nixos/modules/services/databases/chromadb.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / databases / chromadb.nix
at 25.11-pre 2.8 kB view raw
  1{
  2  config,
  3  pkgs,
  4  lib,
  5  ...
  6}:
  7
  8let
  9  cfg = config.services.chromadb;
 10  inherit (lib)
 11    mkEnableOption
 12    mkOption
 13    mkIf
 14    types
 15    literalExpression
 16    ;
 17in
 18{
 19
 20  meta.maintainers = with lib.maintainers; [ drupol ];
 21
 22  options = {
 23    services.chromadb = {
 24      enable = mkEnableOption "ChromaDB, an open-source AI application database.";
 25
 26      package = mkOption {
 27        type = types.package;
 28        example = literalExpression "pkgs.python3Packages.chromadb";
 29        default = pkgs.python3Packages.chromadb;
 30        defaultText = "pkgs.python3Packages.chromadb";
 31        description = "ChromaDB package to use.";
 32      };
 33
 34      host = mkOption {
 35        type = types.str;
 36        default = "127.0.0.1";
 37        description = ''
 38          Defines the IP address by which ChromaDB will be accessible.
 39        '';
 40      };
 41
 42      port = mkOption {
 43        type = types.port;
 44        default = 8000;
 45        description = ''
 46          Defined the port number to listen.
 47        '';
 48      };
 49
 50      logFile = mkOption {
 51        type = types.path;
 52        default = "/var/log/chromadb/chromadb.log";
 53        description = ''
 54          Specifies the location of file for logging output.
 55        '';
 56      };
 57
 58      dbpath = mkOption {
 59        type = types.str;
 60        default = "/var/lib/chromadb";
 61        description = "Location where ChromaDB stores its files";
 62      };
 63
 64      openFirewall = mkOption {
 65        type = types.bool;
 66        default = false;
 67        description = ''
 68          Whether to automatically open the specified TCP port in the firewall.
 69        '';
 70      };
 71    };
 72  };
 73
 74  config = mkIf cfg.enable {
 75    systemd.services.chromadb = {
 76      description = "ChromaDB";
 77      after = [ "network.target" ];
 78      wantedBy = [ "multi-user.target" ];
 79      serviceConfig = {
 80        Type = "simple";
 81        StateDirectory = "chromadb";
 82        WorkingDirectory = "/var/lib/chromadb";
 83        LogsDirectory = "chromadb";
 84        ExecStart = "${lib.getExe cfg.package} run --path ${cfg.dbpath} --host ${cfg.host} --port ${toString cfg.port} --log-path ${cfg.logFile}";
 85        Restart = "on-failure";
 86        ProtectHome = true;
 87        ProtectSystem = "strict";
 88        PrivateTmp = true;
 89        PrivateDevices = true;
 90        ProtectHostname = true;
 91        ProtectClock = true;
 92        ProtectKernelTunables = true;
 93        ProtectKernelModules = true;
 94        ProtectKernelLogs = true;
 95        ProtectControlGroups = true;
 96        NoNewPrivileges = true;
 97        RestrictRealtime = true;
 98        RestrictSUIDSGID = true;
 99        RemoveIPC = true;
100        PrivateMounts = true;
101        DynamicUser = true;
102      };
103    };
104
105    networking.firewall.allowedTCPPorts = lib.optionals cfg.openFirewall [ cfg.port ];
106  };
107}