pyrox.dev / nixpkgs
lol
fork atom

nixos/zeronet: Improved config, dynamic user, remove static UI… (#70305)

nixos/zeronet: Improved config, dynamic user, remove static UID and GID

Jörg Thalheim bf3360cd 161c9dc1

options
unified split
Changed files
+34 -60
nixos
modules
misc
ids.nix
services
networking
zeronet.nix
+2 -2
nixos/modules/misc/ids.nix 
···

       
328

       
 

       
      qemu-libvirtd = 301;


     

       
329

       
 

       
      # kvm = 302; # unused


     

       
330

       
 

       
      # render = 303; # unused


     

       
331

       
-

       
      zeronet = 304;


     

       
332

       
 

       
      lirc = 305;


     

       
333

       
 

       
      lidarr = 306;


     

       
334

       
 

       
      slurm = 307;


     
···

       
629

       
 

       
      qemu-libvirtd = 301;


     

       
630

       
 

       
      kvm = 302; # default udev rules from systemd requires these


     

       
631

       
 

       
      render = 303; # default udev rules from systemd requires these


     

       
632

       
-

       
      zeronet = 304;


     

       
633

       
 

       
      lirc = 305;


     

       
634

       
 

       
      lidarr = 306;


     

       
635

       
 

       
      slurm = 307;


     
···

       
328

       
 

       
      qemu-libvirtd = 301;


     

       
329

       
 

       
      # kvm = 302; # unused


     

       
330

       
 

       
      # render = 303; # unused


     

       
331

       
+

       
      # zeronet = 304; # removed 2019-01-03


     

       
332

       
 

       
      lirc = 305;


     

       
333

       
 

       
      lidarr = 306;


     

       
334

       
 

       
      slurm = 307;


     
···

       
629

       
 

       
      qemu-libvirtd = 301;


     

       
630

       
 

       
      kvm = 302; # default udev rules from systemd requires these


     

       
631

       
 

       
      render = 303; # default udev rules from systemd requires these


     

       
632

       
+

       
      # zeronet = 304; # removed 2019-01-03


     

       
633

       
 

       
      lirc = 305;


     

       
634

       
 

       
      lidarr = 306;


     

       
635

       
 

       
      slurm = 307;
+32 -58
nixos/modules/services/networking/zeronet.nix 
···

       
1

       
 

       
{ config, lib, pkgs, ... }:


     

       
2

       
 

       



     

       
3

       
 

       
let


     

       

       

       
     

       
4

       
 

       
  cfg = config.services.zeronet;


     

       

       

       
     

       

       

       
     

       
5

       
 

       



     

       
6

       
-

       
  zConfFile = pkgs.writeTextFile {


     

       
7

       
-

       
    name = "zeronet.conf";


     

       
8

       
-

       



     

       
9

       
-

       
    text = ''


     

       
10

       
-

       
      [global]


     

       
11

       
-

       
      data_dir = ${cfg.dataDir}


     

       
12

       
-

       
      log_dir = ${cfg.logDir}


     

       
13

       
-

       
    '' + lib.optionalString (cfg.port != null) ''


     

       
14

       
-

       
      ui_port = ${toString cfg.port}


     

       
15

       
-

       
    '' + lib.optionalString (cfg.fileserverPort != null) ''


     

       
16

       
-

       
      fileserver_port = ${toString cfg.fileserverPort}


     

       
17

       
-

       
    '' + lib.optionalString (cfg.torAlways) ''


     

       
18

       
-

       
      tor = always


     

       
19

       
-

       
    '' + cfg.extraConfig;


     

       
20

       
 

       
  };


     

       
21

       
 

       
in with lib; {


     

       
22

       
 

       
  options.services.zeronet = {


     

       
23

       
 

       
    enable = mkEnableOption "zeronet";


     

       
24

       
 

       



     

       
25

       
-

       
    dataDir = mkOption {


     

       
26

       
-

       
      type = types.path;


     

       
27

       
-

       
      default = "/var/lib/zeronet";


     

       
28

       
-

       
      example = "/home/okina/zeronet";


     

       
29

       
-

       
      description = "Path to the zeronet data directory.";


     

       
30

       
-

       
    };


     

       
31

       
 

       



     

       
32

       
-

       
    logDir = mkOption {


     

       
33

       
-

       
      type = types.path;


     

       
34

       
-

       
      default = "/var/log/zeronet";


     

