nixos/modules/services/databases/ferretdb.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / databases / ferretdb.nix
at 25.11-pre 3.1 kB view raw
  1{
  2  config,
  3  pkgs,
  4  lib,
  5  ...
  6}:
  7let
  8  cfg = config.services.ferretdb;
  9in
 10{
 11
 12  meta.maintainers = with lib.maintainers; [
 13    julienmalka
 14    camillemndn
 15  ];
 16
 17  options = {
 18    services.ferretdb = {
 19      enable = lib.mkEnableOption "FerretDB, an Open Source MongoDB alternative";
 20
 21      package = lib.mkOption {
 22        type = lib.types.package;
 23        example = lib.literalExpression "pkgs.ferretdb";
 24        default = pkgs.ferretdb;
 25        defaultText = "pkgs.ferretdb";
 26        description = "FerretDB package to use.";
 27      };
 28
 29      settings = lib.mkOption {
 30        type = lib.types.submodule {
 31          freeformType = with lib.types; attrsOf str;
 32          options = {
 33            FERRETDB_HANDLER = lib.mkOption {
 34              type = lib.types.enum [
 35                "sqlite"
 36                "pg"
 37              ];
 38              default = "sqlite";
 39              description = "Backend handler";
 40            };
 41
 42            FERRETDB_SQLITE_URL = lib.mkOption {
 43              type = lib.types.str;
 44              default = "file:/var/lib/ferretdb/";
 45              description = "SQLite URI (directory) for 'sqlite' handler";
 46            };
 47
 48            FERRETDB_POSTGRESQL_URL = lib.mkOption {
 49              type = lib.types.str;
 50              default = "postgres://ferretdb@localhost/ferretdb?host=/run/postgresql";
 51              description = "PostgreSQL URL for 'pg' handler";
 52            };
 53
 54            FERRETDB_TELEMETRY = lib.mkOption {
 55              type = lib.types.enum [
 56                "enable"
 57                "disable"
 58              ];
 59              default = "disable";
 60              description = ''
 61                Enable or disable basic telemetry.
 62
 63                See <https://docs.ferretdb.io/telemetry/> for more information.
 64              '';
 65            };
 66          };
 67        };
 68        example = {
 69          FERRETDB_LOG_LEVEL = "warn";
 70          FERRETDB_MODE = "normal";
 71        };
 72        description = ''
 73          Additional configuration for FerretDB, see
 74          <https://docs.ferretdb.io/configuration/flags/>
 75          for supported values.
 76        '';
 77      };
 78    };
 79  };
 80
 81  config = lib.mkIf cfg.enable {
 82    services.ferretdb.settings = { };
 83
 84    systemd.services.ferretdb = {
 85      description = "FerretDB";
 86      after = [ "network.target" ];
 87      wantedBy = [ "multi-user.target" ];
 88      environment = cfg.settings;
 89      serviceConfig = {
 90        Type = "simple";
 91        StateDirectory = "ferretdb";
 92        WorkingDirectory = "/var/lib/ferretdb";
 93        ExecStart = "${cfg.package}/bin/ferretdb";
 94        Restart = "on-failure";
 95        ProtectHome = true;
 96        ProtectSystem = "strict";
 97        PrivateTmp = true;
 98        PrivateDevices = true;
 99        ProtectHostname = true;
100        ProtectClock = true;
101        ProtectKernelTunables = true;
102        ProtectKernelModules = true;
103        ProtectKernelLogs = true;
104        ProtectControlGroups = true;
105        NoNewPrivileges = true;
106        RestrictRealtime = true;
107        RestrictSUIDSGID = true;
108        RemoveIPC = true;
109        PrivateMounts = true;
110        DynamicUser = true;
111      };
112    };
113  };
114}