pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / databases / mongodb.nix
at 23.11-pre 5.7 kB view raw
1{ config, lib, pkgs, ... }: 2 3with lib; 4 5let 6 7 cfg = config.services.mongodb; 8 9 mongodb = cfg.package; 10 11 mongoCnf = cfg: pkgs.writeText "mongodb.conf" 12 '' 13 net.bindIp: ${cfg.bind_ip} 14 ${optionalString cfg.quiet "systemLog.quiet: true"} 15 systemLog.destination: syslog 16 storage.dbPath: ${cfg.dbpath} 17 ${optionalString cfg.enableAuth "security.authorization: enabled"} 18 ${optionalString (cfg.replSetName != "") "replication.replSetName: ${cfg.replSetName}"} 19 ${cfg.extraConfig} 20 ''; 21 22in 23 24{ 25 26 ###### interface 27 28 options = { 29 30 services.mongodb = { 31 32 enable = mkEnableOption (lib.mdDoc "the MongoDB server"); 33 34 package = mkOption { 35 default = pkgs.mongodb; 36 defaultText = literalExpression "pkgs.mongodb"; 37 type = types.package; 38 description = lib.mdDoc '' 39 Which MongoDB derivation to use. 40 ''; 41 }; 42 43 user = mkOption { 44 type = types.str; 45 default = "mongodb"; 46 description = lib.mdDoc "User account under which MongoDB runs"; 47 }; 48 49 bind_ip = mkOption { 50 type = types.str; 51 default = "127.0.0.1"; 52 description = lib.mdDoc "IP to bind to"; 53 }; 54 55 quiet = mkOption { 56 type = types.bool; 57 default = false; 58 description = lib.mdDoc "quieter output"; 59 }; 60 61 enableAuth = mkOption { 62 type = types.bool; 63 default = false; 64 description = lib.mdDoc "Enable client authentication. Creates a default superuser with username root!"; 65 }; 66 67 initialRootPassword = mkOption { 68 type = types.nullOr types.str; 69 default = null; 70 description = lib.mdDoc "Password for the root user if auth is enabled."; 71 }; 72 73 dbpath = mkOption { 74 type = types.str; 75 default = "/var/db/mongodb"; 76 description = lib.mdDoc "Location where MongoDB stores its files"; 77 }; 78 79 pidFile = mkOption { 80 type = types.str; 81 default = "/run/mongodb.pid"; 82 description = lib.mdDoc "Location of MongoDB pid file"; 83 }; 84 85 replSetName = mkOption { 86 type = types.str; 87 default = ""; 88 description = lib.mdDoc '' 89 If this instance is part of a replica set, set its name here. 90 Otherwise, leave empty to run as single node. 91 ''; 92 }; 93 94 extraConfig = mkOption { 95 type = types.lines; 96 default = ""; 97 example = '' 98 storage.journal.enabled: false 99 ''; 100 description = lib.mdDoc "MongoDB extra configuration in YAML format"; 101 }; 102 103 initialScript = mkOption { 104 type = types.nullOr types.path; 105 default = null; 106 description = lib.mdDoc '' 107 A file containing MongoDB statements to execute on first startup. 108 ''; 109 }; 110 }; 111 112 }; 113 114 115 ###### implementation 116 117 config = mkIf config.services.mongodb.enable { 118 assertions = [ 119 { assertion = !cfg.enableAuth || cfg.initialRootPassword != null; 120 message = "`enableAuth` requires `initialRootPassword` to be set."; 121 } 122 ]; 123 124 users.users.mongodb = mkIf (cfg.user == "mongodb") 125 { name = "mongodb"; 126 isSystemUser = true; 127 group = "mongodb"; 128 description = "MongoDB server user"; 129 }; 130 users.groups.mongodb = mkIf (cfg.user == "mongodb") {}; 131 132 environment.systemPackages = [ mongodb ]; 133 134 systemd.services.mongodb = 135 { description = "MongoDB server"; 136 137 wantedBy = [ "multi-user.target" ]; 138 after = [ "network.target" ]; 139 140 serviceConfig = { 141 ExecStart = "${mongodb}/bin/mongod --config ${mongoCnf cfg} --fork --pidfilepath ${cfg.pidFile}"; 142 User = cfg.user; 143 PIDFile = cfg.pidFile; 144 Type = "forking"; 145 TimeoutStartSec=120; # initial creating of journal can take some time 146 PermissionsStartOnly = true; 147 }; 148 149 preStart = let 150 cfg_ = cfg // { enableAuth = false; bind_ip = "127.0.0.1"; }; 151 in '' 152 rm ${cfg.dbpath}/mongod.lock || true 153 if ! test -e ${cfg.dbpath}; then 154 install -d -m0700 -o ${cfg.user} ${cfg.dbpath} 155 # See postStart! 156 touch ${cfg.dbpath}/.first_startup 157 fi 158 if ! test -e ${cfg.pidFile}; then 159 install -D -o ${cfg.user} /dev/null ${cfg.pidFile} 160 fi '' + lib.optionalString cfg.enableAuth '' 161 162 if ! test -e "${cfg.dbpath}/.auth_setup_complete"; then 163 systemd-run --unit=mongodb-for-setup --uid=${cfg.user} ${mongodb}/bin/mongod --config ${mongoCnf cfg_} 164 # wait for mongodb 165 while ! ${mongodb}/bin/mongo --eval "db.version()" > /dev/null 2>&1; do sleep 0.1; done 166 167 ${mongodb}/bin/mongo <<EOF 168 use admin 169 db.createUser( 170 { 171 user: "root", 172 pwd: "${cfg.initialRootPassword}", 173 roles: [ 174 { role: "userAdminAnyDatabase", db: "admin" }, 175 { role: "dbAdminAnyDatabase", db: "admin" }, 176 { role: "readWriteAnyDatabase", db: "admin" } 177 ] 178 } 179 ) 180 EOF 181 touch "${cfg.dbpath}/.auth_setup_complete" 182 systemctl stop mongodb-for-setup 183 fi 184 ''; 185 postStart = '' 186 if test -e "${cfg.dbpath}/.first_startup"; then 187 ${optionalString (cfg.initialScript != null) '' 188 ${mongodb}/bin/mongo ${optionalString (cfg.enableAuth) "-u root -p ${cfg.initialRootPassword}"} admin "${cfg.initialScript}" 189 ''} 190 rm -f "${cfg.dbpath}/.first_startup" 191 fi 192 ''; 193 }; 194 195 }; 196 197}