diff options
| author | Okina Matara <okinan@chiru.no> | 2018-05-17 18:56:58 -0500 |
|---|---|---|
| committer | Okina Matara <okinan@chiru.no> | 2018-05-26 07:03:49 -0500 |
| commit | 14a26f0153c4284ccb8ac9abf01ea57421156be1 (patch) | |
| tree | 172db323d06303ff138c840f76d11d08efdae6e0 /nixos/modules/services/web-servers | |
| parent | 934db656b1821d4c6a1598bfec76e8ca0a3b7f27 (diff) | |
| download | nixlib-14a26f0153c4284ccb8ac9abf01ea57421156be1.tar nixlib-14a26f0153c4284ccb8ac9abf01ea57421156be1.tar.gz nixlib-14a26f0153c4284ccb8ac9abf01ea57421156be1.tar.bz2 nixlib-14a26f0153c4284ccb8ac9abf01ea57421156be1.tar.lz nixlib-14a26f0153c4284ccb8ac9abf01ea57421156be1.tar.xz nixlib-14a26f0153c4284ccb8ac9abf01ea57421156be1.tar.zst nixlib-14a26f0153c4284ccb8ac9abf01ea57421156be1.zip | |
meguca: init at git-2018-05-17
Diffstat (limited to 'nixos/modules/services/web-servers')
| -rw-r--r-- | nixos/modules/services/web-servers/meguca.nix | 123 |
1 files changed, 123 insertions, 0 deletions
diff --git a/nixos/modules/services/web-servers/meguca.nix b/nixos/modules/services/web-servers/meguca.nix new file mode 100644 index 000000000000..6f3f5329dafc --- /dev/null +++ b/nixos/modules/services/web-servers/meguca.nix @@ -0,0 +1,123 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.services.meguca; + postgres = config.services.postgresql; +in +{ + options.services.meguca = { + enable = mkEnableOption "meguca"; + + baseDir = mkOption { + type = types.path; + default = "/var/lib/meguca"; + description = "Location where meguca stores it's database and links."; + }; + + password = mkOption { + type = types.str; + default = "meguca"; + description = "Password for the meguca database."; + }; + + reverseProxy = mkOption { + type = types.nullOr types.str; + default = null; + description = "Reverse proxy IP."; + }; + + sslCertificate = mkOption { + type = types.nullOr types.str; + default = null; + description = "Path to the SSL certificate."; + }; + + listenAddress = mkOption { + type = types.nullOr types.str; + default = null; + description = "Listen on a specific IP address and port."; + }; + + cacheSize = mkOption { + type = types.nullOr types.str; + default = null; + description = "Cache size in MB."; + }; + + postgresArgs = mkOption { + type = types.nullOr types.str; + default = null; + description = "Postgresql connection arguments."; + }; + + compressTraffic = mkOption { + type = types.bool; + default = false; + description = "Compress all traffic with gzip."; + }; + + assumeReverseProxy = mkOption { + type = types.bool; + default = false; + description = "Assume the server is behind a reverse proxy, when resolving client IPs."; + }; + + httpsOnly = mkOption { + type = types.bool; + default = false; + description = "Serve and listen only through HTTPS."; + }; + }; + + config = mkIf cfg.enable { + security.sudo.enable = cfg.enable == true; + services.postgresql.enable = cfg.enable == true; + + systemd.services.meguca = { + description = "meguca"; + after = [ "network.target" "postgresql.service" ]; + wantedBy = [ "multi-user.target" ]; + + preStart = '' + # Ensure folder exists and links are correct or create them + mkdir -p ${cfg.baseDir} + ln -sf ${pkgs.meguca}/share/meguca/www ${cfg.baseDir} + chown -R meguca:meguca ${cfg.baseDir} + + # Ensure the database is correct or create it + ${pkgs.sudo}/bin/sudo -u ${postgres.superUser} ${postgres.package}/bin/createuser -SDR meguca || true + ${pkgs.sudo}/bin/sudo -u ${postgres.superUser} ${postgres.package}/bin/psql -c "ALTER ROLE meguca WITH PASSWORD '${cfg.password}';" || true + ${pkgs.sudo}/bin/sudo -u ${postgres.superUser} ${postgres.package}/bin/createdb -T template0 -E UTF8 -O meguca meguca || true + ''; + + serviceConfig = { + PermissionsStartOnly = true; + Type = "forking"; + User = "meguca"; + Group = "meguca"; + WorkingDirectory = "${cfg.baseDir}"; + ExecStart = ''${pkgs.meguca}/bin/meguca${if cfg.reverseProxy != null then " -R ${cfg.reverseProxy}" else ""}${if cfg.sslCertificate != null then " -S ${cfg.sslCertificate}" else ""}${if cfg.listenAddress != null then " -a ${cfg.listenAddress}" else ""}${if cfg.cacheSize != null then " -c ${cfg.cacheSize}" else ""}${if cfg.postgresArgs != null then " -d ${cfg.postgresArgs}" else ""}${if cfg.compressTraffic then " -g" else ""}${if cfg.assumeReverseProxy then " -r" else ""}${if cfg.httpsOnly then " -s" else ""} start''; + ExecStop = "${pkgs.meguca}/bin/meguca stop"; + ExecRestart = "${pkgs.meguca}/bin/meguca restart"; + }; + }; + + users = { + extraUsers.meguca = { + description = "meguca server service user"; + home = "${cfg.baseDir}"; + createHome = true; + group = "meguca"; + uid = config.ids.uids.meguca; + }; + + extraGroups.meguca = { + gid = config.ids.gids.meguca; + members = [ "meguca" ]; + }; + }; + }; + + meta.maintainers = [ maintainers.chiiruno ]; +} |