···
{ config, lib, pkgs, ... }:
cfg = config.services.meguca;
postgres = config.services.postgresql;
options.services.meguca = {
enable = mkEnableOption "meguca";
12
-
baseDir = mkOption {
10
+
dataDir = mkOption {
14
-
default = "/run/meguca";
12
+
default = "/var/lib/meguca";
13
+
example = "/home/okina/meguca";
description = "Location where meguca stores it's database and links.";
20
+
example = "dumbpass";
description = "Password for the meguca database.";
passwordFile = mkOption {
default = "/run/keys/meguca-password-file";
27
+
example = "/home/okina/meguca/keys/pass";
description = "Password file for the meguca database.";
reverseProxy = mkOption {
type = types.nullOr types.str;
34
+
example = "192.168.1.5";
description = "Reverse proxy IP.";
sslCertificate = mkOption {
type = types.nullOr types.str;
41
+
example = "/home/okina/meguca/ssl.cert";
description = "Path to the SSL certificate.";
listenAddress = mkOption {
type = types.nullOr types.str;
48
+
example = "127.0.0.1:8000";
description = "Listen on a specific IP address and port.";
type = types.nullOr types.int;
description = "Cache size in MB.";
postgresArgs = mkOption {
56
-
default = "user=meguca password=" + cfg.password + " dbname=meguca sslmode=disable";
61
+
example = "user=meguca password=dumbpass dbname=meguca sslmode=disable";
description = "Postgresql connection arguments.";
postgresArgsFile = mkOption {
default = "/run/keys/meguca-postgres-args";
68
+
example = "/home/okina/meguca/keys/postgres";
description = "Postgresql connection arguments file.";
···
config = mkIf cfg.enable {
86
-
security.sudo.enable = cfg.enable == true;
87
-
services.postgresql.enable = cfg.enable == true;
89
-
services.meguca.passwordFile = mkDefault (toString (pkgs.writeTextFile {
90
-
name = "meguca-password-file";
91
-
text = cfg.password;
94
-
services.meguca.postgresArgsFile = mkDefault (toString (pkgs.writeTextFile {
95
-
name = "meguca-postgres-args";
96
-
text = cfg.postgresArgs;
92
+
security.sudo.enable = cfg.enable;
93
+
services.postgresql.enable = cfg.enable;
94
+
services.meguca.passwordFile = mkDefault (pkgs.writeText "meguca-password-file" cfg.password);
95
+
services.meguca.postgresArgsFile = mkDefault (pkgs.writeText "meguca-postgres-args" cfg.postgresArgs);
96
+
services.meguca.postgresArgs = mkDefault "user=meguca password=${cfg.password} dbname=meguca sslmode=disable";
systemd.services.meguca = {
···
wantedBy = [ "multi-user.target" ];
105
-
# Ensure folder exists and links are correct or create them
106
-
mkdir -p ${cfg.baseDir}
107
-
chmod 750 ${cfg.baseDir}
108
-
ln -sf ${pkgs.meguca}/share/meguca/www ${cfg.baseDir}
104
+
# Ensure folder exists or create it and links and permissions are correct
105
+
mkdir -p ${escapeShellArg cfg.dataDir}
106
+
ln -sf ${pkgs.meguca}/share/meguca/www ${escapeShellArg cfg.dataDir}
107
+
chmod 750 ${escapeShellArg cfg.dataDir}
108
+
chown -R meguca:meguca ${escapeShellArg cfg.dataDir}
# Ensure the database is correct or create it
${pkgs.sudo}/bin/sudo -u ${postgres.superUser} ${postgres.package}/bin/createuser \
···
${pkgs.sudo}/bin/sudo -u ${postgres.superUser} ${postgres.package}/bin/createdb \
-T template0 -E UTF8 -O meguca meguca || true
${pkgs.sudo}/bin/sudo -u meguca ${postgres.package}/bin/psql \
116
-
-c "ALTER ROLE meguca WITH PASSWORD '$(cat ${cfg.passwordFile})';" || true
116
+
-c "ALTER ROLE meguca WITH PASSWORD '$(cat ${escapeShellArg cfg.passwordFile})';" || true
120
+
cd ${escapeShellArg cfg.dataDir}
122
-
${pkgs.meguca}/bin/meguca -d "$(cat ${cfg.postgresArgsFile})"\
123
-
${optionalString (cfg.reverseProxy != null) " -R ${cfg.reverseProxy}"}\
124
-
${optionalString (cfg.sslCertificate != null) " -S ${cfg.sslCertificate}"}\
125
-
${optionalString (cfg.listenAddress != null) " -a ${cfg.listenAddress}"}\
126
-
${optionalString (cfg.cacheSize != null) " -c ${toString cfg.cacheSize}"}\
127
-
${optionalString (cfg.compressTraffic) " -g"}\
128
-
${optionalString (cfg.assumeReverseProxy) " -r"}\
129
-
${optionalString (cfg.httpsOnly) " -s"} start
122
+
${pkgs.meguca}/bin/meguca -d "$(cat ${escapeShellArg cfg.postgresArgsFile})"''
123
+
+ optionalString (cfg.reverseProxy != null) " -R ${cfg.reverseProxy}"
124
+
+ optionalString (cfg.sslCertificate != null) " -S ${cfg.sslCertificate}"
125
+
+ optionalString (cfg.listenAddress != null) " -a ${cfg.listenAddress}"
126
+
+ optionalString (cfg.cacheSize != null) " -c ${toString cfg.cacheSize}"
127
+
+ optionalString (cfg.compressTraffic) " -g"
128
+
+ optionalString (cfg.assumeReverseProxy) " -r"
129
+
+ optionalString (cfg.httpsOnly) " -s" + " start";
PermissionsStartOnly = true;
137
-
RuntimeDirectory = "meguca";
ExecStop = "${pkgs.meguca}/bin/meguca stop";
141
+
groups.meguca.gid = config.ids.gids.meguca;
description = "meguca server service user";
145
-
home = cfg.baseDir;
145
+
home = cfg.dataDir;
uid = config.ids.uids.meguca;
152
-
gid = config.ids.gids.meguca;
153
-
members = [ "meguca" ];
154
+
(mkRenamedOptionModule [ "services" "meguca" "baseDir" ] [ "services" "meguca" "dataDir" ])
meta.maintainers = with maintainers; [ chiiruno ];
pyrox.dev