public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/meguca: Various fixes

Browse Source
This commit is contained in:
Okina Matara 2018-08-03 10:59:06 -05:00
parent d49b5bdfb9
commit 36ab89900b
1 changed files with 39 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

79
nixos/modules/services/web-servers/meguca.nix
View File

@ -1,65 +1,71 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
let let
cfg = config.services.meguca; cfg = config.services.meguca;
postgres = config.services.postgresql; postgres = config.services.postgresql;
in in with lib; {
{
options.services.meguca = { options.services.meguca = {
enable = mkEnableOption "meguca"; enable = mkEnableOption "meguca";
baseDir = mkOption { dataDir = mkOption {
type = types.path; type = types.path;
default = "/run/meguca"; default = "/var/lib/meguca";
example = "/home/okina/meguca";
description = "Location where meguca stores it's database and links."; description = "Location where meguca stores it's database and links.";
}; };
password = mkOption { password = mkOption {
type = types.str; type = types.str;
default = "meguca"; default = "meguca";
example = "dumbpass";
description = "Password for the meguca database."; description = "Password for the meguca database.";
}; };
passwordFile = mkOption { passwordFile = mkOption {
type = types.path; type = types.path;
default = "/run/keys/meguca-password-file"; default = "/run/keys/meguca-password-file";
example = "/home/okina/meguca/keys/pass";
description = "Password file for the meguca database."; description = "Password file for the meguca database.";
}; };
reverseProxy = mkOption { reverseProxy = mkOption {
type = types.nullOr types.str; type = types.nullOr types.str;
default = null; default = null;
example = "192.168.1.5";
description = "Reverse proxy IP."; description = "Reverse proxy IP.";
}; };
sslCertificate = mkOption { sslCertificate = mkOption {
type = types.nullOr types.str; type = types.nullOr types.str;
default = null; default = null;
example = "/home/okina/meguca/ssl.cert";
description = "Path to the SSL certificate."; description = "Path to the SSL certificate.";
}; };
listenAddress = mkOption { listenAddress = mkOption {
type = types.nullOr types.str; type = types.nullOr types.str;
default = null; default = null;
example = "127.0.0.1:8000";
description = "Listen on a specific IP address and port."; description = "Listen on a specific IP address and port.";
}; };
cacheSize = mkOption { cacheSize = mkOption {
type = types.nullOr types.int; type = types.nullOr types.int;
default = null; default = null;
example = 256;
description = "Cache size in MB."; description = "Cache size in MB.";
}; };
postgresArgs = mkOption { postgresArgs = mkOption {
type = types.str; type = types.str;
default = "user=meguca password=" + cfg.password + " dbname=meguca sslmode=disable"; example = "user=meguca password=dumbpass dbname=meguca sslmode=disable";
description = "Postgresql connection arguments."; description = "Postgresql connection arguments.";
}; };
postgresArgsFile = mkOption { postgresArgsFile = mkOption {
type = types.path; type = types.path;
default = "/run/keys/meguca-postgres-args"; default = "/run/keys/meguca-postgres-args";
example = "/home/okina/meguca/keys/postgres";
description = "Postgresql connection arguments file."; description = "Postgresql connection arguments file.";
}; };
@ -83,18 +89,11 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
security.sudo.enable = cfg.enable == true; security.sudo.enable = cfg.enable;
services.postgresql.enable = cfg.enable == true; services.postgresql.enable = cfg.enable;
services.meguca.passwordFile = mkDefault (pkgs.writeText "meguca-password-file" cfg.password);
services.meguca.passwordFile = mkDefault (toString (pkgs.writeTextFile { services.meguca.postgresArgsFile = mkDefault (pkgs.writeText "meguca-postgres-args" cfg.postgresArgs);
