nixos/modules/services/misc/etesync-dav.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / misc / etesync-dav.nix
at 25.11-pre 2.8 kB view raw
 1{
 2  config,
 3  lib,
 4  pkgs,
 5  ...
 6}:
 7let
 8  cfg = config.services.etesync-dav;
 9in
10{
11  options.services.etesync-dav = {
12    enable = lib.mkEnableOption "etesync-dav, end-to-end encrypted sync for contacts, calendars and tasks";
13
14    host = lib.mkOption {
15      type = lib.types.str;
16      default = "localhost";
17      description = "The server host address.";
18    };
19
20    port = lib.mkOption {
21      type = lib.types.port;
22      default = 37358;
23      description = "The server host port.";
24    };
25
26    apiUrl = lib.mkOption {
27      type = lib.types.str;
28      default = "https://api.etebase.com/partner/etesync/";
29      description = "The url to the etesync API.";
30    };
31
32    openFirewall = lib.mkOption {
33      default = false;
34      type = lib.types.bool;
35      description = "Whether to open the firewall for the specified port.";
36    };
37
38    sslCertificate = lib.mkOption {
39      type = lib.types.nullOr lib.types.path;
40      default = null;
41      example = "/var/etesync.crt";
42      description = ''
43        Path to server SSL certificate. It will be copied into
44        etesync-dav's data directory.
45      '';
46    };
47
48    sslCertificateKey = lib.mkOption {
49      type = lib.types.nullOr lib.types.path;
50      default = null;
51      example = "/var/etesync.key";
52      description = ''
53        Path to server SSL certificate key.  It will be copied into
54        etesync-dav's data directory.
55      '';
56    };
57  };
58
59  config = lib.mkIf cfg.enable {
60    networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall [ cfg.port ];
61
62    systemd.services.etesync-dav = {
63      description = "etesync-dav - A CalDAV and CardDAV adapter for EteSync";
64      wants = [ "network-online.target" ];
65      after = [ "network-online.target" ];
66      wantedBy = [ "multi-user.target" ];
67      path = [ pkgs.etesync-dav ];
68      environment = {
69        ETESYNC_LISTEN_ADDRESS = cfg.host;
70        ETESYNC_LISTEN_PORT = toString cfg.port;
71        ETESYNC_URL = cfg.apiUrl;
72        ETESYNC_DATA_DIR = "/var/lib/etesync-dav";
73      };
74
75      serviceConfig = {
76        Type = "simple";
77        DynamicUser = true;
78        StateDirectory = "etesync-dav";
79        ExecStart = "${pkgs.etesync-dav}/bin/etesync-dav";
80        ExecStartPre = lib.mkIf (cfg.sslCertificate != null || cfg.sslCertificateKey != null) (
81          pkgs.writers.writeBash "etesync-dav-copy-keys" ''
82            ${lib.optionalString (cfg.sslCertificate != null) ''
83              cp ${toString cfg.sslCertificate} $STATE_DIRECTORY/etesync.crt
84            ''}
85            ${lib.optionalString (cfg.sslCertificateKey != null) ''
86              cp ${toString cfg.sslCertificateKey} $STATE_DIRECTORY/etesync.key
87            ''}
88          ''
89        );
90        Restart = "on-failure";
91        RestartSec = "30min 1s";
92      };
93    };
94  };
95}