pyrox.dev / nixpkgs
lol
fork atom

Merge pull request #29869 from Nadrieril/syncserver-fup

syncserver service: follow-up of #28189

authored by

Joachim F and committed by
GitHub faf07216 67c5cb23

+24 -29
unified split
+1
lib/maintainers.nix
··· 479 mudri = "James Wood <lamudri@gmail.com>"; 480 muflax = "Stefan Dorn <mail@muflax.com>"; 481 myrl = "Myrl Hex <myrl.0xf@gmail.com>"; 482 namore = "Roman Naumann <namor@hemio.de>"; 483 nand0p = "Fernando Jose Pando <nando@hex7.com>"; 484 Nate-Devv = "Nathan Moore <natedevv@gmail.com>";
··· 479 mudri = "James Wood <lamudri@gmail.com>"; 480 muflax = "Stefan Dorn <mail@muflax.com>"; 481 myrl = "Myrl Hex <myrl.0xf@gmail.com>"; 482 + nadrieril = "Nadrieril Feneanar <nadrieril@gmail.com>"; 483 namore = "Roman Naumann <namor@hemio.de>"; 484 nand0p = "Fernando Jose Pando <nando@hex7.com>"; 485 Nate-Devv = "Nathan Moore <natedevv@gmail.com>";
+2
nixos/modules/rename.nix
··· 205 "See the 16.09 release notes for more information.") 206 (mkRemovedOptionModule [ "services" "phpfpm" "phpIni" ] "") 207 (mkRemovedOptionModule [ "services" "dovecot2" "package" ] "") 208 (mkRemovedOptionModule [ "fonts" "fontconfig" "hinting" "style" ] "") 209 (mkRemovedOptionModule [ "services" "xserver" "displayManager" "sddm" "themes" ] 210 "Set the option `services.xserver.displayManager.sddm.package' instead.")
··· 205 "See the 16.09 release notes for more information.") 206 (mkRemovedOptionModule [ "services" "phpfpm" "phpIni" ] "") 207 (mkRemovedOptionModule [ "services" "dovecot2" "package" ] "") 208 + (mkRemovedOptionModule [ "services" "firefox" "syncserver" "user" ] "") 209 + (mkRemovedOptionModule [ "services" "firefox" "syncserver" "group" ] "") 210 (mkRemovedOptionModule [ "fonts" "fontconfig" "hinting" "style" ] "") 211 (mkRemovedOptionModule [ "services" "xserver" "displayManager" "sddm" "themes" ] 212 "Set the option `services.xserver.displayManager.sddm.package' instead.")
+21 -29
nixos/modules/services/networking/firefox/sync-server.nix
··· 33 in 34 35 { 36 options = { 37 services.firefox.syncserver = { 38 enable = mkOption { ··· 70 ''; 71 }; 72 73 - user = mkOption { 74 - type = types.str; 75 - default = "syncserver"; 76 - description = "User account under which syncserver runs."; 77 - }; 78 - 79 - group = mkOption { 80 - type = types.str; 81 - default = "syncserver"; 82 - description = "Group account under which syncserver runs."; 83 - }; 84 - 85 publicUrl = mkOption { 86 type = types.str; 87 default = "http://localhost:5000/"; ··· 137 config = mkIf cfg.enable { 138 139 systemd.services.syncserver = let 140 - syncServerEnv = pkgs.python.withPackages(ps: with ps; [ syncserver pasteScript ]); 141 in { 142 after = [ "network.target" ]; 143 description = "Firefox Sync Server"; ··· 145 path = [ pkgs.coreutils syncServerEnv ]; 146 147 serviceConfig = { 148 - User = cfg.user; 149 - Group = cfg.group; 150 PermissionsStartOnly = true; 151 }; 152 153 preStart = '' 154 if ! test -e ${cfg.privateConfig}; then 155 - mkdir -m 700 -p $(dirname ${cfg.privateConfig}) 156 echo > ${cfg.privateConfig} '[syncserver]' 157 echo >> ${cfg.privateConfig} "secret = $(head -c 20 /dev/urandom | sha1sum | tr -d ' -')" 158 fi 159 - chown ${cfg.user}:${cfg.group} ${cfg.privateConfig} 160 '' + optionalString (cfg.sqlUri == defaultSqlUri) '' 161 if ! test -e $(dirname ${defaultDbLocation}); then 162 mkdir -m 700 -p $(dirname ${defaultDbLocation}) 163 - chown ${cfg.user}:${cfg.group} $(dirname ${defaultDbLocation}) 164 fi 165 # Move previous database file if it exists 166 oldDb="/var/db/firefox-sync-server.db" 167 if test -f $oldDb; then 168 mv $oldDb ${defaultDbLocation} 169 - chown ${cfg.user}:${cfg.group} ${defaultDbLocation} 170 fi 171 ''; 172 serviceConfig.ExecStart = "${syncServerEnv}/bin/paster serve ${syncServerIni}"; 173 }; 174 175 - users.extraUsers = optionalAttrs (cfg.user == "syncserver") 176 - (singleton { 177 - name = "syncserver"; 178 - group = cfg.group; 179 - isSystemUser = true; 180 - }); 181 182 - users.extraGroups = optionalAttrs (cfg.group == "syncserver") 183 - (singleton { 184 - name = "syncserver"; 185 - }); 186 }; 187 }
··· 33 in 34 35 { 36 + meta.maintainers = with lib.maintainers; [ nadrieril ]; 37 + 38 options = { 39 services.firefox.syncserver = { 40 enable = mkOption { ··· 72 ''; 73 }; 74 75 publicUrl = mkOption { 76 type = types.str; 77 default = "http://localhost:5000/"; ··· 127 config = mkIf cfg.enable { 128 129 systemd.services.syncserver = let 130 + syncServerEnv = pkgs.python.withPackages(ps: with ps; [ syncserver pasteScript requests ]); 131 + user = "syncserver"; 132 + group = "syncserver"; 133 in { 134 after = [ "network.target" ]; 135 description = "Firefox Sync Server"; ··· 137 path = [ pkgs.coreutils syncServerEnv ]; 138 139 serviceConfig = { 140 + User = user; 141 + Group = group; 142 PermissionsStartOnly = true; 143 }; 144 145 preStart = '' 146 if ! test -e ${cfg.privateConfig}; then 147 + mkdir -p $(dirname ${cfg.privateConfig}) 148 echo > ${cfg.privateConfig} '[syncserver]' 149 + chmod 600 ${cfg.privateConfig} 150 echo >> ${cfg.privateConfig} "secret = $(head -c 20 /dev/urandom | sha1sum | tr -d ' -')" 151 fi 152 + chmod 600 ${cfg.privateConfig} 153 + chmod 755 $(dirname ${cfg.privateConfig}) 154 + chown ${user}:${group} ${cfg.privateConfig} 155 + 156 '' + optionalString (cfg.sqlUri == defaultSqlUri) '' 157 if ! test -e $(dirname ${defaultDbLocation}); then 158 mkdir -m 700 -p $(dirname ${defaultDbLocation}) 159 + chown ${user}:${group} $(dirname ${defaultDbLocation}) 160 fi 161 + 162 # Move previous database file if it exists 163 oldDb="/var/db/firefox-sync-server.db" 164 if test -f $oldDb; then 165 mv $oldDb ${defaultDbLocation} 166 + chown ${user}:${group} ${defaultDbLocation} 167 fi 168 ''; 169 serviceConfig.ExecStart = "${syncServerEnv}/bin/paster serve ${syncServerIni}"; 170 }; 171 172 + users.users.syncserver = { 173 + group = "syncserver"; 174 + isSystemUser = true; 175 + }; 176 177 + users.groups.syncserver = {}; 178 }; 179 }