diff options
| author | makefu <github@syntax-fehler.de> | 2015-10-21 14:45:27 +0200 |
|---|---|---|
| committer | makefu <makefu@syntax-fehler.de> | 2015-11-23 22:10:14 +0100 |
| commit | 0bdc5e269be16aeaa946dd136051d8e4d15c6014 (patch) | |
| tree | bdddf2a72452521c745a047883baaceff7527208 /nixos/modules/services/misc/bepasty.nix | |
| parent | 21abe66d78160f49604e564cafdd6f724f44b345 (diff) | |
| download | nixlib-0bdc5e269be16aeaa946dd136051d8e4d15c6014.tar nixlib-0bdc5e269be16aeaa946dd136051d8e4d15c6014.tar.gz nixlib-0bdc5e269be16aeaa946dd136051d8e4d15c6014.tar.bz2 nixlib-0bdc5e269be16aeaa946dd136051d8e4d15c6014.tar.lz nixlib-0bdc5e269be16aeaa946dd136051d8e4d15c6014.tar.xz nixlib-0bdc5e269be16aeaa946dd136051d8e4d15c6014.tar.zst nixlib-0bdc5e269be16aeaa946dd136051d8e4d15c6014.zip | |
services/misc/bepasty: init at 2015-10-21
This module implements a way to start one or more bepasty servers.
It supports configuring the listen address of gunicorn and how bepasty
behaves internally.
Configuring multiple bepasty servers provides a way to serve pastes externally
without authentication and provide creating,listing,deleting pastes interally.
nginx can be used to provide access via hostname + listen address.
`configuration.nix`:
services.bepasty = {
enable = true;
servers = {
internal = {
defaultPermissions = "admin,list,create,read,delete";
secretKey = "secret";
bind = "127.0.0.1:8000";
};
external = {
defaultPermissions = "read";
bind = "127.0.0.1:8001";
secretKey = "another-secret";
};
};
};
Diffstat (limited to 'nixos/modules/services/misc/bepasty.nix')
| -rw-r--r-- | nixos/modules/services/misc/bepasty.nix | 151 |
1 files changed, 151 insertions, 0 deletions
diff --git a/nixos/modules/services/misc/bepasty.nix b/nixos/modules/services/misc/bepasty.nix new file mode 100644 index 000000000000..12671cb1b6cd --- /dev/null +++ b/nixos/modules/services/misc/bepasty.nix @@ -0,0 +1,151 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + gunicorn = pkgs.pythonPackages.gunicorn; + bepasty = pkgs.pythonPackages.bepasty-server; + gevent = pkgs.pythonPackages.gevent; + python = pkgs.pythonPackages.python; + cfg = config.services.bepasty; + user = "bepasty"; + group = "bepasty"; + default_home = "/var/lib/bepasty"; +in +{ + options.services.bepasty = { + enable = mkEnableOption "Bepasty servers"; + + servers = mkOption { + default = {}; + description = '' + configure a number of bepasty servers which will be started with + gunicorn. + ''; + type = with types ; attrsOf (submodule ({ + + options = { + + bind = mkOption { + type = types.str; + description = '' + Bind address to be used for this server. + ''; + example = "0.0.0.0:8000"; + default = "127.0.0.1:8000"; + }; + + + dataDir = mkOption { + type = types.str; + description = '' + Path to the directory where the pastes will be saved to + ''; + default = default_home+"/data"; + }; + + defaultPermissions = mkOption { + type = types.str; + description = '' + default permissions for all unauthenticated accesses. + ''; + example = "read,create,delete"; + default = "read"; + }; + + extraConfig = mkOption { + type = types.str; + description = '' + Extra configuration for bepasty server to be appended on the + configuration. + see https://bepasty-server.readthedocs.org/en/latest/quickstart.html#configuring-bepasty + for all options. + ''; + default = ""; + example = '' + PERMISSIONS = { + 'myadminsecret': 'admin,list,create,read,delete', + } + MAX_ALLOWED_FILE_SIZE = 5 * 1000 * 1000 + ''; + }; + + secretKey = mkOption { + type = types.str; + description = '' + server secret for safe session cookies, must be set. + ''; + default = ""; + }; + + workDir = mkOption { + type = types.str; + description = '' + Path to the working directory (used for config and pidfile). + Defaults to the users home directory. + ''; + default = default_home; + }; + + }; + })); + }; + }; + + config = mkIf cfg.enable { + environment.systemPackages = [ bepasty ]; + + # creates gunicorn systemd service for each configured server + systemd.services = mapAttrs' (name: server: + nameValuePair ("bepasty-server-${name}-gunicorn") + ({ + description = "Bepasty Server ${name}"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + restartIfChanged = true; + + environment = { + BEPASTY_CONFIG = "${server.workDir}/bepasty-${name}.conf"; + PYTHONPATH= "${bepasty}/lib/${python.libPrefix}/site-packages:${gevent}/lib/${python.libPrefix}/site-packages"; + }; + + serviceConfig = { + Type = "simple"; + PrivateTmp = true; + ExecStartPre = assert server.secretKey != ""; pkgs.writeScript "bepasty-server.${name}-init" '' + #!/bin/sh + mkdir -p "${server.workDir}" + mkdir -p "${server.dataDir}" + chown ${user}:${group} "${server.workDir}" "${server.dataDir}" + cat > ${server.workDir}/bepasty-${name}.conf <<EOF + SITENAME="${name}" + STORAGE_FILESYSTEM_DIRECTORY="${server.dataDir}" + SECRET_KEY="${server.secretKey}" + DEFAULT_PERMISSIONS="${server.defaultPermissions}" + ${server.extraConfig} + EOF + ''; + ExecStart = ''${gunicorn}/bin/gunicorn bepasty.wsgi --name ${name} \ + -u ${user} \ + -g ${group} \ + --workers 3 --log-level=info \ + --bind=${server.bind} \ + --pid ${server.workDir}/gunicorn-${name}.pid \ + -k gevent + ''; + }; + }) + ) cfg.servers; + + users.extraUsers = [{ + uid = config.ids.uids.bepasty; + name = user; + group = group; + home = default_home; + }]; + + users.extraGroups = [{ + name = group; + gid = config.ids.gids.bepasty; + }]; + }; +} |