pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / editors / infinoted.nix
at 17.09-beta 4.3 kB view raw
1{ config, lib, pkgs, ... }: 2 3with lib; 4 5let 6 cfg = config.services.infinoted; 7in { 8 options.services.infinoted = { 9 enable = mkEnableOption "infinoted"; 10 11 package = mkOption { 12 type = types.package; 13 default = pkgs.libinfinity.override { daemon = true; }; 14 defaultText = "pkgs.libinfinity.override { daemon = true; }"; 15 description = '' 16 Package providing infinoted 17 ''; 18 }; 19 20 keyFile = mkOption { 21 type = types.nullOr types.path; 22 default = null; 23 description = '' 24 Private key to use for TLS 25 ''; 26 }; 27 28 certificateFile = mkOption { 29 type = types.nullOr types.path; 30 default = null; 31 description = '' 32 Server certificate to use for TLS 33 ''; 34 }; 35 36 certificateChain = mkOption { 37 type = types.nullOr types.path; 38 default = null; 39 description = '' 40 Chain of CA-certificates to which our `certificateFile` is relative. 41 Optional for TLS. 42 ''; 43 }; 44 45 securityPolicy = mkOption { 46 type = types.enum ["no-tls" "allow-tls" "require-tls"]; 47 default = "require-tls"; 48 description = '' 49 How strictly to enforce clients connection with TLS. 50 ''; 51 }; 52 53 port = mkOption { 54 type = types.int; 55 default = 6523; 56 description = '' 57 Port to listen on 58 ''; 59 }; 60 61 rootDirectory = mkOption { 62 type = types.path; 63 default = "/var/lib/infinoted/documents/"; 64 description = '' 65 Root of the directory structure to serve 66 ''; 67 }; 68 69 plugins = mkOption { 70 type = types.listOf types.str; 71 default = [ "note-text" "note-chat" "logging" "autosave" ]; 72 description = '' 73 Plugins to enable 74 ''; 75 }; 76 77 passwordFile = mkOption { 78 type = types.nullOr types.path; 79 default = null; 80 description = '' 81 File to read server-wide password from 82 ''; 83 }; 84 85 extraConfig = mkOption { 86 type = types.lines; 87 default = '' 88 [autosave] 89 interval=10 90 ''; 91 description = '' 92 Additional configuration to append to infinoted.conf 93 ''; 94 }; 95 96 user = mkOption { 97 type = types.str; 98 default = "infinoted"; 99 description = '' 100 What to call the dedicated user under which infinoted is run 101 ''; 102 }; 103 104 group = mkOption { 105 type = types.str; 106 default = "infinoted"; 107 description = '' 108 What to call the primary group of the dedicated user under which infinoted is run 109 ''; 110 }; 111 }; 112 113 config = mkIf (cfg.enable) { 114 users.extraUsers = optional (cfg.user == "infinoted") 115 { name = "infinoted"; 116 description = "Infinoted user"; 117 group = cfg.group; 118 }; 119 users.extraGroups = optional (cfg.group == "infinoted") 120 { name = "infinoted"; 121 }; 122 123 systemd.services.infinoted = 124 { description = "Gobby Dedicated Server"; 125 126 wantedBy = [ "multi-user.target" ]; 127 after = [ "network.target" ]; 128 129 serviceConfig = { 130 Type = "simple"; 131 Restart = "always"; 132 ExecStart = "${cfg.package}/bin/infinoted-0.6 --config-file=/var/lib/infinoted/infinoted.conf"; 133 User = cfg.user; 134 Group = cfg.group; 135 PermissionsStartOnly = true; 136 }; 137 preStart = '' 138 mkdir -p /var/lib/infinoted 139 install -o ${cfg.user} -g ${cfg.group} -m 0600 /dev/null /var/lib/infinoted/infinoted.conf 140 cat >>/var/lib/infinoted/infinoted.conf <<EOF 141 [infinoted] 142 ${optionalString (cfg.keyFile != null) ''key-file=${cfg.keyFile}''} 143 ${optionalString (cfg.certificateFile != null) ''certificate-file=${cfg.certificateFile}''} 144 ${optionalString (cfg.certificateChain != null) ''certificate-chain=${cfg.certificateChain}''} 145 port=${toString cfg.port} 146 security-policy=${cfg.securityPolicy} 147 root-directory=${cfg.rootDirectory} 148 plugins=${concatStringsSep ";" cfg.plugins} 149 ${optionalString (cfg.passwordFile != null) ''password=$(head -n 1 ${cfg.passwordFile})''} 150 151 ${cfg.extraConfig} 152 EOF 153 154 install -o ${cfg.user} -g ${cfg.group} -m 0750 -d ${cfg.rootDirectory} 155 ''; 156 }; 157 }; 158}