pyrox.dev / nixpkgs
lol
fork atom

nixos/lxd-image-server: init

Co-authored-by: Aaron Andersen <aaron@fosslib.net>

Maciej Krüger e7fd175e 0cecb330

options
unified split
Changed files
+139
nixos
modules
module-list.nix
services
networking
lxd-image-server.nix
+1
nixos/modules/module-list.nix 
···

       
772

       
772

       
 

       
  ./services/networking/libreswan.nix


     

       
773

       
773

       
 

       
  ./services/networking/lldpd.nix


     

       
774

       
774

       
 

       
  ./services/networking/logmein-hamachi.nix


     

       

       
775

       
+

       
  ./services/networking/lxd-image-server.nix


     

       
775

       
776

       
 

       
  ./services/networking/mailpile.nix


     

       
776

       
777

       
 

       
  ./services/networking/magic-wormhole-mailbox-server.nix


     

       
777

       
778

       
 

       
  ./services/networking/matterbridge.nix
+138
nixos/modules/services/networking/lxd-image-server.nix 
···

       

       
1

       
+

       
{ config, pkgs, lib, ... }:


     

       

       
2

       
+

       



     

       

       
3

       
+

       
with lib;


     

       

       
4

       
+

       



     

       

       
5

       
+

       
let


     

       

       
6

       
+

       
  cfg = config.services.lxd-image-server;


     

       

       
7

       
+

       
  format = pkgs.formats.toml {};


     

       

       
8

       
+

       



     

       

       
9

       
+

       
  location = "/var/www/simplestreams";


     

       

       
10

       
+

       
in


     

       

       
11

       
+

       
{


     

       

       
12

       
+

       
  options = {


     

       

       
13

       
+

       
    services.lxd-image-server = {


     

       

       
14

       
+

       
      enable = mkEnableOption "lxd-image-server";


     

       

       
15

       
+

       



     

       

       
16

       
+

       
      group = mkOption {


     

       

       
17

       
+

       
        type = types.str;


     

       

       
18

       
+

       
        description = "Group assigned to the user and the webroot directory.";


     

       

       
19

       
+

       
        default = "nginx";


     

       

       
20

       
+

       
        example = "www-data";


     

       

       
21

       
+

       
      };


     

       

       
22

       
+

       



     

       

       
23

       
+

       
      settings = mkOption {


     

       

       
24

       
+

       
        type = format.type;


     

       

       
25

       
+

       
        description = ''


     

       

       
26

       
+

       
          Configuration for lxd-image-server.


     

       

       
27

       
+

       



     

       

       
28

       
+

       
          Example see <link xlink:href="https://github.com/Avature/lxd-image-server/blob/master/config.toml"/>.


     

       

       
29

       
+

       
        '';


     

       

       
30

       
+

       
        default = {};


     

       

       
31

       
+

       
      };


     

       

       
32

       
+

       



     

       

       
33

       
+

       
      nginx = {


     

       

       
34

       
+

       
        enable = mkEnableOption "nginx";


     

       

       
35

       
+

       
        domain = mkOption {


     

       

       
36

       
+

       
          type = types.str;


     

       

       
37

       
+

       
          description = "Domain to use for nginx virtual host.";


     

       

       
38

       
+

       
          example = "images.example.org";


     

       

       
39

       
+

       
        };


     

       

       
40

       
+

       
      };


     

       

       
41

       
+

       
    };


     

       

       
42

       
+

       
  };


     

       

       
43

       
+

       



     

       

       
44

       
+

       
  config = mkMerge [


     

       

       
45

       
+

       
    (mkIf (cfg.enable) {


     

       

       
46

       
+

       
      users.users.lxd-image-server = {


     

       

       
47

       
+

       
        isSystemUser = true;


     

       

       
48

       
+

       
        group = cfg.group;


     

       

       
49

       
+

       
      };


     

       

       
50

       
+

       
      users.groups.${cfg.group} = {};


     

       

       
51

       
+

       



     

       

       
52

       
+

       
      environment.etc."lxd-image-server/config.toml".source = format.generate "config.toml" cfg.settings;


     

       

       
53

       
+

       



     

       

       
54

       
+

       
      services.logrotate.paths.lxd-image-server = {


     

       

       
55

       
+

       
        path = "/var/log/lxd-image-server/lxd-image-server.log";


     

       

       
56

       
+

       
        frequency = "daily";


     

       

       
57

       
+

       
        keep = 21;


     

       

       
58

       
+

       
        user = "lxd-image-server";


     

       

       
59

       
+

       
        group = cfg.group;


     

       

       
60

       
+

       
        extraConfig = ''


     

       

       
61

       
+

       
          missingok


     

