nixos/modules/services/web-apps/node-red.nix at 24.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / web-apps / node-red.nix
at 24.11-pre 4.4 kB view raw
  1{ config, lib, pkgs, ... }:
  2
  3with lib;
  4
  5let
  6  cfg = config.services.node-red;
  7  defaultUser = "node-red";
  8  finalPackage = if cfg.withNpmAndGcc then node-red_withNpmAndGcc else cfg.package;
  9  node-red_withNpmAndGcc = pkgs.runCommand "node-red" {
 10    nativeBuildInputs = [ pkgs.makeWrapper ];
 11  }
 12  ''
 13    mkdir -p $out/bin
 14    makeWrapper ${pkgs.nodePackages.node-red}/bin/node-red $out/bin/node-red \
 15      --set PATH '${lib.makeBinPath [ pkgs.nodePackages.npm pkgs.gcc ]}:$PATH' \
 16  '';
 17in
 18{
 19  options.services.node-red = {
 20    enable = mkEnableOption "the Node-RED service";
 21
 22    package = mkPackageOption pkgs [ "nodePackages" "node-red" ] { };
 23
 24    openFirewall = mkOption {
 25      type = types.bool;
 26      default = false;
 27      description = ''
 28        Open ports in the firewall for the server.
 29      '';
 30    };
 31
 32    withNpmAndGcc = mkOption {
 33      type = types.bool;
 34      default = false;
 35      description = ''
 36        Give Node-RED access to NPM and GCC at runtime, so 'Nodes' can be
 37        downloaded and managed imperatively via the 'Palette Manager'.
 38      '';
 39    };
 40
 41    configFile = mkOption {
 42      type = types.path;
 43      default = "${cfg.package}/lib/node_modules/node-red/settings.js";
 44      defaultText = literalExpression ''"''${package}/lib/node_modules/node-red/settings.js"'';
 45      description = ''
 46        Path to the JavaScript configuration file.
 47        See <https://github.com/node-red/node-red/blob/master/packages/node_modules/node-red/settings.js>
 48        for a configuration example.
 49      '';
 50    };
 51
 52    port = mkOption {
 53      type = types.port;
 54      default = 1880;
 55      description = "Listening port.";
 56    };
 57
 58    user = mkOption {
 59      type = types.str;
 60      default = defaultUser;
 61      description = ''
 62        User under which Node-RED runs.If left as the default value this user
 63        will automatically be created on system activation, otherwise the
 64        sysadmin is responsible for ensuring the user exists.
 65      '';
 66    };
 67
 68    group = mkOption {
 69      type = types.str;
 70      default = defaultUser;
 71      description = ''
 72        Group under which Node-RED runs.If left as the default value this group
 73        will automatically be created on system activation, otherwise the
 74        sysadmin is responsible for ensuring the group exists.
 75      '';
 76    };
 77
 78    userDir = mkOption {
 79      type = types.path;
 80      default = "/var/lib/node-red";
 81      description = ''
 82        The directory to store all user data, such as flow and credential files and all library data. If left
 83        as the default value this directory will automatically be created before the node-red service starts,
 84        otherwise the sysadmin is responsible for ensuring the directory exists with appropriate ownership
 85        and permissions.
 86      '';
 87    };
 88
 89    safe = mkOption {
 90      type = types.bool;
 91      default = false;
 92      description = "Whether to launch Node-RED in --safe mode.";
 93    };
 94
 95    define = mkOption {
 96      type = types.attrs;
 97      default = {};
 98      description = "List of settings.js overrides to pass via -D to Node-RED.";
 99      example = literalExpression ''
100        {
101          "logging.console.level" = "trace";
102        }
103      '';
104    };
105  };
106
107  config = mkIf cfg.enable {
108    users.users = optionalAttrs (cfg.user == defaultUser) {
109      ${defaultUser} = {
110        isSystemUser = true;
111        group = defaultUser;
112      };
113    };
114
115    users.groups = optionalAttrs (cfg.group == defaultUser) {
116      ${defaultUser} = { };
117    };
118
119    networking.firewall = mkIf cfg.openFirewall {
120      allowedTCPPorts = [ cfg.port ];
121    };
122
123    systemd.services.node-red = {
124      description = "Node-RED Service";
125      wantedBy = [ "multi-user.target" ];
126      after = [ "networking.target" ];
127      environment = {
128        HOME = cfg.userDir;
129      };
130      serviceConfig = mkMerge [
131        {
132          User = cfg.user;
133          Group = cfg.group;
134          ExecStart = "${finalPackage}/bin/node-red ${pkgs.lib.optionalString cfg.safe "--safe"} --settings ${cfg.configFile} --port ${toString cfg.port} --userDir ${cfg.userDir} ${concatStringsSep " " (mapAttrsToList (name: value: "-D ${name}=${value}") cfg.define)}";
135          PrivateTmp = true;
136          Restart = "always";
137          WorkingDirectory = cfg.userDir;
138        }
139        (mkIf (cfg.userDir == "/var/lib/node-red") { StateDirectory = "node-red"; })
140      ];
141    };
142  };
143}