From 36ab89900b51ed4e1d1407caa225e28c1df9da97 Mon Sep 17 00:00:00 2001 From: Okina Matara Date: Fri, 3 Aug 2018 10:59:06 -0500 Subject: [PATCH] nixos/meguca: Various fixes --- nixos/modules/services/web-servers/meguca.nix | 79 +++++++++---------- 1 file changed, 39 insertions(+), 40 deletions(-) diff --git a/nixos/modules/services/web-servers/meguca.nix b/nixos/modules/services/web-servers/meguca.nix index ed7325ff079..11aebcb91d8 100644 --- a/nixos/modules/services/web-servers/meguca.nix +++ b/nixos/modules/services/web-servers/meguca.nix @@ -1,65 +1,71 @@ { config, lib, pkgs, ... }: -with lib; let cfg = config.services.meguca; postgres = config.services.postgresql; -in -{ +in with lib; { options.services.meguca = { enable = mkEnableOption "meguca"; - baseDir = mkOption { + dataDir = mkOption { type = types.path; - default = "/run/meguca"; + default = "/var/lib/meguca"; + example = "/home/okina/meguca"; description = "Location where meguca stores it's database and links."; }; password = mkOption { type = types.str; default = "meguca"; + example = "dumbpass"; description = "Password for the meguca database."; }; passwordFile = mkOption { type = types.path; default = "/run/keys/meguca-password-file"; + example = "/home/okina/meguca/keys/pass"; description = "Password file for the meguca database."; }; reverseProxy = mkOption { type = types.nullOr types.str; default = null; + example = "192.168.1.5"; description = "Reverse proxy IP."; }; sslCertificate = mkOption { type = types.nullOr types.str; default = null; + example = "/home/okina/meguca/ssl.cert"; description = "Path to the SSL certificate."; }; listenAddress = mkOption { type = types.nullOr types.str; default = null; + example = "127.0.0.1:8000"; description = "Listen on a specific IP address and port."; }; cacheSize = mkOption { type = types.nullOr types.int; default = null; + example = 256; description = "Cache size in MB."; }; postgresArgs = mkOption { type = types.str; - default = "user=meguca password=" + cfg.password + " dbname=meguca sslmode=disable"; + example = "user=meguca password=dumbpass dbname=meguca sslmode=disable"; description = "Postgresql connection arguments."; }; postgresArgsFile = mkOption { type = types.path; default = "/run/keys/meguca-postgres-args"; + example = "/home/okina/meguca/keys/postgres"; description = "Postgresql connection arguments file."; }; @@ -83,18 +89,11 @@ in }; config = mkIf cfg.enable { - security.sudo.enable = cfg.enable == true; - services.postgresql.enable = cfg.enable == true; - - services.meguca.passwordFile = mkDefault (toString (pkgs.writeTextFile { - name = "meguca-password-file"; - text = cfg.password; - })); - - services.meguca.postgresArgsFile = mkDefault (toString (pkgs.writeTextFile { - name = "meguca-postgres-args"; - text = cfg.postgresArgs; - })); + security.sudo.enable = cfg.enable; + services.postgresql.enable = cfg.enable; + services.meguca.passwordFile = mkDefault (pkgs.writeText "meguca-password-file" cfg.password); + services.meguca.postgresArgsFile = mkDefault (pkgs.writeText "meguca-postgres-args" cfg.postgresArgs); + services.meguca.postgresArgs = mkDefault "user=meguca password=${cfg.password} dbname=meguca sslmode=disable"; systemd.services.meguca = { description = "meguca"; @@ -102,10 +101,11 @@ in wantedBy = [ "multi-user.target" ]; preStart = '' - # Ensure folder exists and links are correct or create them - mkdir -p ${cfg.baseDir} - chmod 750 ${cfg.baseDir} - ln -sf ${pkgs.meguca}/share/meguca/www ${cfg.baseDir} + # Ensure folder exists or create it and links and permissions are correct + mkdir -p ${escapeShellArg cfg.dataDir} + ln -sf ${pkgs.meguca}/share/meguca/www ${escapeShellArg cfg.dataDir} + chmod 750 ${escapeShellArg cfg.dataDir} + chown -R meguca:meguca ${escapeShellArg cfg.dataDir} # Ensure the database is correct or create it ${pkgs.sudo}/bin/sudo -u ${postgres.superUser} ${postgres.package}/bin/createuser \ @@ -113,47 +113,46 @@ in ${pkgs.sudo}/bin/sudo -u ${postgres.superUser} ${postgres.package}/bin/createdb \ -T template0 -E UTF8 -O meguca meguca || true ${pkgs.sudo}/bin/sudo -u meguca ${postgres.package}/bin/psql \ - -c "ALTER ROLE meguca WITH PASSWORD '$(cat ${cfg.passwordFile})';" || true + -c "ALTER ROLE meguca WITH PASSWORD '$(cat ${escapeShellArg cfg.passwordFile})';" || true ''; script = '' - cd ${cfg.baseDir} + cd ${escapeShellArg cfg.dataDir} - ${pkgs.meguca}/bin/meguca -d "$(cat ${cfg.postgresArgsFile})"\ - ${optionalString (cfg.reverseProxy != null) " -R ${cfg.reverseProxy}"}\ - ${optionalString (cfg.sslCertificate != null) " -S ${cfg.sslCertificate}"}\ - ${optionalString (cfg.listenAddress != null) " -a ${cfg.listenAddress}"}\ - ${optionalString (cfg.cacheSize != null) " -c ${toString cfg.cacheSize}"}\ - ${optionalString (cfg.compressTraffic) " -g"}\ - ${optionalString (cfg.assumeReverseProxy) " -r"}\ - ${optionalString (cfg.httpsOnly) " -s"} start - ''; + ${pkgs.meguca}/bin/meguca -d "$(cat ${escapeShellArg cfg.postgresArgsFile})"'' + + optionalString (cfg.reverseProxy != null) " -R ${cfg.reverseProxy}" + + optionalString (cfg.sslCertificate != null) " -S ${cfg.sslCertificate}" + + optionalString (cfg.listenAddress != null) " -a ${cfg.listenAddress}" + + optionalString (cfg.cacheSize != null) " -c ${toString cfg.cacheSize}" + + optionalString (cfg.compressTraffic) " -g" + + optionalString (cfg.assumeReverseProxy) " -r" + + optionalString (cfg.httpsOnly) " -s" + " start"; serviceConfig = { PermissionsStartOnly = true; Type = "forking"; User = "meguca"; Group = "meguca"; - RuntimeDirectory = "meguca"; ExecStop = "${pkgs.meguca}/bin/meguca stop"; }; }; users = { + groups.meguca.gid = config.ids.gids.meguca; + users.meguca = { description = "meguca server service user"; - home = cfg.baseDir; + home = cfg.dataDir; createHome = true; group = "meguca"; uid = config.ids.uids.meguca; }; - - groups.meguca = { - gid = config.ids.gids.meguca; - members = [ "meguca" ]; - }; }; }; + imports = [ + (mkRenamedOptionModule [ "services" "meguca" "baseDir" ] [ "services" "meguca" "dataDir" ]) + ]; + meta.maintainers = with maintainers; [ chiiruno ]; }