       
35

       
-

       
      example = "/home/okina/zeronet/log";


     

       
36

       
-

       
      description = "Path to the zeronet log directory.";


     

       
37

       
 

       
    };


     

       
38

       
 

       



     

       
39

       
 

       
    port = mkOption {


     

       
40

       
-

       
      type = types.nullOr types.int;


     

       
41

       
-

       
      default = null;


     

       
42

       
 

       
      example = 43110;


     

       
43

       
 

       
      description = "Optional zeronet web UI port.";


     

       
44

       
 

       
    };


     
···

       
63

       
 

       
      default = false;


     

       
64

       
 

       
      description = "Use TOR for all zeronet traffic.";


     

       
65

       
 

       
    };


     

       
66

       
-

       



     

       
67

       
-

       
    extraConfig = mkOption {


     

       
68

       
-

       
      type = types.lines;


     

       
69

       
-

       
      default = "";


     

       
70

       
-

       



     

       
71

       
-

       
      description = ''


     

       
72

       
-

       
        Extra configuration. Contents will be added verbatim to the


     

       
73

       
-

       
        configuration file at the end.


     

       
74

       
-

       
      '';


     

       
75

       
-

       
    };


     

       
76

       
 

       
  };


     

       
77

       
 

       



     

       
78

       
 

       
  config = mkIf cfg.enable {


     

       
79

       
 

       
    services.tor = mkIf cfg.tor {


     

       
80

       
 

       
      enable = true;


     

       
81

       
 

       
      controlPort = 9051;


     

       

       

       
     

       
82

       
 

       
      extraConfig = ''


     

       
83

       
 

       
        CacheDirectoryGroupReadable 1


     

       
84

       
 

       
        CookieAuthentication 1


     
···

       
86

       
 

       
      '';


     

       
87

       
 

       
    };


     

       
88

       
 

       



     

       
89

       
-

       
    systemd.tmpfiles.rules = [


     

       
90

       
-

       
      "d '${cfg.dataDir}' 750 zeronet zeronet - -"


     

       
91

       
-

       
      "d '${cfg.logDir}' 750 zeronet zeronet - -"


     

       
92

       
-

       
    ];


     

       
93

       
-

       



     

       
94

       
 

       
    systemd.services.zeronet = {


     

       
95

       
 

       
      description = "zeronet";


     

       
96

       
 

       
      after = [ "network.target" (optionalString cfg.tor "tor.service") ];


     

       
97

       
 

       
      wantedBy = [ "multi-user.target" ];


     

       
98

       
 

       



     

       
99

       
 

       
      serviceConfig = {


     

       
100

       
-

       
        PrivateTmp = "yes";


     

       
101

       
 

       
        User = "zeronet";


     

       
102

       
-

       
        Group = "zeronet";


     

       
103

       
-

       
        ExecStart = "${pkgs.zeronet}/bin/zeronet --config_file ${zConfFile}";


     

       
104

       
-

       
      };


     

       
105

       
-

       
    };


     

       
106

       
-

       



     

       
107

       
-

       
    users = {


     

       
108

       
-

       
      groups.zeronet.gid = config.ids.gids.zeronet;


     

       
109

       
-

       



     

       
110

       
-

       
      users.zeronet = {


     

       
111

       
-

       
        description = "zeronet service user";


     

       
112

       
-

       
        home = cfg.dataDir;


     

       
113

       
-

       
        createHome = true;


     

       
114

       
-

       
        group = "zeronet";


     

       
115

       
-

       
        extraGroups = mkIf cfg.tor [ "tor" ];


     

       
116

       
-

       
        uid = config.ids.uids.zeronet;


     

       
117

       
 

       
      };


     

       
118

       
 

       
    };


     

       
119

       
 

       
  };


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
120

       
 

       



     

       
121

       
 

       
  meta.maintainers = with maintainers; [ chiiruno ];


     

       
122

       
 

       
}


     
···

       
1

       
 

       
{ config, lib, pkgs, ... }:


     

       
2

       
 

       



     

       
3

       
 

       
let


     

       
4

       
+

       
  inherit (lib) generators literalExample mkEnableOption mkIf mkOption recursiveUpdate types;


     

       
5

       
 

       
  cfg = config.services.zeronet;


     

       
6

       
+

       
  dataDir = "/var/lib/zeronet";


     

