nixos/meguca: Various fixes · pyrox.dev/nixpkgs@36ab899

pyrox.dev / nixpkgs

fork atom

lol

fork atom

nixos/meguca: Various fixes

Okina Matara 7 years ago 36ab8990 d49b5bdf

+39 -40

1 changed file

expand all

nixos

modules

services

web-servers

meguca.nix

+39 -40

nixos/modules/services/web-servers/meguca.nix

··· 1 1 { config, lib, pkgs, ... }: 2 2 3 - with lib; 4 3 let 5 4 cfg = config.services.meguca; 6 5 postgres = config.services.postgresql; 7 - in 8 - { 6 + in with lib; { 9 7 options.services.meguca = { 10 8 enable = mkEnableOption "meguca"; 11 9 12 - baseDir = mkOption { 10 + dataDir = mkOption { 13 11 type = types.path; 14 - default = "/run/meguca"; 12 + default = "/var/lib/meguca"; 13 + example = "/home/okina/meguca"; 15 14 description = "Location where meguca stores it's database and links."; 16 15 }; 17 16 18 17 password = mkOption { 19 18 type = types.str; 20 19 default = "meguca"; 20 + example = "dumbpass"; 21 21 description = "Password for the meguca database."; 22 22 }; 23 23 24 24 passwordFile = mkOption { 25 25 type = types.path; 26 26 default = "/run/keys/meguca-password-file"; 27 + example = "/home/okina/meguca/keys/pass"; 27 28 description = "Password file for the meguca database."; 28 29 }; 29 30 30 31 reverseProxy = mkOption { 31 32 type = types.nullOr types.str; 32 33 default = null; 34 + example = "192.168.1.5"; 33 35 description = "Reverse proxy IP."; 34 36 }; 35 37 36 38 sslCertificate = mkOption { 37 39 type = types.nullOr types.str; 38 40 default = null; 41 + example = "/home/okina/meguca/ssl.cert"; 39 42 description = "Path to the SSL certificate."; 40 43 }; 41 44 42 45 listenAddress = mkOption { 43 46 type = types.nullOr types.str; 44 47 default = null; 48 + example = "127.0.0.1:8000"; 45 49 description = "Listen on a specific IP address and port."; 46 50 }; 47 51 48 52 cacheSize = mkOption { 49 53 type = types.nullOr types.int; 50 54 default = null; 55 + example = 256; 51 56 description = "Cache size in MB."; 52 57 }; 53 58 54 59 postgresArgs = mkOption { 55 60 type = types.str; 56 - default = "user=meguca password=" + cfg.password + " dbname=meguca sslmode=disable"; 61 + example = "user=meguca password=dumbpass dbname=meguca sslmode=disable"; 57 62 description = "Postgresql connection arguments."; 58 63 }; 59 64 60 65 postgresArgsFile = mkOption { 61 66 type = types.path; 62 67 default = "/run/keys/meguca-postgres-args"; 68 + example = "/home/okina/meguca/keys/postgres"; 63 69 description = "Postgresql connection arguments file."; 64 70 }; 65 71 ··· 83 89 }; 84 90 85 91 config = mkIf cfg.enable { 86 - security.sudo.enable = cfg.enable == true; 87 - services.postgresql.enable = cfg.enable == true; 88 - 89 - services.meguca.passwordFile = mkDefault (toString (pkgs.writeTextFile { 90 - name = "meguca-password-file"; 91 - text = cfg.password; 92 - })); 93 - 94 - services.meguca.postgresArgsFile = mkDefault (toString (pkgs.writeTextFile { 95 - name = "meguca-postgres-args"; 96 - text = cfg.postgresArgs; 97 - })); 92 + security.sudo.enable = cfg.enable; 93 + services.postgresql.enable = cfg.enable; 94 + services.meguca.passwordFile = mkDefault (pkgs.writeText "meguca-password-file" cfg.password); 95 + services.meguca.postgresArgsFile = mkDefault (pkgs.writeText "meguca-postgres-args" cfg.postgresArgs); 96 + services.meguca.postgresArgs = mkDefault "user=meguca