diff options
Diffstat (limited to 'nixpkgs/nixos/modules/services/web-apps/baget.nix')
-rw-r--r-- | nixpkgs/nixos/modules/services/web-apps/baget.nix | 170 |
1 files changed, 0 insertions, 170 deletions
diff --git a/nixpkgs/nixos/modules/services/web-apps/baget.nix b/nixpkgs/nixos/modules/services/web-apps/baget.nix deleted file mode 100644 index dd70d462d57d..000000000000 --- a/nixpkgs/nixos/modules/services/web-apps/baget.nix +++ /dev/null @@ -1,170 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - - cfg = config.services.baget; - - defaultConfig = { - "PackageDeletionBehavior" = "Unlist"; - "AllowPackageOverwrites" = false; - - "Database" = { - "Type" = "Sqlite"; - "ConnectionString" = "Data Source=baget.db"; - }; - - "Storage" = { - "Type" = "FileSystem"; - "Path" = ""; - }; - - "Search" = { - "Type" = "Database"; - }; - - "Mirror" = { - "Enabled" = false; - "PackageSource" = "https://api.nuget.org/v3/index.json"; - }; - - "Logging" = { - "IncludeScopes" = false; - "Debug" = { - "LogLevel" = { - "Default" = "Warning"; - }; - }; - "Console" = { - "LogLevel" = { - "Microsoft.Hosting.Lifetime" = "Information"; - "Default" = "Warning"; - }; - }; - }; - }; - - configAttrs = recursiveUpdate defaultConfig cfg.extraConfig; - - configFormat = pkgs.formats.json {}; - configFile = configFormat.generate "appsettings.json" configAttrs; - -in -{ - options.services.baget = { - enable = mkEnableOption "BaGet NuGet-compatible server"; - - apiKeyFile = mkOption { - type = types.path; - example = "/root/baget.key"; - description = lib.mdDoc '' - Private API key for BaGet. - ''; - }; - - extraConfig = mkOption { - type = configFormat.type; - default = {}; - example = { - "Database" = { - "Type" = "PostgreSql"; - "ConnectionString" = "Server=/run/postgresql;Port=5432;"; - }; - }; - defaultText = literalExpression '' - { - "PackageDeletionBehavior" = "Unlist"; - "AllowPackageOverwrites" = false; - - "Database" = { - "Type" = "Sqlite"; - "ConnectionString" = "Data Source=baget.db"; - }; - - "Storage" = { - "Type" = "FileSystem"; - "Path" = ""; - }; - - "Search" = { - "Type" = "Database"; - }; - - "Mirror" = { - "Enabled" = false; - "PackageSource" = "https://api.nuget.org/v3/index.json"; - }; - - "Logging" = { - "IncludeScopes" = false; - "Debug" = { - "LogLevel" = { - "Default" = "Warning"; - }; - }; - "Console" = { - "LogLevel" = { - "Microsoft.Hosting.Lifetime" = "Information"; - "Default" = "Warning"; - }; - }; - }; - } - ''; - description = lib.mdDoc '' - Extra configuration options for BaGet. Refer to <https://loic-sharma.github.io/BaGet/configuration/> for details. - Default value is merged with values from here. - ''; - }; - }; - - # implementation - - config = mkIf cfg.enable { - - systemd.services.baget = { - description = "BaGet server"; - wantedBy = [ "multi-user.target" ]; - wants = [ "network-online.target" ]; - after = [ "network.target" "network-online.target" ]; - path = [ pkgs.jq ]; - serviceConfig = { - WorkingDirectory = "/var/lib/baget"; - DynamicUser = true; - StateDirectory = "baget"; - StateDirectoryMode = "0700"; - LoadCredential = "api_key:${cfg.apiKeyFile}"; - - CapabilityBoundingSet = ""; - NoNewPrivileges = true; - PrivateDevices = true; - PrivateTmp = true; - PrivateUsers = true; - PrivateMounts = true; - ProtectHome = true; - ProtectClock = true; - ProtectProc = "noaccess"; - ProcSubset = "pid"; - ProtectKernelLogs = true; - ProtectKernelModules = true; - ProtectKernelTunables = true; - ProtectControlGroups = true; - ProtectHostname = true; - RestrictSUIDSGID = true; - RestrictRealtime = true; - RestrictNamespaces = true; - LockPersonality = true; - RemoveIPC = true; - RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; - SystemCallFilter = [ "@system-service" "~@privileged" ]; - }; - script = '' - jq --slurpfile apiKeys <(jq -R . "$CREDENTIALS_DIRECTORY/api_key") '.ApiKey = $apiKeys[0]' ${configFile} > appsettings.json - ln -snf ${pkgs.baget}/lib/BaGet/wwwroot wwwroot - exec ${pkgs.baget}/bin/BaGet - ''; - }; - - }; -} |