       
7

       
+

       
  configFile = pkgs.writeText "zeronet.conf" (generators.toINI {} (recursiveUpdate defaultSettings cfg.settings));


     

       
8

       
 

       



     

       
9

       
+

       
  defaultSettings = {


     

       
10

       
+

       
    global = {


     

       
11

       
+

       
      data_dir = dataDir;


     

       
12

       
+

       
      log_dir = dataDir;


     

       
13

       
+

       
      ui_port = cfg.port;


     

       
14

       
+

       
      fileserver_port = cfg.fileserverPort;


     

       
15

       
+

       
      tor = if !cfg.tor then "disable" else if cfg.torAlways then "always" else "enable";


     

       
16

       
+

       
    };


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
17

       
 

       
  };


     

       
18

       
 

       
in with lib; {


     

       
19

       
 

       
  options.services.zeronet = {


     

       
20

       
 

       
    enable = mkEnableOption "zeronet";


     

       
21

       
 

       



     

       
22

       
+

       
    settings = mkOption {


     

       
23

       
+

       
      type = with types; attrsOf (oneOf [ str int bool (listOf str) ]);


     

       
24

       
+

       
      default = {};


     

       
25

       
+

       
      example = literalExample "global.tor = enable;";


     

       

       

       
     

       

       

       
     

       
26

       
 

       



     

       
27

       
+

       
      description = ''


     

       
28

       
+

       
        <filename>zeronet.conf</filename> configuration. Refer to


     

       
29

       
+

       
        <link xlink:href="https://zeronet.readthedocs.io/en/latest/faq/#is-it-possible-to-use-a-configuration-file"/>


     

       
30

       
+

       
        for details on supported values;


     

       
31

       
+

       
      '';


     

       
32

       
 

       
    };


     

       
33

       
 

       



     

       
34

       
 

       
    port = mkOption {


     

       
35

       
+

       
      type = types.int;


     

       
36

       
+

       
      default = 43110;


     

       
37

       
 

       
      example = 43110;


     

       
38

       
 

       
      description = "Optional zeronet web UI port.";


     

       
39

       
 

       
    };


     
···

       
58

       
 

       
      default = false;


     

       
59

       
 

       
      description = "Use TOR for all zeronet traffic.";


     

       
60

       
 

       
    };


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
61

       
 

       
  };


     

       
62

       
 

       



     

       
63

       
 

       
  config = mkIf cfg.enable {


     

       
64

       
 

       
    services.tor = mkIf cfg.tor {


     

       
65

       
 

       
      enable = true;


     

       
66

       
 

       
      controlPort = 9051;


     

       
67

       
+

       



     

       
68

       
 

       
      extraConfig = ''


     

       
69

       
 

       
        CacheDirectoryGroupReadable 1


     

       
70

       
 

       
        CookieAuthentication 1


     
···

       
72

       
 

       
      '';


     

       
73

       
 

       
    };


     

       
74

       
 

       



     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
75

       
 

       
    systemd.services.zeronet = {


     

       
76

       
 

       
      description = "zeronet";


     

       
77

       
 

       
      after = [ "network.target" (optionalString cfg.tor "tor.service") ];


     

       
78

       
 

       
      wantedBy = [ "multi-user.target" ];


     

       
79

       
 

       



     

       
80

       
 

       
      serviceConfig = {


     

       

       

       
     

       
81

       
 

       
        User = "zeronet";


     

       
82

       
+

       
        DynamicUser = true;


     

       
83

       
+

       
        StateDirectory = "zeronet";


     

       
84

       
+

       
        SupplementaryGroups = mkIf cfg.tor [ "tor" ];


     

       
85

       
+

       
        ExecStart = "${pkgs.zeronet}/bin/zeronet --config_file ${configFile}";


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
86

       
 

       
      };


     

       
87

       
 

       
    };


     

       
88

       
 

       
  };


     

       
89

       
+

       



     

       
90

       
+

       
  imports = [


     

       
91

       
+

       
    (mkRemovedOptionModule [ "services" "zeronet" "dataDir" ] "Zeronet will store data by default in /var/lib/zeronet")


     

       
92

       
+

       
    (mkRemovedOptionModule [ "services" "zeronet" "logDir" ] "Zeronet will log by default in /var/lib/zeronet")


     

       
93

       
+

       
  ];


     

       
94

       
 

       



     

       
95

       
 

       
  meta.maintainers = with maintainers; [ chiiruno ];


     

       
96

       
 

       
}