diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index 1ccfba68453..339f178e2b2 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -454,6 +454,7 @@
./services/misc/domoticz.nix
./services/misc/errbot.nix
./services/misc/etcd.nix
+ ./services/misc/etebase-server.nix
./services/misc/ethminer.nix
./services/misc/exhibitor.nix
./services/misc/felix.nix
diff --git a/nixos/modules/services/misc/etebase-server.nix b/nixos/modules/services/misc/etebase-server.nix
new file mode 100644
index 00000000000..d9d12698d79
--- /dev/null
+++ b/nixos/modules/services/misc/etebase-server.nix
@@ -0,0 +1,205 @@
+{ config, pkgs, lib, ... }:
+
+with lib;
+
+let
+ cfg = config.services.etebase-server;
+
+ pythonEnv = pkgs.python3.withPackages (ps: with ps;
+ [ etebase-server daphne ]);
+
+ dbConfig = {
+ sqlite3 = ''
+ engine = django.db.backends.sqlite3
+ name = ${cfg.dataDir}/db.sqlite3
+ '';
+ };
+
+ defaultConfigIni = toString (pkgs.writeText "etebase-server.ini" ''
+ [global]
+ debug = false
+ secret_file = ${if cfg.secretFile != null then cfg.secretFile else ""}
+ media_root = ${cfg.dataDir}/media
+
+ [allowed_hosts]
+ allowed_host1 = ${cfg.host}
+
+ [database]
+ ${dbConfig."${cfg.database.type}"}
+ '');
+
+ configIni = if cfg.customIni != null then cfg.customIni else defaultConfigIni;
+
+ defaultUser = "etebase-server";
+in
+{
+ options = {
+ services.etebase-server = {
+ enable = mkOption {
+ type = types.bool;
+ default = false;
+ example = true;
+ description = ''
+ Whether to enable the Etebase server.
+
+ Once enabled you need to create an admin user using the
+ shell command etebase-server createsuperuser.
+ Then you can login and create accounts on your-etebase-server.com/admin
+ '';
+ };
+
+ secretFile = mkOption {
+ default = null;
+ type = with types; nullOr str;
+ description = ''
+ The path to a file containing the secret
+ used as django's SECRET_KEY.
+ '';
+ };
+
+ dataDir = mkOption {
+ type = types.str;
+ default = "/var/lib/etebase-server";
+ description = "Directory to store the Etebase server data.";
+ };
+
+ port = mkOption {
+ type = with types; nullOr port;
+ default = 8001;
+ description = "Port to listen on.";
+ };
+
+ openFirewall = mkOption {
+ type = types.bool;
+ default = false;
+ description = ''
+ Whether to open ports in the firewall for the server.
+ '';
+ };
+
+ host = mkOption {
+ type = types.str;
+ default = "0.0.0.0";
+ example = "localhost";
+ description = ''
+ Host to listen on.
+ '';
+ };
+
+ unixSocket = mkOption {
+ type = with types; nullOr str;
+ default = null;
+ description = "The path to the socket to bind to.";
+ example = "/run/etebase-server/etebase-server.sock";
+ };
+
+ database = {
+ type = mkOption {
+ type = types.enum [ "sqlite3" ];
+ default = "sqlite3";
+ description = ''
+ Database engine to use.
+ Currently only sqlite3 is supported.
+ Other options can be configured using extraConfig.
+ '';
+ };
+ };
+
+ customIni = mkOption {
+ type = with types; nullOr str;
+ default = null;
+ description = ''
+ Custom etebase-server.ini.
+
+ See etebase-src/etebase-server.ini.example for available options.
+
+ Setting this option overrides the default config which is generated from the options
+ secretFile, host and database.
+ '';
+ example = literalExample ''
+ [global]
+ debug = false
+ secret_file = /path/to/secret
+ media_root = /path/to/media
+
+ [allowed_hosts]
+ allowed_host1 = example.com
+
+ [database]
+ engine = django.db.backends.sqlite3
+ name = db.sqlite3
+ '';
+ };
+
+ user = mkOption {
+ type = types.str;
+ default = defaultUser;
+ description = "User under which Etebase server runs.";
+ };
+ };
+ };
+
+ config = mkIf cfg.enable {
+
+ environment.systemPackages = with pkgs; [
+ (runCommand "etebase-server" {
+ buildInputs = [ makeWrapper ];
+ } ''
+ makeWrapper ${pythonEnv}/bin/etebase-server \
+ $out/bin/etebase-server \
+ --run "cd ${cfg.dataDir}" \
+ --prefix ETEBASE_EASY_CONFIG_PATH : "${configIni}"
+ '')
+ ];
+
+ systemd.tmpfiles.rules = [
+ "d '${cfg.dataDir}' - ${cfg.user} ${config.users.users.${cfg.user}.group} - -"
+ ];
+
+ systemd.services.etebase-server = {
+ description = "An Etebase (EteSync 2.0) server";
+ after = [ "network.target" "systemd-tmpfiles-setup.service" ];
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ User = cfg.user;
+ Restart = "always";
+ WorkingDirectory = cfg.dataDir;
+ };
+ environment = {
+ PYTHONPATH="${pythonEnv}/${pkgs.python3.sitePackages}";
+ ETEBASE_EASY_CONFIG_PATH="${configIni}";
+ };
+ preStart = ''
+ # Auto-migrate on first run or if the package has changed
+ versionFile="${cfg.dataDir}/src-version"
+ if [[ $(cat "$versionFile" 2>/dev/null) != ${pkgs.etebase-server} ]]; then
+ ${pythonEnv}/bin/etebase-server migrate
+ echo ${pkgs.etebase-server} > "$versionFile"
+ fi
+ '';
+ script =
+ let
+ networking = if cfg.unixSocket != null
+ then "-u ${cfg.unixSocket}"
+ else "-b 0.0.0.0 -p ${toString cfg.port}";
+ in ''
+ cd "${pythonEnv}/lib/etebase-server";
+ ${pythonEnv}/bin/daphne ${networking} \
+ etebase_server.asgi:application
+ '';
+ };
+
+ users = optionalAttrs (cfg.user == defaultUser) {
+ users.${defaultUser} = {
+ group = defaultUser;
+ home = cfg.dataDir;
+ };
+
+ groups.${defaultUser} = {};
+ };
+
+ networking.firewall = mkIf cfg.openFirewall {
+ allowedTCPPorts = [ cfg.port ];
+ };
+ };
+}