pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / databases / ferretdb.nix
at 24.11-pre 2.1 kB view raw
1{ config, pkgs, lib, ... }: 2 3with lib; 4 5let 6 cfg = config.services.ferretdb; 7in 8{ 9 10 meta.maintainers = with lib.maintainers; [ julienmalka camillemndn ]; 11 12 options = { 13 services.ferretdb = { 14 enable = mkEnableOption "FerretDB, an Open Source MongoDB alternative"; 15 16 package = mkOption { 17 type = types.package; 18 example = literalExpression "pkgs.ferretdb"; 19 default = pkgs.ferretdb; 20 defaultText = "pkgs.ferretdb"; 21 description = "FerretDB package to use."; 22 }; 23 24 settings = lib.mkOption { 25 type = 26 lib.types.submodule { freeformType = with lib.types; attrsOf str; }; 27 example = { 28 FERRETDB_LOG_LEVEL = "warn"; 29 FERRETDB_MODE = "normal"; 30 }; 31 description = '' 32 Additional configuration for FerretDB, see 33 <https://docs.ferretdb.io/configuration/flags/> 34 for supported values. 35 ''; 36 }; 37 }; 38 }; 39 40 config = mkIf cfg.enable 41 { 42 43 services.ferretdb.settings = { 44 FERRETDB_HANDLER = lib.mkDefault "sqlite"; 45 FERRETDB_SQLITE_URL = lib.mkDefault "file:/var/lib/ferretdb/"; 46 }; 47 48 systemd.services.ferretdb = { 49 description = "FerretDB"; 50 after = [ "network.target" ]; 51 wantedBy = [ "multi-user.target" ]; 52 environment = cfg.settings; 53 serviceConfig = { 54 Type = "simple"; 55 StateDirectory = "ferretdb"; 56 WorkingDirectory = "/var/lib/ferretdb"; 57 ExecStart = "${cfg.package}/bin/ferretdb"; 58 Restart = "on-failure"; 59 ProtectHome = true; 60 ProtectSystem = "strict"; 61 PrivateTmp = true; 62 PrivateDevices = true; 63 ProtectHostname = true; 64 ProtectClock = true; 65 ProtectKernelTunables = true; 66 ProtectKernelModules = true; 67 ProtectKernelLogs = true; 68 ProtectControlGroups = true; 69 NoNewPrivileges = true; 70 RestrictRealtime = true; 71 RestrictSUIDSGID = true; 72 RemoveIPC = true; 73 PrivateMounts = true; 74 DynamicUser = true; 75 }; 76 }; 77 }; 78} 79