pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / search / manticore.nix
at 24.11-pre 3.8 kB view raw
1{ config, lib, pkgs, ... }: 2 3with lib; 4 5let 6 7 cfg = config.services.manticore; 8 format = pkgs.formats.json { }; 9 10 toSphinx = { 11 mkKeyValue ? mkKeyValueDefault {} "=", 12 listsAsDuplicateKeys ? true 13 }: attrsOfAttrs: 14 let 15 # map function to string for each key val 16 mapAttrsToStringsSep = sep: mapFn: attrs: 17 concatStringsSep sep 18 (mapAttrsToList mapFn attrs); 19 mkSection = sectName: sectValues: '' 20 ${sectName} { 21 '' + lib.generators.toKeyValue { inherit mkKeyValue listsAsDuplicateKeys; } sectValues + ''}''; 22 in 23 # map input to ini sections 24 mapAttrsToStringsSep "\n" mkSection attrsOfAttrs; 25 26 configFile = pkgs.writeText "manticore.conf" ( 27 toSphinx { 28 mkKeyValue = k: v: " ${k} = ${v}"; 29 } cfg.settings 30 ); 31 32in { 33 34 options = { 35 services.manticore = { 36 37 enable = mkEnableOption "Manticoresearch"; 38 39 settings = mkOption { 40 default = { 41 searchd = { 42 listen = [ 43 "127.0.0.1:9312" 44 "127.0.0.1:9306:mysql" 45 "127.0.0.1:9308:http" 46 ]; 47 log = "/var/log/manticore/searchd.log"; 48 query_log = "/var/log/manticore/query.log"; 49 pid_file = "/run/manticore/searchd.pid"; 50 data_dir = "/var/lib/manticore"; 51 }; 52 }; 53 description = '' 54 Configuration for Manticoresearch. See 55 <https://manual.manticoresearch.com/Server%20settings> 56 for more information. 57 ''; 58 type = types.submodule { 59 freeformType = format.type; 60 }; 61 example = literalExpression '' 62 { 63 searchd = { 64 listen = [ 65 "127.0.0.1:9312" 66 "127.0.0.1:9306:mysql" 67 "127.0.0.1:9308:http" 68 ]; 69 log = "/var/log/manticore/searchd.log"; 70 query_log = "/var/log/manticore/query.log"; 71 pid_file = "/run/manticore/searchd.pid"; 72 data_dir = "/var/lib/manticore"; 73 }; 74 } 75 ''; 76 }; 77 78 }; 79 }; 80 81 config = mkIf cfg.enable { 82 83 systemd = { 84 packages = [ pkgs.manticoresearch ]; 85 services.manticore = { 86 wantedBy = [ "multi-user.target" ]; 87 after = [ "network.target" ]; 88 serviceConfig = { 89 ExecStart = [ 90 "" 91 "${pkgs.manticoresearch}/bin/searchd --config ${configFile}" 92 ]; 93 ExecStop = [ 94 "" 95 "${pkgs.manticoresearch}/bin/searchd --config ${configFile} --stopwait" 96 ]; 97 ExecStartPre = [ "" ]; 98 DynamicUser = true; 99 LogsDirectory = "manticore"; 100 RuntimeDirectory = "manticore"; 101 StateDirectory = "manticore"; 102 ReadWritePaths = ""; 103 CapabilityBoundingSet = ""; 104 RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ]; 105 RestrictNamespaces = true; 106 PrivateDevices = true; 107 PrivateUsers = true; 108 ProtectClock = true; 109 ProtectControlGroups = true; 110 ProtectHome = true; 111 ProtectKernelLogs = true; 112 ProtectKernelModules = true; 113 ProtectKernelTunables = true; 114 SystemCallArchitectures = "native"; 115 SystemCallFilter = [ "@system-service" "~@privileged" ]; 116 RestrictRealtime = true; 117 LockPersonality = true; 118 MemoryDenyWriteExecute = true; 119 UMask = "0066"; 120 ProtectHostname = true; 121 } // lib.optionalAttrs (cfg.settings.searchd.pid_file != null) { 122 PIDFile = cfg.settings.searchd.pid_file; 123 }; 124 }; 125 }; 126 127 }; 128 129 meta.maintainers = with lib.maintainers; [ onny ]; 130 131}