nixos/modules/services/misc/parsoid.nix at 23.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / misc / parsoid.nix
at 23.11-pre 3.0 kB view raw
  1{ config, lib, pkgs, ... }:
  2
  3with lib;
  4
  5let
  6
  7  cfg = config.services.parsoid;
  8
  9  parsoid = pkgs.nodePackages.parsoid;
 10
 11  confTree = {
 12    worker_heartbeat_timeout = 300000;
 13    logging = { level = "info"; };
 14    services = [{
 15      module = "lib/index.js";
 16      entrypoint = "apiServiceWorker";
 17      conf = {
 18        mwApis = map (x: if isAttrs x then x else { uri = x; }) cfg.wikis;
 19        serverInterface = cfg.interface;
 20        serverPort = cfg.port;
 21      };
 22    }];
 23  };
 24
 25  confFile = pkgs.writeText "config.yml" (builtins.toJSON (recursiveUpdate confTree cfg.extraConfig));
 26
 27in
 28{
 29  imports = [
 30    (mkRemovedOptionModule [ "services" "parsoid" "interwikis" ] "Use services.parsoid.wikis instead")
 31  ];
 32
 33  ##### interface
 34
 35  options = {
 36
 37    services.parsoid = {
 38
 39      enable = mkOption {
 40        type = types.bool;
 41        default = false;
 42        description = lib.mdDoc ''
 43          Whether to enable Parsoid -- bidirectional
 44          wikitext parser.
 45        '';
 46      };
 47
 48      wikis = mkOption {
 49        type = types.listOf (types.either types.str types.attrs);
 50        example = [ "http://localhost/api.php" ];
 51        description = lib.mdDoc ''
 52          Used MediaWiki API endpoints.
 53        '';
 54      };
 55
 56      workers = mkOption {
 57        type = types.int;
 58        default = 2;
 59        description = lib.mdDoc ''
 60          Number of Parsoid workers.
 61        '';
 62      };
 63
 64      interface = mkOption {
 65        type = types.str;
 66        default = "127.0.0.1";
 67        description = lib.mdDoc ''
 68          Interface to listen on.
 69        '';
 70      };
 71
 72      port = mkOption {
 73        type = types.port;
 74        default = 8000;
 75        description = lib.mdDoc ''
 76          Port to listen on.
 77        '';
 78      };
 79
 80      extraConfig = mkOption {
 81        type = types.attrs;
 82        default = {};
 83        description = lib.mdDoc ''
 84          Extra configuration to add to parsoid configuration.
 85        '';
 86      };
 87
 88    };
 89
 90  };
 91
 92  ##### implementation
 93
 94  config = mkIf cfg.enable {
 95
 96    systemd.services.parsoid = {
 97      description = "Bidirectional wikitext parser";
 98      wantedBy = [ "multi-user.target" ];
 99      after = [ "network.target" ];
100      serviceConfig = {
101        ExecStart = "${parsoid}/lib/node_modules/parsoid/bin/server.js -c ${confFile} -n ${toString cfg.workers}";
102
103        DynamicUser = true;
104        User = "parsoid";
105        Group = "parsoid";
106
107        CapabilityBoundingSet = "";
108        NoNewPrivileges = true;
109        ProtectSystem = "strict";
110        ProtectHome = true;
111        PrivateTmp = true;
112        PrivateDevices = true;
113        ProtectHostname = true;
114        ProtectKernelTunables = true;
115        ProtectKernelModules = true;
116        ProtectControlGroups = true;
117        RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
118        RestrictNamespaces = true;
119        LockPersonality = true;
120        #MemoryDenyWriteExecute = true;
121        RestrictRealtime = true;
122        RestrictSUIDSGID = true;
123        RemoveIPC = true;
124      };
125    };
126
127  };
128
129}