nixos/modules/services/web-apps/lanraragi.nix at master · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / web-apps / lanraragi.nix
at master 3.3 kB view raw
  1{
  2  pkgs,
  3  lib,
  4  config,
  5  ...
  6}:
  7
  8let
  9  cfg = config.services.lanraragi;
 10in
 11{
 12  meta.maintainers = with lib.maintainers; [ tomasajt ];
 13
 14  options.services = {
 15    lanraragi = {
 16      enable = lib.mkEnableOption "LANraragi";
 17      package = lib.mkPackageOption pkgs "lanraragi" { };
 18
 19      port = lib.mkOption {
 20        type = lib.types.port;
 21        default = 3000;
 22        description = "Port for LANraragi's web interface.";
 23      };
 24
 25      openFirewall = lib.mkEnableOption "" // {
 26        description = "Open ports in the firewall for LANraragi's web interface.";
 27      };
 28
 29      passwordFile = lib.mkOption {
 30        type = lib.types.nullOr lib.types.path;
 31        default = null;
 32        example = "/run/keys/lanraragi-password";
 33        description = ''
 34          A file containing the password for LANraragi's admin interface.
 35        '';
 36      };
 37
 38      redis = {
 39        port = lib.mkOption {
 40          type = lib.types.port;
 41          default = 6379;
 42          description = "Port for LANraragi's Redis server.";
 43        };
 44        passwordFile = lib.mkOption {
 45          type = lib.types.nullOr lib.types.path;
 46          default = null;
 47          example = "/run/keys/redis-lanraragi-password";
 48          description = ''
 49            A file containing the password for LANraragi's Redis server.
 50          '';
 51        };
 52      };
 53    };
 54  };
 55
 56  config = lib.mkIf cfg.enable {
 57    services.redis.servers.lanraragi = {
 58      enable = true;
 59      port = cfg.redis.port;
 60      requirePassFile = cfg.redis.passwordFile;
 61    };
 62
 63    systemd.services.lanraragi = {
 64      description = "LANraragi main service";
 65      after = [
 66        "network.target"
 67        "redis-lanraragi.service"
 68      ];
 69      requires = [ "redis-lanraragi.service" ];
 70      wantedBy = [ "multi-user.target" ];
 71      serviceConfig = {
 72        ExecStart = lib.getExe cfg.package;
 73        DynamicUser = true;
 74        StateDirectory = "lanraragi";
 75        RuntimeDirectory = "lanraragi";
 76        LogsDirectory = "lanraragi";
 77        Restart = "on-failure";
 78        WorkingDirectory = "/var/lib/lanraragi";
 79      };
 80      environment = {
 81        "LRR_TEMP_DIRECTORY" = "/run/lanraragi";
 82        "LRR_LOG_DIRECTORY" = "/var/log/lanraragi";
 83        "LRR_NETWORK" = "http://*:${toString cfg.port}";
 84        "HOME" = "/var/lib/lanraragi";
 85      };
 86      preStart = ''
 87        cat > lrr.conf <<EOF
 88        {
 89          redis_address => "127.0.0.1:${toString cfg.redis.port}",
 90          redis_password => "${
 91            lib.optionalString (cfg.redis.passwordFile != null) ''$(head -n1 ${cfg.redis.passwordFile})''
 92          }",
 93          redis_database => "0",
 94          redis_database_minion => "1",
 95          redis_database_config => "2",
 96          redis_database_search => "3",
 97        }
 98        EOF
 99      ''
100      + lib.optionalString (cfg.passwordFile != null) ''
101        ${lib.getExe pkgs.redis} -h 127.0.0.1 -p ${toString cfg.redis.port} ${
102          lib.optionalString (cfg.redis.passwordFile != null) ''-a "$(head -n1 ${cfg.redis.passwordFile})"''
103        }<<EOF
104          SELECT 2
105          HSET LRR_CONFIG password $(${cfg.package}/bin/helpers/lrr-make-password-hash $(head -n1 ${cfg.passwordFile}))
106        EOF
107      '';
108    };
109
110    networking.firewall = lib.mkIf cfg.openFirewall {
111      allowedTCPPorts = [ cfg.port ];
112    };
113  };
114}