diff options
| author | Michael Weiss <dev.primeos@gmail.com> | 2018-09-08 14:16:55 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-09-08 14:16:55 +0200 |
| commit | 28a46c2c6f5eb6a98f6411831329ad5772811275 (patch) | |
| tree | 300be6e57336ae193c255e1e963eb06ac94d9c8d /nixos/modules/services | |
| parent | 56b3c5b2dde6d05dee8fde4f21cdf78a1578b89a (diff) | |
| parent | 6764d41ecc7ef10745abc02d09e4211e12345fd9 (diff) | |
| download | nixlib-28a46c2c6f5eb6a98f6411831329ad5772811275.tar nixlib-28a46c2c6f5eb6a98f6411831329ad5772811275.tar.gz nixlib-28a46c2c6f5eb6a98f6411831329ad5772811275.tar.bz2 nixlib-28a46c2c6f5eb6a98f6411831329ad5772811275.tar.lz nixlib-28a46c2c6f5eb6a98f6411831329ad5772811275.tar.xz nixlib-28a46c2c6f5eb6a98f6411831329ad5772811275.tar.zst nixlib-28a46c2c6f5eb6a98f6411831329ad5772811275.zip | |
Merge pull request #46361 from primeos/nixos-sks
nixos/sks: Minor improvements
Diffstat (limited to 'nixos/modules/services')
| -rw-r--r-- | nixos/modules/services/security/sks.nix | 57 |
1 files changed, 35 insertions, 22 deletions
diff --git a/nixos/modules/services/security/sks.nix b/nixos/modules/services/security/sks.nix index 62308428f326..5e4b1a71fdd9 100644 --- a/nixos/modules/services/security/sks.nix +++ b/nixos/modules/services/security/sks.nix @@ -3,44 +3,55 @@ with lib; let - cfg = config.services.sks; - sksPkg = cfg.package; -in - -{ +in { + meta.maintainers = with maintainers; [ primeos calbrecht jcumming ]; options = { services.sks = { - enable = mkEnableOption "sks"; + enable = mkEnableOption '' + SKS (synchronizing key server for OpenPGP) and start the database + server. You need to create "''${dataDir}/dump/*.gpg" for the initial + import''; package = mkOption { default = pkgs.sks; defaultText = "pkgs.sks"; type = types.package; - description = " - Which sks derivation to use. - "; + description = "Which SKS derivation to use."; + }; + + dataDir = mkOption { + type = types.path; + default = "/var/db/sks"; + example = "/var/lib/sks"; + # TODO: The default might change to "/var/lib/sks" as this is more + # common. There's also https://github.com/NixOS/nixpkgs/issues/26256 + # and "/var/db" is not FHS compliant (seems to come from BSD). + description = '' + Data directory (-basedir) for SKS, where the database and all + configuration files are located (e.g. KDB, PTree, membership and + sksconf). + ''; }; hkpAddress = mkOption { default = [ "127.0.0.1" "::1" ]; type = types.listOf types.str; - description = " - Wich ip addresses the sks-keyserver is listening on. - "; + description = '' + Domain names, IPv4 and/or IPv6 addresses to listen on for HKP + requests. + ''; }; hkpPort = mkOption { default = 11371; - type = types.int; - description = " - Which port the sks-keyserver is listening on. - "; + type = types.ints.u16; + description = "HKP port to listen on."; }; }; }; @@ -51,7 +62,7 @@ in users.users.sks = { createHome = true; - home = "/var/db/sks"; + home = cfg.dataDir; isSystemUser = true; shell = "${pkgs.coreutils}/bin/true"; }; @@ -62,19 +73,21 @@ in home = config.users.users.sks.home; user = config.users.users.sks.name; in { - sks-keyserver = { + "sks-db" = { + description = "SKS database server"; + after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; preStart = '' mkdir -p ${home}/dump - ${pkgs.sks}/bin/sks build ${home}/dump/*.gpg -n 10 -cache 100 || true #*/ - ${pkgs.sks}/bin/sks cleandb || true - ${pkgs.sks}/bin/sks pbuild -cache 20 -ptree_cache 70 || true + ${sksPkg}/bin/sks build ${home}/dump/*.gpg -n 10 -cache 100 || true #*/ + ${sksPkg}/bin/sks cleandb || true + ${sksPkg}/bin/sks pbuild -cache 20 -ptree_cache 70 || true ''; serviceConfig = { WorkingDirectory = home; User = user; Restart = "always"; - ExecStart = "${pkgs.sks}/bin/sks db -hkp_address ${hkpAddress} -hkp_port ${hkpPort}"; + ExecStart = "${sksPkg}/bin/sks db -hkp_address ${hkpAddress} -hkp_port ${hkpPort}"; }; }; }; |