commit d27be52b3d22a153ef73ab846533b40ab4ba8225 · pyrox.dev/nixpkgs

+22 -24
nixos/modules/services/web-servers/hydron.nix
···

       2
       2
        
       

     

       3
       3
        
       let

     

       4
       4
        
         cfg = config.services.hydron;

     

       5
       5
       -
         postgres = config.services.postgresql;

     

       6
       5
        
       in with lib; {

     

       7
       6
        
         options.services.hydron = {

     

       8
       7
        
           enable = mkEnableOption "hydron";

     
···

       81
       80
        
         };

     

       82
       81
        
       

     

       83
       82
        
         config = mkIf cfg.enable {

     

       84
       84
       -
           security.sudo.enable = cfg.enable;

     

       85
       85
       -
           services.postgresql.enable = cfg.enable;

     

       86
       83
        
           services.hydron.passwordFile = mkDefault (pkgs.writeText "hydron-password-file" cfg.password);

     

       87
       84
        
           services.hydron.postgresArgsFile = mkDefault (pkgs.writeText "hydron-postgres-args" cfg.postgresArgs);

     

       88
       85
        
           services.hydron.postgresArgs = mkDefault ''

     

       89
       86
        
             {

     

       90
       87
        
               "driver": "postgres",

     

       91
       91
       -
               "connection": "user=hydron password=${cfg.password} dbname=hydron sslmode=disable"

     

       88
       88
       +
               "connection": "user=hydron password=${cfg.password} host=/run/postgresql dbname=hydron sslmode=disable"

     

       92
       89
        
             }

     

       93
       90
        
           '';

     

       91
       91
       +
       

     

       92
       92
       +
           services.postgresql = {

     

       93
       93
       +
             enable = true;

     

       94
       94
       +
             ensureDatabases = [ "hydron" ];

     

       95
       95
       +
             ensureUsers = [

     

       96
       96
       +
               { name = "hydron";

     

       97
       97
       +
                 ensurePermissions = { "DATABASE hydron" = "ALL PRIVILEGES"; };

     

       98
       98
       +
               }

     

       99
       99
       +
             ];

     

       100
       100
       +
           };

     

       101
       101
       +
       

     

       102
       102
       +
           systemd.tmpfiles.rules = [

     

       103
       103
       +
             "d '${cfg.dataDir}' 0750 hydron hydron - -"

     

       104
       104
       +
             "d '${cfg.dataDir}/.hydron' - hydron hydron - -"

     

       105
       105
       +
             "d '${cfg.dataDir}/images' - hydron hydron - -"

     

       106
       106
       +
             "Z '${cfg.dataDir}' - hydron hydron - -"

     

       107
       107
       +
       

     

       108
       108
       +
             "L+ '${cfg.dataDir}/.hydron/db_conf.json' - - - - ${cfg.postgresArgsFile}"

     

       109
       109
       +
           ];

     

       94
       110
        
       

     

       95
       111
        
           systemd.services.hydron = {

     

       96
       112
        
             description = "hydron";

     

       97
       113
        
             after = [ "network.target" "postgresql.service" ];

     

       98
       114
        
             wantedBy = [ "multi-user.target" ];

     

       99
       115
        
       

     

       100
       100
       -
             preStart = ''

     

       101
       101
       -
               # Ensure folder exists or create it and permissions are correct

     

       102
       102
       -
               mkdir -p ${escapeShellArg cfg.dataDir}/{.hydron,images}

     

       103
       103
       -
               ln -sf ${escapeShellArg cfg.postgresArgsFile} ${escapeShellArg cfg.dataDir}/.hydron/db_conf.json

     

       104
       104
       -
               chmod 750 ${escapeShellArg cfg.dataDir}

     

       105
       105
       -
               chown -R hydron:hydron ${escapeShellArg cfg.dataDir}

     

       106
       106
       -
       

     

       107
       107
       -
               # Ensure the database is correct or create it

     

       108
       108
       -
               ${pkgs.sudo}/bin/sudo -u ${postgres.superUser} ${postgres.package}/bin/createuser \

     

       109
       109
       -
                 -SDR hydron || true

     

       110
       110
       -
               ${pkgs.sudo}/bin/sudo -u ${postgres.superUser} ${postgres.package}/bin/createdb \

     

       111
       111
       -
                 -T template0 -E UTF8 -O hydron hydron || true

     

       112
       112
       -
               ${pkgs.sudo}/bin/sudo -u hydron ${postgres.package}/bin/psql \

     

       113
       113
       -
                 -c "ALTER ROLE hydron WITH PASSWORD '$(cat ${escapeShellArg cfg.passwordFile})';" || true

     

       114
       114
       -
             '';

     

       115
       115
       -
       

     

       116
       116
        
             serviceConfig = {

     

       117
       117
       -
               PermissionsStartOnly = true;

     

       118
       117
        
               User = "hydron";

     

       119
       118
        
               Group = "hydron";

     

       120
       119
        
               ExecStart = "${pkgs.hydron}/bin/hydron serve"

     
···

       139
       138
        
             description = "Automatically import paths into hydron and possibly fetch tags";

     

       140
       139
        
             after = [ "network.target" "hydron.service" ];

     

       141
       140
        
             wantedBy = [ "timers.target" ];

     

       142
       142
       -
             

     

       141
       141
       +
       

     

       143
       142
        
             timerConfig = {

     

       144
       143
        
               Persistent = true;

     

       145
       144
        
               OnCalendar = cfg.interval;

     
···

       148
       147
        
       

     

       149
       148
        
           users = {

     

       150
       149
        
             groups.hydron.gid = config.ids.gids.hydron;

     

       151
       151
       -
             

     

       150
       150
       +
       

     

       152
       151
        
             users.hydron = {

     

       153
       152
        
               description = "hydron server service user";

     

       154
       153
        
               home = cfg.dataDir;

     

       155
       155
       -
               createHome = true;

     

       156
       154
        
               group = "hydron";

     

       157
       155
        
               uid = config.ids.uids.hydron;

     

       158
       156
        
             };