nixos/modules/services/misc/etesync-dav.nix at 24.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / misc / etesync-dav.nix
at 24.11-pre 2.8 kB view raw
 1{ config, lib, pkgs, ... }:
 2
 3with lib;
 4
 5let
 6  cfg = config.services.etesync-dav;
 7in
 8  {
 9    options.services.etesync-dav = {
10      enable = mkEnableOption "etesync-dav, end-to-end encrypted sync for contacts, calendars and tasks";
11
12      host = mkOption {
13        type = types.str;
14        default = "localhost";
15        description = "The server host address.";
16      };
17
18      port = mkOption {
19        type = types.port;
20        default = 37358;
21        description = "The server host port.";
22      };
23
24      apiUrl = mkOption {
25        type = types.str;
26        default = "https://api.etesync.com/";
27        description = "The url to the etesync API.";
28      };
29
30      openFirewall = mkOption {
31        default = false;
32        type = types.bool;
33        description = "Whether to open the firewall for the specified port.";
34      };
35
36      sslCertificate = mkOption {
37        type = types.nullOr types.path;
38        default = null;
39        example = "/var/etesync.crt";
40        description = ''
41          Path to server SSL certificate. It will be copied into
42          etesync-dav's data directory.
43        '';
44      };
45
46      sslCertificateKey = mkOption {
47        type = types.nullOr types.path;
48        default = null;
49        example = "/var/etesync.key";
50        description = ''
51          Path to server SSL certificate key.  It will be copied into
52          etesync-dav's data directory.
53        '';
54      };
55    };
56
57    config = mkIf cfg.enable {
58      networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.port ];
59
60      systemd.services.etesync-dav = {
61        description = "etesync-dav - A CalDAV and CardDAV adapter for EteSync";
62        wants = [ "network-online.target" ];
63        after = [ "network-online.target" ];
64        wantedBy = [ "multi-user.target" ];
65        path = [ pkgs.etesync-dav ];
66        environment = {
67          ETESYNC_LISTEN_ADDRESS = cfg.host;
68          ETESYNC_LISTEN_PORT = toString cfg.port;
69          ETESYNC_URL = cfg.apiUrl;
70          ETESYNC_DATA_DIR = "/var/lib/etesync-dav";
71        };
72
73        serviceConfig = {
74          Type = "simple";
75          DynamicUser = true;
76          StateDirectory = "etesync-dav";
77          ExecStart = "${pkgs.etesync-dav}/bin/etesync-dav";
78          ExecStartPre = mkIf (cfg.sslCertificate != null || cfg.sslCertificateKey != null) (
79            pkgs.writers.writeBash "etesync-dav-copy-keys" ''
80              ${optionalString (cfg.sslCertificate != null) ''
81                cp ${toString cfg.sslCertificate} $STATE_DIRECTORY/etesync.crt
82              ''}
83              ${optionalString (cfg.sslCertificateKey != null) ''
84                cp ${toString cfg.sslCertificateKey} $STATE_DIRECTORY/etesync.key
85              ''}
86            ''
87          );
88          Restart = "on-failure";
89          RestartSec = "30min 1s";
90        };
91      };
92    };
93  }