soopy.moe / knotserver-module
a more proper nixos module for the tangled knotserver
fork atom
Nix 88.9%
Other 11.1%
20 2 0

Clone this repository

https://tangled.org/soopy.moe/knotserver-module
git@tangled.org:soopy.moe/knotserver-module

For self-hosted knots, clone URLs may differ based on your setup.

Download tar.gz
readme.md

knotserver-module#

this flake contains an modified alternative (maybe opinionated) nixos module to the one provided in the official core flake.

this module enables some extra things not in the official module. at time of writing, those are:

  • securely define secrets like KNOT_SERVER_SECRET via an environment file (i.e. .env)
  • proper support for services.tangled-knotserver.server.internalListenAddr
  • proper(-ish) support for setting a gitUser
    • not 100% perfect because appview still displays git as the clone user.
  • allow setting extra options via environment variables with a freeform option services.tangled-knotserver.extraConfig
  • does not add an unnecessary overlay to your system
    • this also fixes a pitfall where the user's nixpkgs version doesn't match the flake's nixpkgs version (and thus the imported overlay's version in the module), and there were changes to the derivation argument.

and some minor opinionated things like

  • better fhs compliance
    • according to some fhs is mostly a meme, but i personally don't like the idea of having executables in /etc. putting a wrapped executable in /run is probably still not compliant, but i believe it makes more sense there than a directory with mostly configuration files.
    • logging to /var/log/knotserver prevents other users from messing around with repoguard, possibly a dos by just creating /tmp/repoguard.log.
    • these changes should not affect usage at all, just implementation details.

usage#

add this flake to your inputs, then import the module to your nixos config.

whilst not required, it is recommended to add the core flake and let the module flake follow that input, since i don't have all day updating this repo.

{
  inputs = {
    # ...other stuff like nixpkgs
    tangled.url = "git+https://tangled.sh/@tangled.sh/core";
    knotserver-module = {
      url = "git+https://tangled.sh/@soopy.moe/knotserver-module";
      inputs.tangledCore.follows = "tangled";
    };
  };

  outputs = {nixpkgs, knotserver-module, ...}: {
    nixosConfigurations.saturday = nixpkgs.lib.nixosSystem {
      modules = [
        knotserver-module.nixosModules.default
        ./configuration.nix
      ];
    };
  };
}

stability#

this module is stable to use.

we're also dogfooding this module here.

please don't go to tangled for support if you use the module, make an issue on this repo instead. i also idle in irc://irc.libera.chat/#tangled as soopyc if you prefer instant messaging.

license#

mit, because i literally extracted and modified the entire module from the original flake.