pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / security / sks.nix
at 18.09-beta 1.9 kB view raw
1{ config, lib, pkgs, ... }: 2 3with lib; 4 5let 6 7 cfg = config.services.sks; 8 9 sksPkg = cfg.package; 10 11in 12 13{ 14 15 options = { 16 17 services.sks = { 18 19 enable = mkEnableOption "sks"; 20 21 package = mkOption { 22 default = pkgs.sks; 23 defaultText = "pkgs.sks"; 24 type = types.package; 25 description = " 26 Which sks derivation to use. 27 "; 28 }; 29 30 hkpAddress = mkOption { 31 default = [ "127.0.0.1" "::1" ]; 32 type = types.listOf types.str; 33 description = " 34 Wich ip addresses the sks-keyserver is listening on. 35 "; 36 }; 37 38 hkpPort = mkOption { 39 default = 11371; 40 type = types.int; 41 description = " 42 Which port the sks-keyserver is listening on. 43 "; 44 }; 45 }; 46 }; 47 48 config = mkIf cfg.enable { 49 50 environment.systemPackages = [ sksPkg ]; 51 52 users.users.sks = { 53 createHome = true; 54 home = "/var/db/sks"; 55 isSystemUser = true; 56 shell = "${pkgs.coreutils}/bin/true"; 57 }; 58 59 systemd.services = let 60 hkpAddress = "'" + (builtins.concatStringsSep " " cfg.hkpAddress) + "'" ; 61 hkpPort = builtins.toString cfg.hkpPort; 62 home = config.users.users.sks.home; 63 user = config.users.users.sks.name; 64 in { 65 sks-keyserver = { 66 wantedBy = [ "multi-user.target" ]; 67 preStart = '' 68 mkdir -p ${home}/dump 69 ${pkgs.sks}/bin/sks build ${home}/dump/*.gpg -n 10 -cache 100 || true #*/ 70 ${pkgs.sks}/bin/sks cleandb || true 71 ${pkgs.sks}/bin/sks pbuild -cache 20 -ptree_cache 70 || true 72 ''; 73 serviceConfig = { 74 WorkingDirectory = home; 75 User = user; 76 Restart = "always"; 77 ExecStart = "${pkgs.sks}/bin/sks db -hkp_address ${hkpAddress} -hkp_port ${hkpPort}"; 78 }; 79 }; 80 }; 81 }; 82}