commit 28a46c2c6f5eb6a98f6411831329ad5772811275 · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

Merge pull request #46361 from primeos/nixos-sks

nixos/sks: Minor improvements

authored by Michael Weiss and committed by GitHub 7 years ago 28a46c2c 56b3c5b2

+35 -22

1 changed file

expand all

unified split

nixos

modules

services

security

sks.nix

+35 -22

nixos/modules/services/security/sks.nix

··· 3 3 with lib; 4 4 5 5 let 6 - 7 6 cfg = config.services.sks; 8 - 9 7 sksPkg = cfg.package; 10 8 11 - in 12 - 13 - { 9 + in { 10 + meta.maintainers = with maintainers; [ primeos calbrecht jcumming ]; 14 11 15 12 options = { 16 13 17 14 services.sks = { 18 15 19 - enable = mkEnableOption "sks"; 16 + enable = mkEnableOption '' 17 + SKS (synchronizing key server for OpenPGP) and start the database 18 + server. You need to create "''${dataDir}/dump/*.gpg" for the initial 19 + import''; 20 20 21 21 package = mkOption { 22 22 default = pkgs.sks; 23 23 defaultText = "pkgs.sks"; 24 24 type = types.package; 25 - description = " 26 - Which sks derivation to use. 27 - "; 25 + description = "Which SKS derivation to use."; 26 + }; 27 + 28 + dataDir = mkOption { 29 + type = types.path; 30 + default = "/var/db/sks"; 31 + example = "/var/lib/sks"; 32 + # TODO: The default might change to "/var/lib/sks" as this is more 33 + # common. There's also https://github.com/NixOS/nixpkgs/issues/26256 34 + # and "/var/db" is not FHS compliant (seems to come from BSD). 35 + description = '' 36 + Data directory (-basedir) for SKS, where the database and all 37 + configuration files are located (e.g. KDB, PTree, membership and 38 + sksconf). 39 + ''; 28 40 }; 29 41 30 42 hkpAddress = mkOption { 31 43 default = [ "127.0.0.1" "::1" ]; 32 44 type = types.listOf types.str; 33 - description = " 34 - Wich ip addresses the sks-keyserver is listening on. 35 - "; 45 + description = '' 46 + Domain names, IPv4 and/or IPv6 addresses to listen on for HKP 47 + requests. 48 + ''; 36 49 }; 37 50 38 51 hkpPort = mkOption { 39 52 default = 11371; 40 - type = types.int; 41 - description = " 42 - Which port the sks-keyserver is listening on. 43 - "; 53 + type = types.ints.u16; 54 + description = "HKP port to listen on."; 44 55 }; 45 56 }; 46 57 }; ··· 51 62 52 63 users.users.sks = { 53 64 createHome = true; 54 - home = "/var/db/sks"; 65 + home = cfg.dataDir; 55 66 isSystemUser = true; 56 67 shell = "${pkgs.coreutils}/bin/true"; 57 68 }; ··· 62 73 home = config.users.users.sks.home; 63 74 user = config.users.users.sks.name; 64 75 in { 65 - sks-keyserver = { 76 + "sks-db" = { 77 + description = "SKS database server"; 78 + after = [ "network.target" ]; 66 79 wantedBy = [ "multi-user.target" ]; 67 80 preStart = '' 68 81 mkdir -p ${home}/dump 69 - ${pkgs.sks}/bin/sks build ${home}/dump/*.gpg -n 10 -cache 100 || true #*/ 70 - ${pkgs.sks}/bin/sks cleandb || true 71 - ${pkgs.sks}/bin/sks pbuild -cache 20 -ptree_cache 70 || true 82 + ${sksPkg}/bin/sks build ${home}/dump/*.gpg -n 10 -cache 100 || true #*/ 83 + ${sksPkg}/bin/sks cleandb || true 84 + ${sksPkg}/bin/sks pbuild -cache 20 -ptree_cache 70 || true 72 85 ''; 73 86 serviceConfig = { 74 87 WorkingDirectory = home; 75 88 User = user; 76 89 Restart = "always"; 77 - ExecStart = "${pkgs.sks}/bin/sks db -hkp_address ${hkpAddress} -hkp_port ${hkpPort}"; 90 + ExecStart = "${sksPkg}/bin/sks db -hkp_address ${hkpAddress} -hkp_port ${hkpPort}"; 78 91 }; 79 92 }; 80 93 };