password=${cfg.password} dbname=meguca sslmode=disable"; 98 97 99 98 systemd.services.meguca = { 100 99 description = "meguca"; ··· 102 101 wantedBy = [ "multi-user.target" ]; 103 102 104 103 preStart = '' 105 - # Ensure folder exists and links are correct or create them 106 - mkdir -p ${cfg.baseDir} 107 - chmod 750 ${cfg.baseDir} 108 - ln -sf ${pkgs.meguca}/share/meguca/www ${cfg.baseDir} 104 + # Ensure folder exists or create it and links and permissions are correct 105 + mkdir -p ${escapeShellArg cfg.dataDir} 106 + ln -sf ${pkgs.meguca}/share/meguca/www ${escapeShellArg cfg.dataDir} 107 + chmod 750 ${escapeShellArg cfg.dataDir} 108 + chown -R meguca:meguca ${escapeShellArg cfg.dataDir} 109 109 110 110 # Ensure the database is correct or create it 111 111 ${pkgs.sudo}/bin/sudo -u ${postgres.superUser} ${postgres.package}/bin/createuser \ ··· 113 113 ${pkgs.sudo}/bin/sudo -u ${postgres.superUser} ${postgres.package}/bin/createdb \ 114 114 -T template0 -E UTF8 -O meguca meguca || true 115 115 ${pkgs.sudo}/bin/sudo -u meguca ${postgres.package}/bin/psql \ 116 - -c "ALTER ROLE meguca WITH PASSWORD '$(cat ${cfg.passwordFile})';" || true 116 + -c "ALTER ROLE meguca WITH PASSWORD '$(cat ${escapeShellArg cfg.passwordFile})';" || true 117 117 ''; 118 118 119 119 script = '' 120 - cd ${cfg.baseDir} 120 + cd ${escapeShellArg cfg.dataDir} 121 121 122 - ${pkgs.meguca}/bin/meguca -d "$(cat ${cfg.postgresArgsFile})"\ 123 - ${optionalString (cfg.reverseProxy != null) " -R ${cfg.reverseProxy}"}\ 124 - ${optionalString (cfg.sslCertificate != null) " -S ${cfg.sslCertificate}"}\ 125 - ${optionalString (cfg.listenAddress != null) " -a ${cfg.listenAddress}"}\ 126 - ${optionalString (cfg.cacheSize != null) " -c ${toString cfg.cacheSize}"}\ 127 - ${optionalString (cfg.compressTraffic) " -g"}\ 128 - ${optionalString (cfg.assumeReverseProxy) " -r"}\ 129 - ${optionalString (cfg.httpsOnly) " -s"} start 130 - ''; 122 + ${pkgs.meguca}/bin/meguca -d "$(cat ${escapeShellArg cfg.postgresArgsFile})"'' 123 + + optionalString (cfg.reverseProxy != null) " -R ${cfg.reverseProxy}" 124 + + optionalString (cfg.sslCertificate != null) " -S ${cfg.sslCertificate}" 125 + + optionalString (cfg.listenAddress != null) " -a ${cfg.listenAddress}" 126 + + optionalString (cfg.cacheSize != null) " -c ${toString cfg.cacheSize}" 127 + + optionalString (cfg.compressTraffic) " -g" 128 + + optionalString (cfg.assumeReverseProxy) " -r" 129 + + optionalString (cfg.httpsOnly) " -s" + " start"; 131 130 132 131 serviceConfig = { 133 132 PermissionsStartOnly = true; 134 133 Type = "forking"; 135 134 User = "meguca"; 136 135 Group = "meguca"; 137 - RuntimeDirectory = "meguca"; 138 136 ExecStop = "${pkgs.meguca}/bin/meguca stop"; 139 137 }; 140 138 }; 141 139 142 140 users = { 141 + groups.meguca.gid = config.ids.gids.meguca; 142 + 143 143 users.meguca = { 144 144 description = "meguca server service user"; 145 - home = cfg.baseDir; 145 + home = cfg.dataDir; 146 146 createHome = true; 147 147 group = "meguca"; 148 148 uid = config.ids.uids.meguca; 149 149 }; 150 - 151 - groups.meguca = { 152 - gid = config.ids.gids.meguca; 153 - members = [ "meguca" ]; 154 - }; 155 150 }; 156 151 }; 152 + 153 + imports = [ 154 + (mkRenamedOptionModule [ "services" "meguca" "baseDir" ] [ "services" "meguca" "dataDir" ]) 155 + ]; 157 156 158 157 meta.maintainers = with maintainers; [ chiiruno ]; 159 158 }