···
cfg = config.services.pumpio;
dataDir = "/var/lib/pump.io";
8
+
runDir = "/run/pump.io";
11
+
optionalSet = condition: value: if condition then value else {};
13
+
configScript = ./pump.io-configure.js;
11
-
driver = if cfg.driver == "disk" then null else cfg.driver;
13
-
(if cfg.driver == "disk" then {
16
-
(if cfg.driver == "mongodb" || cfg.driver == "redis" then {
19
-
dbname = cfg.dbName;
20
-
dbuser = cfg.dbUser;
21
-
dbpass = cfg.dbPassword;
23
-
(if cfg.driver == "memcached" then {
15
+
outputFile = "${runDir}/config.json";
17
+
(optionalSet (cfg.driver != "disk") {
18
+
driver = cfg.driver;
21
+
params = (optionalSet (cfg.driver == "disk") { dir = dataDir; }) //
22
+
(optionalSet (cfg.driver == "mongodb" || cfg.driver == "redis") {
25
+
dbname = cfg.dbName;
26
+
dbuser = cfg.dbUser;
27
+
dbpass = cfg.dbPassword;
29
+
(optionalSet (cfg.driver == "memcached") {
32
+
}) // cfg.driverParams;
33
+
secret = cfg.secret;
29
-
secret = cfg.secret;
31
-
address = cfg.address;
35
-
urlPort = cfg.urlPort;
36
-
hostname = cfg.hostname;
37
-
favicon = cfg.favicon;
35
+
address = cfg.address;
41
-
ownerURL = cfg.ownerURL;
39
+
urlPort = cfg.urlPort;
40
+
hostname = cfg.hostname;
41
+
favicon = cfg.favicon;
45
+
ownerURL = cfg.ownerURL;
47
-
spamhost = cfg.spamHost;
48
-
spamclientid = cfg.spamClientId;
49
-
spamclientsecret = cfg.spamClientSecret;
51
-
requireEmail = cfg.requireEmail;
52
-
smtpserver = cfg.smtpHost;
53
-
smtpport = cfg.smtpPort;
54
-
smtpuser = cfg.smtpUser;
55
-
smtppass = cfg.smtpPassword;
56
-
smtpusessl = cfg.smtpUseSSL;
57
-
smtpfrom = cfg.smtpFrom;
51
+
spamhost = cfg.spamHost;
52
+
spamclientid = cfg.spamClientId;
53
+
spamclientsecret = cfg.spamClientSecret;
60
-
enableUploads = cfg.enableUploads;
62
-
debugClient = false;
63
-
firehose = cfg.firehose;
64
-
disableRegistration = cfg.disableRegistration;
66
-
(if cfg.port < 1024 then {
67
-
serverUser = user; # have pump.io listen then drop privileges
55
+
requireEmail = cfg.requireEmail;
56
+
smtpserver = cfg.smtpHost;
57
+
smtpport = cfg.smtpPort;
58
+
smtpuser = cfg.smtpUser;
59
+
smtppass = cfg.smtpPassword;
60
+
smtpusessl = cfg.smtpUseSSL;
61
+
smtpfrom = cfg.smtpFrom;
64
+
enableUploads = cfg.enableUploads;
66
+
debugClient = false;
67
+
firehose = cfg.firehose;
68
+
disableRegistration = cfg.disableRegistration;
70
+
inherit (cfg) secretFile dbPasswordFile smtpPasswordFile spamClientSecretFile;
72
+
(optionalSet (cfg.port < 1024) {
73
+
serverUser = user; # have pump.io listen then drop privileges
74
+
}) // cfg.extraConfig;
···
enable = mkEnableOption "Pump.io social streams server";
83
+
type = types.nullOr types.str;
example = "my dog has fleas";
A session-generating secret, server-wide password. Warning:
···
92
+
secretFile = mkOption {
93
+
type = types.nullOr types.path;
95
+
example = "/run/keys/pump.io-secret";
97
+
A file containing the session-generating secret,
98
+
server-wide password.
example = "Awesome Sauce";
···
type = types.nullOr types.str;
142
+
default = "localhost";
The hostname of the server, used for generating
URLs. Defaults to "localhost" which doesn't do much for you.
···
279
+
dbPasswordFile = mkOption {
280
+
type = types.nullOr types.path;
282
+
example = "/run/keys/pump.io-dbpassword";
284
+
A file containing the password corresponding to dbUser.
type = types.nullOr types.str;
···
cleartext in the Nix store!
326
+
smtpPasswordFile = mkOption {
327
+
type = types.nullOr types.path;
329
+
example = "/run/keys/pump.io-smtppassword";
331
+
A file containing the password used to connect to SMTP
332
+
server. Might not be necessary for some servers.
···
stored in cleartext in the Nix store!
378
+
spamClientSecretFile = mkOption {
379
+
type = types.nullOr types.path;
381
+
example = "/run/keys/pump.io-spamclientsecret";
383
+
A file containing the OAuth key for the spam server.
config = mkIf cfg.enable {
391
+
warnings = let warn = k: optional (cfg.${k} != null)
392
+
"config.services.pumpio.${k} is insecure. Use ${k}File instead.";
393
+
in concatMap warn [ "secret" "dbPassword" "smtpPassword" "spamClientSecret" ];
396
+
{ assertion = !(isNull cfg.secret && isNull cfg.secretFile);
397
+
message = "pump.io needs a secretFile configured";
systemd.services."pump.io" =
351
-
{ description = "pump.io social network stream server";
402
+
{ description = "Pump.io - stream server that does most of what people really want from a social network";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
mkdir -p ${dataDir}/uploads
357
-
chown pumpio:pumpio ${dataDir}/uploads
358
-
chmod 770 ${dataDir}/uploads
409
+
chown pumpio:pumpio ${dataDir}/uploads ${runDir}
410
+
chmod 770 ${dataDir}/uploads ${runDir}
412
+
${pkgs.nodejs}/bin/node ${configScript} <<EOF
413
+
${builtins.toJSON configOptions}
361
-
serviceConfig.ExecStart = "${pkgs.pumpio}/bin/pump -c /etc/pump.io.json";
362
-
PermissionsStartOnly = true;
363
-
serviceConfig.User = if cfg.port < 1024 then "root" else user;
364
-
serviceConfig.Group = user;
416
+
chgrp pumpio ${configOptions.outputFile}
417
+
chmod 640 ${configOptions.outputFile}
367
-
environment.etc."pump.io.json" = {
369
-
gid = config.ids.gids.pumpio;
370
-
text = builtins.toJSON configOptions;
421
+
ExecStart = "${pkgs.pumpio}/bin/pump -c ${configOptions.outputFile}";
422
+
PermissionsStartOnly = true;
423
+
User = if cfg.port < 1024 then "root" else user;
426
+
environment = { NODE_ENV = "production"; };
users.extraGroups.pumpio.gid = config.ids.gids.pumpio;
pyrox.dev