index b1130c2b124b..c9810b6fccb1 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -236,6 +236,7 @@ xtreemfs = 212; calibre-server = 213; heapster = 214; + bepasty = 215; # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! @@ -449,6 +450,7 @@ #kibana = 211; xtreemfs = 212; calibre-server = 213; + bepasty = 215; # When adding a gid, make sure it doesn't match an existing # uid. Users and groups with the same name should have equal diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index ecdf2264d698..387d90737ee1 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -190,6 +190,7 @@ ./services/mail/spamassassin.nix ./services/misc/apache-kafka.nix ./services/misc/autofs.nix + ./services/misc/bepasty.nix ./services/misc/canto-daemon.nix ./services/misc/calibre-server.nix ./services/misc/cpuminer-cryptonight.nix diff --git a/nixos/modules/services/misc/bepasty.nix b/nixos/modules/services/misc/bepasty.nix new file mode 100644 index 000000000000..12671cb1b6cd --- /dev/null +++ b/nixos/modules/services/misc/bepasty.nix @@ -0,0 +1,151 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + gunicorn = pkgs.pythonPackages.gunicorn; + bepasty = pkgs.pythonPackages.bepasty-server; + gevent = pkgs.pythonPackages.gevent; + python = pkgs.pythonPackages.python; + cfg = config.services.bepasty; + user = "bepasty"; + group = "bepasty"; + default_home = "/var/lib/bepasty"; +in +{ + options.services.bepasty = { + enable = mkEnableOption "Bepasty servers"; + + servers = mkOption { + default = {}; + description = '' + configure a number of bepasty servers which will be started with + gunicorn. + ''; + type = with types ; attrsOf (submodule ({ + + options = { + + bind = mkOption { + type = types.str; + description = '' + Bind address to be used for this server. + ''; + example = "0.0.0.0:8000"; + default = "127.0.0.1:8000"; + }; + + + dataDir = mkOption { + type = types.str; + description = '' + Path to the directory where the pastes will be saved to + ''; + default = default_home+"/data"; + }; + + defaultPermissions = mkOption { + type = types.str; + description = '' + default permissions for all unauthenticated accesses. + ''; + example = "read,create,delete"; + default = "read"; + }; + + extraConfig = mkOption { + type = types.str; + description = '' + Extra configuration for bepasty server to be appended on the + configuration. + see https://bepasty-server.readthedocs.org/en/latest/quickstart.html#configuring-bepasty + for all options. + ''; + default = ""; + example = '' + PERMISSIONS = { + 'myadminsecret': 'admin,list,create,read,delete', + } + MAX_ALLOWED_FILE_SIZE = 5 * 1000 * 1000 + ''; + }; + + secretKey = mkOption { + type = types.str; + description = '' + server secret for safe session cookies, must be set. + ''; + default = ""; + }; + + workDir = mkOption { + type = types.str; + description = '' + Path to the working directory (used for config and pidfile). + Defaults to the users home directory. + ''; + default = default_home; + }; + + }; + })); + }; + }; + + config = mkIf cfg.enable { + environment.systemPackages = [ bepasty ]; + + # creates gunicorn systemd service for each configured server + systemd.services = mapAttrs' (name: server: + nameValuePair ("bepasty-server-${name}-gunicorn") + ({ + description = "Bepasty Server ${name}"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + restartIfChanged = true; + + environment = { + BEPASTY_CONFIG = "${server.workDir}/bepasty-${name}.conf"; + PYTHONPATH= "${bepasty}/lib/${python.libPrefix}/site-packages:${gevent}/lib/${python.libPrefix}/site-packages"; + }; + + serviceConfig = { + Type = "simple"; + PrivateTmp = true; + ExecStartPre = assert server.secretKey != ""; pkgs.writeScript "bepasty-server.${name}-init" '' + #!/bin/sh + mkdir -p "${server.workDir}" + mkdir -p "${server.dataDir}" + chown ${user}:${group} "${server.workDir}" "${server.dataDir}" + cat > ${server.workDir}/bepasty-${name}.conf <