diff options
| author | Matthew Daiter <matthew@nomoko.camera> | 2016-11-03 17:49:36 +0100 |
|---|---|---|
| committer | Matthew Daiter <matthew@nomoko.camera> | 2016-11-20 23:17:49 +0100 |
| commit | f7c097556ba96375bf69b13ed3b0613e59722011 (patch) | |
| tree | 328e5e5685cfaa03cd6ffb9cf760867af4d0315b /nixos | |
| parent | 6d428242a948a4241851b6770de5fc566313c2ef (diff) | |
| download | nixlib-f7c097556ba96375bf69b13ed3b0613e59722011.tar nixlib-f7c097556ba96375bf69b13ed3b0613e59722011.tar.gz nixlib-f7c097556ba96375bf69b13ed3b0613e59722011.tar.bz2 nixlib-f7c097556ba96375bf69b13ed3b0613e59722011.tar.lz nixlib-f7c097556ba96375bf69b13ed3b0613e59722011.tar.xz nixlib-f7c097556ba96375bf69b13ed3b0613e59722011.tar.zst nixlib-f7c097556ba96375bf69b13ed3b0613e59722011.zip | |
stanchion: init at 2.1.1
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/misc/ids.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/services/databases/stanchion.nix | 211 |
3 files changed, 214 insertions, 0 deletions
diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index 79f1e2097388..47c140df2482 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -279,6 +279,7 @@ hound = 259; leaps = 260; ipfs = 261; + stanchion = 262; # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! @@ -528,6 +529,7 @@ hound = 259; leaps = 260; ipfs = 261; + stanchion = 262; # When adding a gid, make sure it doesn't match an existing # uid. Users and groups with the same name should have equal diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 0c930eb2eb0c..56f880fdbd38 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -159,6 +159,7 @@ ./services/databases/postgresql.nix ./services/databases/redis.nix ./services/databases/riak.nix + ./services/databases/stanchion.nix ./services/databases/virtuoso.nix ./services/desktops/accountsservice.nix ./services/desktops/geoclue2.nix diff --git a/nixos/modules/services/databases/stanchion.nix b/nixos/modules/services/databases/stanchion.nix new file mode 100644 index 000000000000..af44e17ee58c --- /dev/null +++ b/nixos/modules/services/databases/stanchion.nix @@ -0,0 +1,211 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + cfg = config.services.stanchion; + +in + +{ + + ###### interface + + options = { + + services.stanchion = { + + enable = mkEnableOption "stanchion"; + + package = mkOption { + type = types.package; + default = pkgs.stanchion; + example = literalExample "pkgs.stanchion"; + description = '' + Stanchion package to use. + ''; + }; + + nodeName = mkOption { + type = types.str; + default = "stanchion@127.0.0.1"; + description = '' + Name of the Erlang node. + ''; + }; + + adminKey = mkOption { + type = types.str; + default = ""; + description = '' + Name of admin user. + ''; + }; + + adminSecret = mkOption { + type = types.str; + default = ""; + description = '' + Name of admin secret + ''; + }; + + riakHost = mkOption { + type = types.str; + default = "127.0.0.1:8087"; + description = '' + Name of riak hosting service. + ''; + }; + + listener = mkOption { + type = types.str; + default = "127.0.0.1:8085"; + description = '' + Name of Riak CS listening service. + ''; + }; + + stanchionHost = mkOption { + type = types.str; + default = "127.0.0.1:8085"; + description = '' + Name of stanchion hosting service. + ''; + }; + + stanchionSsl = mkOption { + type = types.bool; + default = true; + description = '' + Tell stanchion to use SSL. + ''; + }; + + distributedCookie = mkOption { + type = types.str; + default = "riak"; + description = '' + Cookie for distributed node communication. All nodes in the + same cluster should use the same cookie or they will not be able to + communicate. + ''; + }; + + dataDir = mkOption { + type = types.path; + default = "/var/db/stanchion"; + description = '' + Data directory for Stanchion. + ''; + }; + + logDir = mkOption { + type = types.path; + default = "/var/log/stanchion"; + description = '' + Log directory for Stanchino. + ''; + }; + + extraConfig = mkOption { + type = types.lines; + default = ""; + description = '' + Additional text to be appended to <filename>stanchion.conf</filename>. + ''; + }; + }; + }; + + ###### implementation + + config = mkIf cfg.enable { + + environment.systemPackages = [ cfg.package ]; + + environment.etc."stanchion/advanced.config".text = '' + [{stanchion, []}]. + ''; + + environment.etc."stanchion/stanchion.conf".text = '' + listener = ${cfg.listener} + + riak_host = ${cfg.riakHost} + + ${optionalString (cfg.adminKey == "") "#"} admin.key=${optionalString (cfg.adminKey != "") cfg.adminKey} + ${optionalString (cfg.adminSecret == "") "#"} admin.secret=${optionalString (cfg.adminSecret != "") cfg.adminSecret} + + platform_bin_dir = ${pkgs.stanchion}/bin + platform_data_dir = ${cfg.dataDir} + platform_etc_dir = /etc/stanchion + platform_lib_dir = ${pkgs.stanchion}/lib + platform_log_dir = ${cfg.logDir} + + nodename = ${cfg.nodeName} + + distributed_cookie = ${cfg.distributedCookie} + + stanchion_ssl=${if cfg.stanchionSsl then "on" else "off"} + + ${cfg.extraConfig} + ''; + + users.extraUsers.stanchion = { + name = "stanchion"; + uid = config.ids.uids.stanchion; + group = "stanchion"; + description = "Stanchion server user"; + }; + + users.extraGroups.stanchion.gid = config.ids.gids.stanchion; + + systemd.services.stanchion = { + description = "Stanchion Server"; + + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + + path = [ + pkgs.utillinux # for `logger` + pkgs.bash + ]; + + environment.HOME = "${cfg.dataDir}"; + environment.STANCHION_DATA_DIR = "${cfg.dataDir}"; + environment.STANCHION_LOG_DIR = "${cfg.logDir}"; + environment.STANCHION_ETC_DIR = "/etc/stanchion"; + + preStart = '' + if ! test -e ${cfg.logDir}; then + mkdir -m 0755 -p ${cfg.logDir} + chown -R stanchion:stanchion ${cfg.logDir} + fi + + if ! test -e ${cfg.dataDir}; then + mkdir -m 0700 -p ${cfg.dataDir} + chown -R stanchion:stanchion ${cfg.dataDir} + fi + ''; + + serviceConfig = { + ExecStart = "${cfg.package}/bin/stanchion console"; + ExecStop = "${cfg.package}/bin/stanchion stop"; + StandardInput = "tty"; + User = "stanchion"; + Group = "stanchion"; + PermissionsStartOnly = true; + # Give Stanchion a decent amount of time to clean up. + TimeoutStopSec = 120; + LimitNOFILE = 65536; + }; + + unitConfig.RequiresMountsFor = [ + "${cfg.dataDir}" + "${cfg.logDir}" + "/etc/stanchion" + ]; + }; + }; +} |