commit 414c23faccf416ff4995ca999de620597ab8c1c5 · pyrox.dev/nixpkgs

+19 -1
nixos/modules/services/networking/ncps.nix
···

       37
       37
        
             "--cache-hostname='${cfg.cache.hostName}'"

     

       38
       38
        
             "--cache-data-path='${cfg.cache.dataPath}'"

     

       39
       39
        
             "--cache-database-url='${cfg.cache.databaseURL}'"

     

       40
       40
       +
             "--cache-temp-path='${cfg.cache.tempPath}'"

     

       40
       41
        
             "--server-addr='${cfg.server.addr}'"

     

       41
       42
        
           ]

     

       42
       43
        
           ++ (lib.optional cfg.cache.allowDeleteVerb "--cache-allow-delete-verb")

     
···

       170
       171
        
                   empty to automatically generate a private/public key.

     

       171
       172
        
                 '';

     

       172
       173
        
               };

     

       174
       174
       +
       

     

       175
       175
       +
               tempPath = lib.mkOption {

     

       176
       176
       +
                 type = lib.types.str;

     

       177
       177
       +
                 default = "/tmp";

     

       178
       178
       +
                 description = ''

     

       179
       179
       +
                   The path to the temporary directory that is used by the cache to download NAR files

     

       180
       180
       +
                 '';

     

       181
       181
       +
               };

     

       173
       182
        
             };

     

       174
       183
        
       

     

       175
       184
        
             server = {

     
···

       219
       228
        
           };

     

       220
       229
        
           users.groups.ncps = { };

     

       221
       230
        
       

     

       222
       222
       -
           systemd.services.ncps-create-datadirs = {

     

       231
       231
       +
           systemd.services.ncps-create-directories = {

     

       223
       232
        
             description = "Created required directories by ncps";

     

       224
       233
        
             serviceConfig = {

     

       225
       234
        
               Type = "oneshot";

     
···

       237
       246
        
                   mkdir -p ${dbDir}

     

       238
       247
        
                   chown ncps:ncps ${dbDir}

     

       239
       248
        
                 fi

     

       249
       249
       +
               '')

     

       250
       250
       +
               + (lib.optionalString (cfg.cache.tempPath != "/tmp") ''

     

       251
       251
       +
                 if ! test -d ${cfg.cache.tempPath}; then

     

       252
       252
       +
                   mkdir -p ${cfg.cache.tempPath}

     

       253
       253
       +
                   chown ncps:ncps ${cfg.cache.tempPath}

     

       254
       254
       +
                 fi

     

       240
       255
        
               '');

     

       241
       256
        
             wantedBy = [ "ncps.service" ];

     

       242
       257
        
             before = [ "ncps.service" ];

     
···

       277
       292
        
               })

     

       278
       293
        
               (lib.mkIf (isSqlite && !lib.strings.hasPrefix "/var/lib/ncps" dbDir) {

     

       279
       294
        
                 ReadWritePaths = [ dbDir ];

     

       295
       295
       +
               })

     

       296
       296
       +
               (lib.mkIf (cfg.cache.tempPath != "/tmp") {

     

       297
       297
       +
                 ReadWritePaths = [ cfg.cache.tempPath ];

     

       280
       298
        
               })

     

       281
       299
        
       

     

       282
       300
        
               # Hardening