From 14a26f0153c4284ccb8ac9abf01ea57421156be1 Mon Sep 17 00:00:00 2001
From: Okina Matara <okinan@chiru.no>
Date: Thu, 17 May 2018 18:56:58 -0500
Subject: meguca: init at git-2018-05-17

---
 nixos/modules/misc/ids.nix                    |   2 +
 nixos/modules/module-list.nix                 |   1 +
 nixos/modules/services/web-servers/meguca.nix | 123 ++++++++++++++++++++++++++
 3 files changed, 126 insertions(+)
 create mode 100644 nixos/modules/services/web-servers/meguca.nix

(limited to 'nixos/modules')

diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix
index a34e9c50c4c5..73231edf077b 100644
--- a/nixos/modules/misc/ids.nix
+++ b/nixos/modules/misc/ids.nix
@@ -316,6 +316,7 @@
       monetdb = 290;
       restic = 291;
       openvpn = 292;
+      meguca = 293;
 
       # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
 
@@ -592,6 +593,7 @@
       monetdb = 290;
       restic = 291;
       openvpn = 292;
+      meguca = 293;
 
       # When adding a gid, make sure it doesn't match an existing
       # uid. Users and groups with the same name should have equal
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index 65b4cfd7e0b5..12d9e1adf23d 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -667,6 +667,7 @@
   ./services/web-servers/lighttpd/default.nix
   ./services/web-servers/lighttpd/gitweb.nix
   ./services/web-servers/lighttpd/inginious.nix
+  ./services/web-servers/meguca.nix
   ./services/web-servers/mighttpd2.nix
   ./services/web-servers/minio.nix
   ./services/web-servers/nginx/default.nix
diff --git a/nixos/modules/services/web-servers/meguca.nix b/nixos/modules/services/web-servers/meguca.nix
new file mode 100644
index 000000000000..6f3f5329dafc
--- /dev/null
+++ b/nixos/modules/services/web-servers/meguca.nix
@@ -0,0 +1,123 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+  cfg = config.services.meguca;
+  postgres = config.services.postgresql;
+in
+{
+  options.services.meguca = {
+    enable = mkEnableOption "meguca";
+
+    baseDir = mkOption {
+      type = types.path;
+      default = "/var/lib/meguca";
+      description = "Location where meguca stores it's database and links.";
+    };
+
+    password = mkOption {
+      type = types.str;
+      default = "meguca";
+      description = "Password for the meguca database.";
+    };
+
+    reverseProxy = mkOption {
+      type = types.nullOr types.str;
+      default = null;
+      description = "Reverse proxy IP.";
+    };
+
+    sslCertificate = mkOption {
+      type = types.nullOr types.str;
+      default = null;
+      description = "Path to the SSL certificate.";
+    };
+
+    listenAddress = mkOption {
+      type = types.nullOr types.str;
+      default = null;
+      description = "Listen on a specific IP address and port.";
+    };
+
+    cacheSize = mkOption {
+      type = types.nullOr types.str;
+      default = null;
+      description = "Cache size in MB.";
+    };
+
+    postgresArgs = mkOption {
+      type = types.nullOr types.str;
+      default = null;
+      description = "Postgresql connection arguments.";
+    };
+
+    compressTraffic = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Compress all traffic with gzip.";
+    };
+
+    assumeReverseProxy = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Assume the server is behind a reverse proxy, when resolving client IPs.";
+    };
+
+    httpsOnly = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Serve and listen only through HTTPS.";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    security.sudo.enable = cfg.enable == true;
+    services.postgresql.enable = cfg.enable == true;
+
+    systemd.services.meguca = {
+      description = "meguca";
+      after = [ "network.target" "postgresql.service" ];
+      wantedBy = [ "multi-user.target" ];
+
+      preStart = ''
+        # Ensure folder exists and links are correct or create them
+        mkdir -p ${cfg.baseDir}
+        ln -sf ${pkgs.meguca}/share/meguca/www ${cfg.baseDir}
+        chown -R meguca:meguca ${cfg.baseDir}
+
+        # Ensure the database is correct or create it
+        ${pkgs.sudo}/bin/sudo -u ${postgres.superUser} ${postgres.package}/bin/createuser -SDR meguca || true
+        ${pkgs.sudo}/bin/sudo -u ${postgres.superUser} ${postgres.package}/bin/psql -c "ALTER ROLE meguca WITH PASSWORD '${cfg.password}';" || true
+        ${pkgs.sudo}/bin/sudo -u ${postgres.superUser} ${postgres.package}/bin/createdb -T template0 -E UTF8 -O meguca meguca || true
+      '';
+
+      serviceConfig = {
+        PermissionsStartOnly = true;
+        Type = "forking";
+        User = "meguca";
+        Group = "meguca";
+        WorkingDirectory = "${cfg.baseDir}";
+        ExecStart = ''${pkgs.meguca}/bin/meguca${if cfg.reverseProxy != null then " -R ${cfg.reverseProxy}" else ""}${if cfg.sslCertificate != null then " -S ${cfg.sslCertificate}" else ""}${if cfg.listenAddress != null then " -a ${cfg.listenAddress}" else ""}${if cfg.cacheSize != null then " -c ${cfg.cacheSize}" else ""}${if cfg.postgresArgs != null then " -d  ${cfg.postgresArgs}" else ""}${if cfg.compressTraffic then " -g" else ""}${if cfg.assumeReverseProxy then " -r" else ""}${if cfg.httpsOnly then " -s" else ""} start'';
+        ExecStop = "${pkgs.meguca}/bin/meguca stop";
+        ExecRestart = "${pkgs.meguca}/bin/meguca restart";
+      };
+    };
+
+    users = {
+      extraUsers.meguca = {
+        description = "meguca server service user";
+        home = "${cfg.baseDir}";
+        createHome = true;
+        group = "meguca";
+        uid = config.ids.uids.meguca;
+      };
+
+      extraGroups.meguca = {
+        gid = config.ids.gids.meguca;
+        members = [ "meguca" ];
+      };
+    };
+  };
+
+  meta.maintainers = [ maintainers.chiiruno ];
+}
-- 
cgit 1.4.1