       

       
62

       
+

       
          compress


     

       

       
63

       
+

       
          delaycompress


     

       

       
64

       
+

       
          copytruncate


     

       

       
65

       
+

       
          notifempty


     

       

       
66

       
+

       
        '';


     

       

       
67

       
+

       
      };


     

       

       
68

       
+

       



     

       

       
69

       
+

       
      systemd.tmpfiles.rules = [


     

       

       
70

       
+

       
        "d /var/www/simplestreams 0755 lxd-image-server ${cfg.group}"


     

       

       
71

       
+

       
      ];


     

       

       
72

       
+

       



     

       

       
73

       
+

       
      systemd.services.lxd-image-server = {


     

       

       
74

       
+

       
        wantedBy = [ "multi-user.target" ];


     

       

       
75

       
+

       
        after = [ "network.target" ];


     

       

       
76

       
+

       



     

       

       
77

       
+

       
        description = "LXD Image Server";


     

       

       
78

       
+

       



     

       

       
79

       
+

       
        script = ''


     

       

       
80

       
+

       
          ${pkgs.lxd-image-server}/bin/lxd-image-server init


     

       

       
81

       
+

       
          ${pkgs.lxd-image-server}/bin/lxd-image-server watch


     

       

       
82

       
+

       
        '';


     

       

       
83

       
+

       



     

       

       
84

       
+

       
        serviceConfig = {


     

       

       
85

       
+

       
          User = "lxd-image-server";


     

       

       
86

       
+

       
          Group = cfg.group;


     

       

       
87

       
+

       
          DynamicUser = true;


     

       

       
88

       
+

       
          LogsDirectory = "lxd-image-server";


     

       

       
89

       
+

       
          RuntimeDirectory = "lxd-image-server";


     

       

       
90

       
+

       
          ExecReload = "${pkgs.lxd-image-server}/bin/lxd-image-server reload";


     

       

       
91

       
+

       
          ReadWritePaths = [ location ];


     

       

       
92

       
+

       
        };


     

       

       
93

       
+

       
      };


     

       

       
94

       
+

       
    })


     

       

       
95

       
+

       
    # this is seperate so it can be enabled on mirrored hosts


     

       

       
96

       
+

       
    (mkIf (cfg.nginx.enable) {


     

       

       
97

       
+

       
      # https://github.com/Avature/lxd-image-server/blob/master/resources/nginx/includes/lxd-image-server.pkg.conf


     

       

       
98

       
+

       
      services.nginx.virtualHosts = {


     

       

       
99

       
+

       
        "${cfg.nginx.domain}" = {


     

       

       
100

       
+

       
          forceSSL = true;


     

       

       
101

       
+

       
          enableACME = mkDefault true;


     

       

       
102

       
+

       



     

       

       
103

       
+

       
          root = location;


     

       

       
104

       
+

       



     

       

       
105

       
+

       
          locations = {


     

       

       
106

       
+

       
            "/streams/v1/" = {


     

       

       
107

       
+

       
              index = "index.json";


     

       

       
108

       
+

       
            };


     

       

       
109

       
+

       



     

       

       
110

       
+

       
            # Serve json files with content type header application/json


     

       

       
111

       
+

       
            "~ \.json$" = {


     

       

       
112

       
+

       
              extraConfig = ''


     

       

       
113

       
+

       
                add_header Content-Type application/json;


     

       

       
114

       
+

       
              '';


     

       

       
115

       
+

       
            };


     

       

       
116

       
+

       



     

       

       
117

       
+

       
            "~ \.tar.xz$" = {


     

       

       
118

       
+

       
              extraConfig = ''


     

       

       
119

       
+

       
                add_header Content-Type application/octet-stream;


     

       

       
120

       
+

       
              '';


     

       

       
121

       
+

       
            };


     

       

       
122

       
+

       



     

       

       
123

       
+

       
            "~ \.tar.gz$" = {


     

       

       
124

       
+

       
              extraConfig = ''


     

       

       
125

       
+

       
                add_header Content-Type application/octet-stream;


     

       

       
126

       
+

       
              '';


     

       

       
127

       
+

       
            };


     

       

       
128

       
+

       



     

       

       
129

       
+

       
            # Deny access to document root and the images folder


     

       

       
130

       
+

       
            "~ ^/(images/)?$" = {


     

       

       
131

       
+

       
              return = "403";


     

       

       
132

       
+

       
            };


     

       

       
133

       
+

       
          };


     

       

       
134

       
+

       
        };


     

       

       
135

       
+

       
      };


     

       

       
136

       
+

       
    })


     

       

       
137

       
+

       
  ];


     

       

       
138

       
+

       
}