nixos/modules/services/security/hockeypuck.nix at 23.11-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / security / hockeypuck.nix
at 23.11-beta 3.4 kB view raw
  1{ config, lib, pkgs, ... }:
  2
  3let
  4  cfg = config.services.hockeypuck;
  5  settingsFormat = pkgs.formats.toml { };
  6in {
  7  meta.maintainers = with lib.maintainers; [ etu ];
  8
  9  options.services.hockeypuck = {
 10    enable = lib.mkEnableOption (lib.mdDoc "Hockeypuck OpenPGP Key Server");
 11
 12    port = lib.mkOption {
 13      default = 11371;
 14      type = lib.types.port;
 15      description = lib.mdDoc "HKP port to listen on.";
 16    };
 17
 18    settings = lib.mkOption {
 19      type = settingsFormat.type;
 20      default = { };
 21      example = lib.literalExpression ''
 22        {
 23          hockeypuck = {
 24            loglevel = "INFO";
 25            logfile = "/var/log/hockeypuck/hockeypuck.log";
 26            indexTemplate = "''${pkgs.hockeypuck-web}/share/templates/index.html.tmpl";
 27            vindexTemplate = "''${pkgs.hockeypuck-web}/share/templates/index.html.tmpl";
 28            statsTemplate = "''${pkgs.hockeypuck-web}/share/templates/stats.html.tmpl";
 29            webroot = "''${pkgs.hockeypuck-web}/share/webroot";
 30
 31            hkp.bind = ":''${toString cfg.port}";
 32
 33            openpgp.db = {
 34              driver = "postgres-jsonb";
 35              dsn = "database=hockeypuck host=/var/run/postgresql sslmode=disable";
 36            };
 37          };
 38        }
 39      '';
 40      description = lib.mdDoc ''
 41        Configuration file for hockeypuck, here you can override
 42        certain settings (`loglevel` and
 43        `openpgp.db.dsn`) by just setting those values.
 44
 45        For other settings you need to use lib.mkForce to override them.
 46
 47        This service doesn't provision or enable postgres on your
 48        system, it rather assumes that you enable postgres and create
 49        the database yourself.
 50
 51        Example:
 52        ```
 53          services.postgresql = {
 54            enable = true;
 55            ensureDatabases = [ "hockeypuck" ];
 56            ensureUsers = [{
 57              name = "hockeypuck";
 58              ensureDBOwnership = true;
 59            }];
 60          };
 61        ```
 62      '';
 63    };
 64  };
 65
 66  config = lib.mkIf cfg.enable {
 67    services.hockeypuck.settings.hockeypuck = {
 68      loglevel = lib.mkDefault "INFO";
 69      logfile = "/var/log/hockeypuck/hockeypuck.log";
 70      indexTemplate = "${pkgs.hockeypuck-web}/share/templates/index.html.tmpl";
 71      vindexTemplate = "${pkgs.hockeypuck-web}/share/templates/index.html.tmpl";
 72      statsTemplate = "${pkgs.hockeypuck-web}/share/templates/stats.html.tmpl";
 73      webroot = "${pkgs.hockeypuck-web}/share/webroot";
 74
 75      hkp.bind = ":${toString cfg.port}";
 76
 77      openpgp.db = {
 78        driver = "postgres-jsonb";
 79        dsn = lib.mkDefault "database=hockeypuck host=/var/run/postgresql sslmode=disable";
 80      };
 81    };
 82
 83    users.users.hockeypuck = {
 84      isSystemUser = true;
 85      group = "hockeypuck";
 86      description = "Hockeypuck user";
 87    };
 88    users.groups.hockeypuck = {};
 89
 90    systemd.services.hockeypuck = {
 91      description = "Hockeypuck OpenPGP Key Server";
 92      after = [ "network.target" "postgresql.target" ];
 93      wantedBy = [ "multi-user.target" ];
 94      serviceConfig = {
 95        WorkingDirectory = "/var/lib/hockeypuck";
 96        User = "hockeypuck";
 97        ExecStart = "${pkgs.hockeypuck}/bin/hockeypuck -config ${settingsFormat.generate "config.toml" cfg.settings}";
 98        Restart = "always";
 99        RestartSec = "5s";
100        LogsDirectory = "hockeypuck";
101        LogsDirectoryMode = "0755";
102        StateDirectory = "hockeypuck";
103      };
104    };
105  };
106}