commit 82ee824968003f2a440cb5cc319906fdafe2a4c9 · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

surrealdb: module init

authored by happysalada and committed by Yt 3 years ago 82ee8249 bde8349b

+82

3 changed files

expand all

unified split

nixos

modules

module-list.nix

services

databases

surrealdb.nix

pkgs

servers

nosql

surrealdb

default.nix

nixos/modules/module-list.nix

··· 382 ./services/databases/pgmanage.nix 383 ./services/databases/postgresql.nix 384 ./services/databases/redis.nix 385 ./services/databases/victoriametrics.nix 386 ./services/desktops/accountsservice.nix 387 ./services/desktops/bamf.nix

··· 382 ./services/databases/pgmanage.nix 383 ./services/databases/postgresql.nix 384 ./services/databases/redis.nix 385 + ./services/databases/surrealdb.nix 386 ./services/databases/victoriametrics.nix 387 ./services/desktops/accountsservice.nix 388 ./services/desktops/bamf.nix

+79

nixos/modules/services/databases/surrealdb.nix

···

··· 1 + { config, lib, pkgs, ... }: 2 + 3 + with lib; 4 + let 5 + 6 + cfg = config.services.surrealdb; 7 + in { 8 + 9 + options = { 10 + services.surrealdb = { 11 + enable = mkEnableOption (lib.mdDoc "A scalable, distributed, collaborative, document-graph database, for the realtime web "); 12 + 13 + dbPath = mkOption { 14 + type = types.str; 15 + description = lib.mdDoc '' 16 + The path that surrealdb will write data to. Use null for in-memory. 17 + Can be one of "memory", "file://:path", "tikv://:addr". 18 + ''; 19 + default = "file:///var/lib/surrealdb/"; 20 + example = "memory"; 21 + }; 22 + 23 + host = mkOption { 24 + type = types.str; 25 + description = lib.mdDoc '' 26 + The host that surrealdb will connect to. 27 + ''; 28 + default = "127.0.0.1"; 29 + example = "127.0.0.1"; 30 + }; 31 + 32 + port = mkOption { 33 + type = types.port; 34 + description = lib.mdDoc '' 35 + The port that surrealdb will connect to. 36 + ''; 37 + default = 8000; 38 + example = 8000; 39 + }; 40 + }; 41 + }; 42 + 43 + config = mkIf cfg.enable { 44 + 45 + # Used to connect to the running service 46 + environment.systemPackages = [ pkgs.surrealdb ] ; 47 + 48 + systemd.services.surrealdb = { 49 + description = "A scalable, distributed, collaborative, document-graph database, for the realtime web "; 50 + wantedBy = [ "multi-user.target" ]; 51 + after = [ "network.target" ]; 52 + 53 + serviceConfig = { 54 + ExecStart = "${pkgs.surrealdb}/bin/surreal start --bind ${cfg.host}:${toString cfg.port} ${optionalString (cfg.dbPath != null) "-- ${cfg.dbPath}"}"; 55 + DynamicUser = true; 56 + Restart = "on-failure"; 57 + StateDirectory = "surrealdb"; 58 + CapabilityBoundingSet = ""; 59 + NoNewPrivileges = true; 60 + PrivateTmp = true; 61 + ProtectHome = true; 62 + ProtectClock = true; 63 + ProtectProc = "noaccess"; 64 + ProcSubset = "pid"; 65 + ProtectKernelLogs = true; 66 + ProtectKernelModules = true; 67 + ProtectKernelTunables = true; 68 + ProtectControlGroups = true; 69 + ProtectHostname = true; 70 + RestrictSUIDSGID = true; 71 + RestrictRealtime = true; 72 + RestrictNamespaces = true; 73 + LockPersonality = true; 74 + RemoveIPC = true; 75 + SystemCallFilter = [ "@system-service" "~@privileged" ]; 76 + }; 77 + }; 78 + }; 79 + }

pkgs/servers/nosql/surrealdb/default.nix

··· 31 32 nativeBuildInputs = [ 33 pkg-config 34 ]; 35 36 buildInputs = [ openssl ]

··· 31 32 nativeBuildInputs = [ 33 pkg-config 34 + # needed on top of LIBCLANG_PATH to compile rquickjs 35 + llvmPackages.clang 36 ]; 37 38 buildInputs = [ openssl ]