infinoted service: init · pyrox.dev/nixpkgs@bcc9a6a

pyrox.dev / nixpkgs

fork atom

lol

fork atom

infinoted service: init

Service module for the dedicated gobby server included in libinfinity

authored by

pngwjpgh and committed by

Joachim F 9 years ago bcc9a6ac bbd39a80

+161

3 changed files

expand all

unified split

nixos

modules

misc

ids.nix

module-list.nix

services

editors

infinoted.nix

nixos/modules/misc/ids.nix

··· 281 281 ipfs = 261; 282 282 stanchion = 262; 283 283 riak-cs = 263; 284 + infinoted = 264; 284 285 285 286 # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! 286 287 ··· 532 533 ipfs = 261; 533 534 stanchion = 262; 534 535 riak-cs = 263; 536 + infinoted = 264; 535 537 536 538 # When adding a gid, make sure it doesn't match an existing 537 539 # uid. Users and groups with the same name should have equal

nixos/modules/module-list.nix

··· 180 180 ./services/desktops/telepathy.nix 181 181 ./services/development/hoogle.nix 182 182 ./services/editors/emacs.nix 183 + ./services/editors/infinoted.nix 183 184 ./services/games/factorio.nix 184 185 ./services/games/ghost-one.nix 185 186 ./services/games/minecraft-server.nix

+158

nixos/modules/services/editors/infinoted.nix

··· 1 + { config, lib, pkgs, ... }: 2 + 3 + with lib; 4 + 5 + let 6 + cfg = config.services.infinoted; 7 + in { 8 + options.services.infinoted = { 9 + enable = mkEnableOption "infinoted"; 10 + 11 + package = mkOption { 12 + type = types.package; 13 + default = pkgs.libinfinity.override { daemon = true; }; 14 + defaultText = "pkgs.libinfinity.override { daemon = true; }"; 15 + description = '' 16 + Package providing infinoted 17 + ''; 18 + }; 19 + 20 + keyFile = mkOption { 21 + type = types.nullOr types.path; 22 + default = null; 23 + description = '' 24 + Private key to use for TLS 25 + ''; 26 + }; 27 + 28 + certificateFile = mkOption { 29 + type = types.nullOr types.path; 30 + default = null; 31 + description = '' 32 + Server certificate to use for TLS 33 + ''; 34 + }; 35 + 36 + certificateChain = mkOption { 37 + type = types.nullOr types.path; 38 + default = null; 39 + description = '' 40 + Chain of CA-certificates to which our `certificateFile` is relative. 41 + Optional for TLS. 42 + ''; 43 + }; 44 + 45 + securityPolicy = mkOption { 46 + type = types.enum ["no-tls" "allow-tls" "require-tls"]; 47 + default = "require-tls"; 48 + description = '' 49 + How strictly to enforce clients connection with TLS. 50 + ''; 51 + }; 52 + 53 + port = mkOption { 54 + type = types.int; 55 + default = 6523; 56 + description = '' 57 + Port to listen on 58 + ''; 59 + }; 60 + 61 + rootDirectory = mkOption { 62 + type = types.path; 63 + default = "/var/lib/infinoted/documents/"; 64 + description = '' 65 + Root of the directory structure to serve 66 + ''; 67 + }; 68 + 69 + plugins = mkOption { 70 + type = types.listOf types.str; 71 + default = [ "note-text" "note-chat" "logging" "autosave" ]; 72 + description = '' 73 + Plugins to enable 74 + ''; 75 + }; 76 + 77 + passwordFile = mkOption { 78 + type = types.nullOr types.path; 79 + default = null; 80 + description = '' 81 + File to read server-wide password from 82 + ''; 83 + }; 84 + 85 + extraConfig = mkOption { 86 + type = types.lines; 87 + default = '' 88 + [autosave] 89 + interval=10 90 + ''; 91 + description = '' 92 + Additional configuration to append to infinoted.conf 93 + ''; 94 + }; 95 + 96 + user = mkOption { 97 + type = types.str; 98 + default = "infinoted"; 99 + description = '' 100 + What to call the dedicated user under which infinoted is run 101 + ''; 102 + }; 103 + 104 + group = mkOption { 105 + type = types.str; 106 + default = "infinoted"; 107 + description = '' 108 + What to call the primary group of the dedicated user under which infinoted is run 109 + ''; 110 + }; 111 + }; 112 + 113 + config = mkIf (cfg.enable) { 114 + users.extraUsers = optional (cfg.user == "infinoted") 115 + { name = "infinoted"; 116 + description = "Infinoted user"; 117 + group = cfg.group; 118 + }; 119 + users.extraGroups = optional (cfg.group == "infinoted") 120 + { name = "infinoted"; 121 + }; 122 + 123 + systemd.services.infinoted = 124 + { description = "Gobby Dedicated Server"; 125 + 126 + wantedBy = [ "multi-user.target" ]; 127 + after = [ "network.target" ]; 128 + 129 + serviceConfig = { 130 + Type = "simple"; 131 + Restart = "always"; 132 + ExecStart = "${cfg.package}/bin/infinoted-0.6 --config-file=/var/lib/infinoted/infinoted.conf"; 133 + User = cfg.user; 134 + Group = cfg.group; 135 + PermissionsStartOnly = true; 136 + }; 137 + preStart = '' 138 + mkdir -p /var/lib/infinoted 139 + install -o ${cfg.user} -g ${cfg.group} -m 0600 /dev/null /var/lib/infinoted/infinoted.conf 140 + cat >>/var/lib/infinoted/infinoted.conf <<EOF 141 + [infinoted] 142 + ${optionalString (cfg.keyFile != null) ''key-file=${cfg.keyFile}''} 143 + ${optionalString (cfg.certificateFile != null) ''certificate-file=${cfg.certificateFile}''} 144 + ${optionalString (cfg.certificateChain != null) ''certificate-chain=${cfg.certificateChain}''} 145 + port=${toString cfg.port} 146 + security-policy=${cfg.securityPolicy} 147 + root-directory=${cfg.rootDirectory} 148 + plugins=${concatStringsSep ";" cfg.plugins} 149 + ${optionalString (cfg.passwordFile != null) ''password=$(head -n 1 ${cfg.passwordFile})''} 150 + 151 + ${cfg.extraConfig} 152 + EOF 153 + 154 + install -o ${cfg.user} -g ${cfg.group} -m 0750 -d ${cfg.rootDirectory} 155 + ''; 156 + }; 157 + }; 158 + }