summary refs log tree commit diff
path: root/nixos/modules/services/editors
diff options
context:
space:
mode:
authorpngwjpgh <pngwjpgh@users.noreply.github.com>2016-11-27 17:23:21 +0100
committerJoachim F <joachifm@users.noreply.github.com>2016-11-27 17:23:21 +0100
commitbcc9a6ac75d87738bae8dac55d074e1c5b9f9201 (patch)
treef6e98dda5e883fec7698e01e10cd04d83755545f /nixos/modules/services/editors
parentbbd39a8057a4cfd32ac6db41ac922804dcf6dd5e (diff)
downloadnixlib-bcc9a6ac75d87738bae8dac55d074e1c5b9f9201.tar
nixlib-bcc9a6ac75d87738bae8dac55d074e1c5b9f9201.tar.gz
nixlib-bcc9a6ac75d87738bae8dac55d074e1c5b9f9201.tar.bz2
nixlib-bcc9a6ac75d87738bae8dac55d074e1c5b9f9201.tar.lz
nixlib-bcc9a6ac75d87738bae8dac55d074e1c5b9f9201.tar.xz
nixlib-bcc9a6ac75d87738bae8dac55d074e1c5b9f9201.tar.zst
nixlib-bcc9a6ac75d87738bae8dac55d074e1c5b9f9201.zip
infinoted service: init
Service module for the dedicated gobby server included in libinfinity
Diffstat (limited to 'nixos/modules/services/editors')
-rw-r--r--nixos/modules/services/editors/infinoted.nix158
1 files changed, 158 insertions, 0 deletions
diff --git a/nixos/modules/services/editors/infinoted.nix b/nixos/modules/services/editors/infinoted.nix
new file mode 100644
index 000000000000..963147b18a04
--- /dev/null
+++ b/nixos/modules/services/editors/infinoted.nix
@@ -0,0 +1,158 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.services.infinoted;
+in {
+  options.services.infinoted = {
+    enable = mkEnableOption "infinoted";
+
+    package = mkOption {
+      type = types.package;
+      default = pkgs.libinfinity.override { daemon = true; };
+      defaultText = "pkgs.libinfinity.override { daemon = true; }";
+      description = ''
+        Package providing infinoted
+      '';
+    };
+
+    keyFile = mkOption {
+      type = types.nullOr types.path;
+      default = null;
+      description = ''
+        Private key to use for TLS
+      '';
+    };
+
+    certificateFile = mkOption {
+      type = types.nullOr types.path;
+      default = null;
+      description = ''
+        Server certificate to use for TLS
+      '';
+    };
+
+    certificateChain = mkOption {
+      type = types.nullOr types.path;
+      default = null;
+      description = ''
+        Chain of CA-certificates to which our `certificateFile` is relative.
+        Optional for TLS.
+      '';
+    };
+
+    securityPolicy = mkOption {
+      type = types.enum ["no-tls" "allow-tls" "require-tls"];
+      default = "require-tls";
+      description = ''
+        How strictly to enforce clients connection with TLS.
+      '';
+    };
+
+    port = mkOption {
+      type = types.int;
+      default = 6523;
+      description = ''
+        Port to listen on
+      '';
+    };
+
+    rootDirectory = mkOption {
+      type = types.path;
+      default = "/var/lib/infinoted/documents/";
+      description = ''
+        Root of the directory structure to serve
+      '';
+    };
+
+    plugins = mkOption {
+      type = types.listOf types.str;
+      default = [ "note-text" "note-chat" "logging" "autosave" ];
+      description = ''
+        Plugins to enable
+      '';
+    };
+
+    passwordFile = mkOption {
+      type = types.nullOr types.path;
+      default = null;
+      description = ''
+        File to read server-wide password from
+      '';
+    };
+
+    extraConfig = mkOption {
+      type = types.lines;
+      default = ''
+        [autosave]
+        interval=10
+      '';
+      description = ''
+        Additional configuration to append to infinoted.conf
+      '';
+    };
+
+    user = mkOption {
+      type = types.str;
+      default = "infinoted";
+      description = ''
+        What to call the dedicated user under which infinoted is run
+      '';
+    };
+
+    group = mkOption {
+      type = types.str;
+      default = "infinoted";
+      description = ''
+        What to call the primary group of the dedicated user under which infinoted is run
+      '';
+    };
+  };
+
+  config = mkIf (cfg.enable) {
+    users.extraUsers = optional (cfg.user == "infinoted")
+      { name = "infinoted";
+        description = "Infinoted user";
+        group = cfg.group;
+      };
+    users.extraGroups = optional (cfg.group == "infinoted")
+      { name = "infinoted";
+      };
+  
+    systemd.services.infinoted =
+      { description = "Gobby Dedicated Server";
+
+        wantedBy = [ "multi-user.target" ];
+        after = [ "network.target" ];
+
+        serviceConfig = {
+          Type = "simple";
+          Restart = "always";
+          ExecStart = "${cfg.package}/bin/infinoted-0.6 --config-file=/var/lib/infinoted/infinoted.conf";
+          User = cfg.user;
+          Group = cfg.group;
+          PermissionsStartOnly = true;
+        };
+        preStart = ''
+          mkdir -p /var/lib/infinoted
+          install -o ${cfg.user} -g ${cfg.group} -m 0600 /dev/null /var/lib/infinoted/infinoted.conf
+          cat >>/var/lib/infinoted/infinoted.conf <<EOF
+          [infinoted]
+          ${optionalString (cfg.keyFile != null) ''key-file=${cfg.keyFile}''}
+          ${optionalString (cfg.certificateFile != null) ''certificate-file=${cfg.certificateFile}''}
+          ${optionalString (cfg.certificateChain != null) ''certificate-chain=${cfg.certificateChain}''}
+          port=${toString cfg.port}
+          security-policy=${cfg.securityPolicy}
+          root-directory=${cfg.rootDirectory}
+          plugins=${concatStringsSep ";" cfg.plugins}
+          ${optionalString (cfg.passwordFile != null) ''password=$(head -n 1 ${cfg.passwordFile})''}
+
+          ${cfg.extraConfig}
+          EOF
+
+          install -o ${cfg.user} -g ${cfg.group} -m 0750 -d ${cfg.rootDirectory}
+        '';
+      };
+  };
+}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-20 15:43:25 +0000