commit c7ddf0b314ca1139015cef4cfea5d8b36477675c · pyrox.dev/nixpkgs

+41 -11
nixos/modules/services/web-apps/filebrowser.nix
···

       7
       7
        
       }:

     

       8
       8
        
       let

     

       9
       9
        
         cfg = config.services.filebrowser;

     

       10
       10
       -
         inherit (lib) types;

     

       11
       10
        
         format = pkgs.formats.json { };

     

       11
       11
       +
         inherit (lib) types;

     

       12
       12
        
       in

     

       13
       13
        
       {

     

       14
       14
        
         options = {

     
···

       16
       16
        
             enable = lib.mkEnableOption "FileBrowser";

     

       17
       17
        
       

     

       18
       18
        
             package = lib.mkPackageOption pkgs "filebrowser" { };

     

       19
       19
       +
       

     

       20
       20
       +
             user = lib.mkOption {

     

       21
       21
       +
               type = types.str;

     

       22
       22
       +
               default = "filebrowser";

     

       23
       23
       +
               description = "User account under which FileBrowser runs.";

     

       24
       24
       +
             };

     

       25
       25
       +
       

     

       26
       26
       +
             group = lib.mkOption {

     

       27
       27
       +
               type = types.str;

     

       28
       28
       +
               default = "filebrowser";

     

       29
       29
       +
               description = "Group under which FileBrowser runs.";

     

       30
       30
       +
             };

     

       19
       31
        
       

     

       20
       32
        
             openFirewall = lib.mkEnableOption "opening firewall ports for FileBrowser";

     

       21
       33
        
       

     
···

       96
       108
        
                 CacheDirectory = "filebrowser";

     

       97
       109
        
                 WorkingDirectory = cfg.settings.root;

     

       98
       110
        
       

     

       99
       99
       -
                 DynamicUser = true;

     

       111
       111
       +
                 User = cfg.user;

     

       112
       112
       +
                 Group = cfg.group;

     

       113
       113
       +
                 UMask = "0077";

     

       100
       114
        
       

     

       101
       115
        
                 NoNewPrivileges = true;

     

       102
       116
        
                 PrivateDevices = true;

     
···

       117
       131
        
               };

     

       118
       132
        
             };

     

       119
       133
        
       

     

       120
       120
       -
             tmpfiles.settings.filebrowser =

     

       121
       121
       -
               lib.genAttrs

     

       122
       122
       -
                 [

     

       123
       123
       -
                   cfg.settings.root

     

       124
       124
       -
                   (builtins.dirOf cfg.settings.database)

     

       125
       125
       -
                 ]

     

       126
       126
       -
                 (_: {

     

       127
       127
       -
                   d.mode = "0700";

     

       128
       128
       -
                 });

     

       134
       134
       +
             tmpfiles.settings.filebrowser = {

     

       135
       135
       +
               "${cfg.settings.root}".d = {

     

       136
       136
       +
                 inherit (cfg) user group;

     

       137
       137
       +
                 mode = "0700";

     

       138
       138
       +
               };

     

       139
       139
       +
               "${cfg.settings.cache-dir}".d = {

     

       140
       140
       +
                 inherit (cfg) user group;

     

       141
       141
       +
                 mode = "0700";

     

       142
       142
       +
               };

     

       143
       143
       +
               "${builtins.dirOf cfg.settings.database}".d = {

     

       144
       144
       +
                 inherit (cfg) user group;

     

       145
       145
       +
                 mode = "0700";

     

       146
       146
       +
               };

     

       147
       147
       +
             };

     

       148
       148
       +
           };

     

       149
       149
       +
       

     

       150
       150
       +
           users.users = lib.mkIf (cfg.user == "filebrowser") {

     

       151
       151
       +
             filebrowser = {

     

       152
       152
       +
               inherit (cfg) group;

     

       153
       153
       +
               isSystemUser = true;

     

       154
       154
       +
             };

     

       155
       155
       +
           };

     

       156
       156
       +
       

     

       157
       157
       +
           users.groups = lib.mkIf (cfg.group == "filebrowser") {

     

       158
       158
       +
             filebrowser = { };

     

       129
       159
        
           };

     

       130
       160
        
       

     

       131
       161
        
           networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall [ cfg.settings.port ];