name = "meguca-password-file"; services.meguca.postgresArgs = mkDefault "user=meguca password=${cfg.password} dbname=meguca sslmode=disable";
text = cfg.password;
}));
services.meguca.postgresArgsFile = mkDefault (toString (pkgs.writeTextFile {
name = "meguca-postgres-args";
text = cfg.postgresArgs;
}));
systemd.services.meguca = { systemd.services.meguca = {
description = "meguca"; description = "meguca";
@ -102,10 +101,11 @@ in
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
preStart = '' preStart = ''
# Ensure folder exists and links are correct or create them # Ensure folder exists or create it and links and permissions are correct
mkdir -p ${cfg.baseDir} mkdir -p ${escapeShellArg cfg.dataDir}
chmod 750 ${cfg.baseDir} ln -sf ${pkgs.meguca}/share/meguca/www ${escapeShellArg cfg.dataDir}
ln -sf ${pkgs.meguca}/share/meguca/www ${cfg.baseDir} chmod 750 ${escapeShellArg cfg.dataDir}
chown -R meguca:meguca ${escapeShellArg cfg.dataDir}
# Ensure the database is correct or create it # Ensure the database is correct or create it
${pkgs.sudo}/bin/sudo -u ${postgres.superUser} ${postgres.package}/bin/createuser \ ${pkgs.sudo}/bin/sudo -u ${postgres.superUser} ${postgres.package}/bin/createuser \
@ -113,47 +113,46 @@ in
${pkgs.sudo}/bin/sudo -u ${postgres.superUser} ${postgres.package}/bin/createdb \ ${pkgs.sudo}/bin/sudo -u ${postgres.superUser} ${postgres.package}/bin/createdb \
-T template0 -E UTF8 -O meguca meguca || true -T template0 -E UTF8 -O meguca meguca || true
${pkgs.sudo}/bin/sudo -u meguca ${postgres.package}/bin/psql \ ${pkgs.sudo}/bin/sudo -u meguca ${postgres.package}/bin/psql \
-c "ALTER ROLE meguca WITH PASSWORD '$(cat ${cfg.passwordFile})';" || true -c "ALTER ROLE meguca WITH PASSWORD '$(cat ${escapeShellArg cfg.passwordFile})';" || true
''; '';
script = '' script = ''
cd ${cfg.baseDir} cd ${escapeShellArg cfg.dataDir}
${pkgs.meguca}/bin/meguca -d "$(cat ${cfg.postgresArgsFile})"\ ${pkgs.meguca}/bin/meguca -d "$(cat ${escapeShellArg cfg.postgresArgsFile})"''
${optionalString (cfg.reverseProxy != null) " -R ${cfg.reverseProxy}"}\ + optionalString (cfg.reverseProxy != null) " -R ${cfg.reverseProxy}"
${optionalString (cfg.sslCertificate != null) " -S ${cfg.sslCertificate}"}\ + optionalString (cfg.sslCertificate != null) " -S ${cfg.sslCertificate}"
${optionalString (cfg.listenAddress != null) " -a ${cfg.listenAddress}"}\ + optionalString (cfg.listenAddress != null) " -a ${cfg.listenAddress}"
${optionalString (cfg.cacheSize != null) " -c ${toString cfg.cacheSize}"}\ + optionalString (cfg.cacheSize != null) " -c ${toString cfg.cacheSize}"
${optionalString (cfg.compressTraffic) " -g"}\ + optionalString (cfg.compressTraffic) " -g"
${optionalString (cfg.assumeReverseProxy) " -r"}\ + optionalString (cfg.assumeReverseProxy) " -r"
${optionalString (cfg.httpsOnly) " -s"} start + optionalString (cfg.httpsOnly) " -s" + " start";
'';
serviceConfig = { serviceConfig = {
PermissionsStartOnly = true; PermissionsStartOnly = true;
Type = "forking"; Type = "forking";
User = "meguca"; User = "meguca";
Group = "meguca"; Group = "meguca";
RuntimeDirectory = "meguca";
ExecStop = "${pkgs.meguca}/bin/meguca stop"; ExecStop = "${pkgs.meguca}/bin/meguca stop";
}; };
}; };
users = { users = {
groups.meguca.gid = config.ids.gids.meguca;
users.meguca = { users.meguca = {
description = "meguca server service user"; description = "meguca server service user";
home = cfg.baseDir; home = cfg.dataDir;
createHome = true; createHome = true;
group = "meguca"; group = "meguca";
uid = config.ids.uids.meguca; uid = config.ids.uids.meguca;
}; };
groups.meguca = {
gid = config.ids.gids.meguca;
members = [ "meguca" ];
};
}; };
}; };
imports = [
(mkRenamedOptionModule [ "services" "meguca" "baseDir" ] [ "services" "meguca" "dataDir" ])
];
meta.maintainers = with maintainers; [ chiiruno ]; meta.maintainers = with maintainers; [ chiiruno ];
} }