diff options
Diffstat (limited to 'nixos/modules/services/web-servers/meguca.nix')
-rw-r--r-- | nixos/modules/services/web-servers/meguca.nix | 159 |
1 files changed, 159 insertions, 0 deletions
diff --git a/nixos/modules/services/web-servers/meguca.nix b/nixos/modules/services/web-servers/meguca.nix new file mode 100644 index 000000000000..ed7325ff0790 --- /dev/null +++ b/nixos/modules/services/web-servers/meguca.nix @@ -0,0 +1,159 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.services.meguca; + postgres = config.services.postgresql; +in +{ + options.services.meguca = { + enable = mkEnableOption "meguca"; + + baseDir = mkOption { + type = types.path; + default = "/run/meguca"; + description = "Location where meguca stores it's database and links."; + }; + + password = mkOption { + type = types.str; + default = "meguca"; + description = "Password for the meguca database."; + }; + + passwordFile = mkOption { + type = types.path; + default = "/run/keys/meguca-password-file"; + description = "Password file for the meguca database."; + }; + + reverseProxy = mkOption { + type = types.nullOr types.str; + default = null; + description = "Reverse proxy IP."; + }; + + sslCertificate = mkOption { + type = types.nullOr types.str; + default = null; + description = "Path to the SSL certificate."; + }; + + listenAddress = mkOption { + type = types.nullOr types.str; + default = null; + description = "Listen on a specific IP address and port."; + }; + + cacheSize = mkOption { + type = types.nullOr types.int; + default = null; + description = "Cache size in MB."; + }; + + postgresArgs = mkOption { + type = types.str; + default = "user=meguca password=" + cfg.password + " dbname=meguca sslmode=disable"; + description = "Postgresql connection arguments."; + }; + + postgresArgsFile = mkOption { + type = types.path; + default = "/run/keys/meguca-postgres-args"; + description = "Postgresql connection arguments file."; + }; + + compressTraffic = mkOption { + type = types.bool; + default = false; + description = "Compress all traffic with gzip."; + }; + + assumeReverseProxy = mkOption { + type = types.bool; + default = false; + description = "Assume the server is behind a reverse proxy, when resolving client IPs."; + }; + + httpsOnly = mkOption { + type = types.bool; + default = false; + description = "Serve and listen only through HTTPS."; + }; + }; + + config = mkIf cfg.enable { + security.sudo.enable = cfg.enable == true; + services.postgresql.enable = cfg.enable == true; + + services.meguca.passwordFile = mkDefault (toString (pkgs.writeTextFile { + name = "meguca-password-file"; + text = cfg.password; + })); + + services.meguca.postgresArgsFile = mkDefault (toString (pkgs.writeTextFile { + name = "meguca-postgres-args"; + text = cfg.postgresArgs; + })); + + systemd.services.meguca = { + description = "meguca"; + after = [ "network.target" "postgresql.service" ]; + wantedBy = [ "multi-user.target" ]; + + preStart = '' + # Ensure folder exists and links are correct or create them + mkdir -p ${cfg.baseDir} + chmod 750 ${cfg.baseDir} + ln -sf ${pkgs.meguca}/share/meguca/www ${cfg.baseDir} + + # Ensure the database is correct or create it + ${pkgs.sudo}/bin/sudo -u ${postgres.superUser} ${postgres.package}/bin/createuser \ + -SDR meguca || true + ${pkgs.sudo}/bin/sudo -u ${postgres.superUser} ${postgres.package}/bin/createdb \ + -T template0 -E UTF8 -O meguca meguca || true + ${pkgs.sudo}/bin/sudo -u meguca ${postgres.package}/bin/psql \ + -c "ALTER ROLE meguca WITH PASSWORD '$(cat ${cfg.passwordFile})';" || true + ''; + + script = '' + cd ${cfg.baseDir} + + ${pkgs.meguca}/bin/meguca -d "$(cat ${cfg.postgresArgsFile})"\ + ${optionalString (cfg.reverseProxy != null) " -R ${cfg.reverseProxy}"}\ + ${optionalString (cfg.sslCertificate != null) " -S ${cfg.sslCertificate}"}\ + ${optionalString (cfg.listenAddress != null) " -a ${cfg.listenAddress}"}\ + ${optionalString (cfg.cacheSize != null) " -c ${toString cfg.cacheSize}"}\ + ${optionalString (cfg.compressTraffic) " -g"}\ + ${optionalString (cfg.assumeReverseProxy) " -r"}\ + ${optionalString (cfg.httpsOnly) " -s"} start + ''; + + serviceConfig = { + PermissionsStartOnly = true; + Type = "forking"; + User = "meguca"; + Group = "meguca"; + RuntimeDirectory = "meguca"; + ExecStop = "${pkgs.meguca}/bin/meguca stop"; + }; + }; + + users = { + users.meguca = { + description = "meguca server service user"; + home = cfg.baseDir; + createHome = true; + group = "meguca"; + uid = config.ids.uids.meguca; + }; + + groups.meguca = { + gid = config.ids.gids.meguca; + members = [ "meguca" ]; + }; + }; + }; + + meta.maintainers = with maintainers; [ chiiruno ]; +} |