diff options
| author | Alyssa Ross <hi@alyssa.is> | 2023-10-20 22:09:03 +0000 |
|---|---|---|
| committer | Alyssa Ross <hi@alyssa.is> | 2023-10-20 22:09:03 +0000 |
| commit | 50c21d167f7114fa1dbd95e5c4fb30eeb1a2d02e (patch) | |
| tree | f2556b911180125ccbb7ed0e78a54e92da89adce /nixpkgs/nixos/modules/services/databases/ferretdb.nix | |
| parent | 4c16d4548a98563c9d9ad76f4e5b2202864ccd54 (diff) | |
| parent | cfc75eec4603c06503ae750f88cf397e00796ea8 (diff) | |
| download | nixlib-50c21d167f7114fa1dbd95e5c4fb30eeb1a2d02e.tar nixlib-50c21d167f7114fa1dbd95e5c4fb30eeb1a2d02e.tar.gz nixlib-50c21d167f7114fa1dbd95e5c4fb30eeb1a2d02e.tar.bz2 nixlib-50c21d167f7114fa1dbd95e5c4fb30eeb1a2d02e.tar.lz nixlib-50c21d167f7114fa1dbd95e5c4fb30eeb1a2d02e.tar.xz nixlib-50c21d167f7114fa1dbd95e5c4fb30eeb1a2d02e.tar.zst nixlib-50c21d167f7114fa1dbd95e5c4fb30eeb1a2d02e.zip | |
Merge commit 'cfc75eec4603c06503ae750f88cf397e00796ea8'
Conflicts: nixpkgs/pkgs/build-support/rust/build-rust-package/default.nix
Diffstat (limited to 'nixpkgs/nixos/modules/services/databases/ferretdb.nix')
| -rw-r--r-- | nixpkgs/nixos/modules/services/databases/ferretdb.nix | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/nixpkgs/nixos/modules/services/databases/ferretdb.nix b/nixpkgs/nixos/modules/services/databases/ferretdb.nix new file mode 100644 index 000000000000..45f822d64691 --- /dev/null +++ b/nixpkgs/nixos/modules/services/databases/ferretdb.nix @@ -0,0 +1,79 @@ +{ config, pkgs, lib, ... }: + +with lib; + +let + cfg = config.services.ferretdb; +in +{ + + meta.maintainers = with lib.maintainers; [ julienmalka camillemndn ]; + + options = { + services.ferretdb = { + enable = mkEnableOption "FerretDB, an Open Source MongoDB alternative"; + + package = mkOption { + type = types.package; + example = literalExpression "pkgs.ferretdb"; + default = pkgs.ferretdb; + defaultText = "pkgs.ferretdb"; + description = "FerretDB package to use."; + }; + + settings = lib.mkOption { + type = + lib.types.submodule { freeformType = with lib.types; attrsOf str; }; + example = { + FERRETDB_LOG_LEVEL = "warn"; + FERRETDB_MODE = "normal"; + }; + description = '' + Additional configuration for FerretDB, see + <https://docs.ferretdb.io/flags/> + for supported values. + ''; + }; + }; + }; + + config = mkIf cfg.enable + { + + services.ferretdb.settings = { + FERRETDB_HANDLER = lib.mkDefault "sqlite"; + FERRETDB_SQLITE_URL = lib.mkDefault "file:/var/lib/ferretdb/"; + }; + + systemd.services.ferretdb = { + description = "FerretDB"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + environment = cfg.settings; + serviceConfig = { + Type = "simple"; + StateDirectory = "ferretdb"; + WorkingDirectory = "/var/lib/ferretdb"; + ExecStart = "${cfg.package}/bin/ferretdb"; + Restart = "on-failure"; + ProtectHome = true; + ProtectSystem = "strict"; + PrivateTmp = true; + PrivateDevices = true; + ProtectHostname = true; + ProtectClock = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectKernelLogs = true; + ProtectControlGroups = true; + NoNewPrivileges = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + RemoveIPC = true; + PrivateMounts = true; + DynamicUser = true; + }; + }; + }; +} + |