nixos/zeronet: Improved config, dynamic user, remove static UI… (#70305)

nixos/zeronet: Improved config, dynamic user, remove static UID and GID
2019-10-04 10:23:13 +01:00 · 2019-10-04 10:23:13 +01:00 · bf3360cdcf
parent 161c9dc15d 5c18c08da9
commit bf3360cdcf
2 changed files with 34 additions and 60 deletions
--- a/nixos/modules/misc/ids.nix
+++ b/nixos/modules/misc/ids.nix
@ -328,7 +328,7 @@
      qemu-libvirtd = 301;
      # kvm = 302; # unused
      # render = 303; # unused
-      zeronet = 304;
+      # zeronet = 304; # removed 2019-01-03
      lirc = 305;
      lidarr = 306;
      slurm = 307;
@ -629,7 +629,7 @@
      qemu-libvirtd = 301;
      kvm = 302; # default udev rules from systemd requires these
      render = 303; # default udev rules from systemd requires these
-      zeronet = 304;
+      # zeronet = 304; # removed 2019-01-03
      lirc = 305;
      lidarr = 306;
      slurm = 307;
--- a/nixos/modules/services/networking/zeronet.nix
+++ b/nixos/modules/services/networking/zeronet.nix
@ -1,44 +1,39 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib) generators literalExample mkEnableOption mkIf mkOption recursiveUpdate types;
  cfg = config.services.zeronet;
  dataDir = "/var/lib/zeronet";
  configFile = pkgs.writeText "zeronet.conf" (generators.toINI {} (recursiveUpdate defaultSettings cfg.settings));
-  zConfFile = pkgs.writeTextFile {
+  defaultSettings = {
-    name = "zeronet.conf";
+    global = {
-
+      data_dir = dataDir;
-    text = ''
+      log_dir = dataDir;
-      [global]
+      ui_port = cfg.port;
-      data_dir = ${cfg.dataDir}
+      fileserver_port = cfg.fileserverPort;
-      log_dir = ${cfg.logDir}
+      tor = if !cfg.tor then "disable" else if cfg.torAlways then "always" else "enable";
-    '' + lib.optionalString (cfg.port != null) ''
+    };
      ui_port = ${toString cfg.port}
    '' + lib.optionalString (cfg.fileserverPort != null) ''
      fileserver_port = ${toString cfg.fileserverPort}
    '' + lib.optionalString (cfg.torAlways) ''
      tor = always
    '' + cfg.extraConfig;
  };
 in with lib; {
  options.services.zeronet = {
    enable = mkEnableOption "zeronet";
-    dataDir = mkOption {
+    settings = mkOption {
-      type = types.path;
+      type = with types; attrsOf (oneOf [ str int bool (listOf str) ]);
-      default = "/var/lib/zeronet";
+      default = {};
-      example = "/home/okina/zeronet";
+      example = literalExample "global.tor = enable;";
      description = "Path to the zeronet data directory.";
    };
-    logDir = mkOption {
+      description = ''
-      type = types.path;
+        <filename>zeronet.conf</filename> configuration. Refer to
-      default = "/var/log/zeronet";
+        <link xlink:href="https://zeronet.readthedocs.io/en/latest/faq/#is-it-possible-to-use-a-configuration-file"/>
-      example = "/home/okina/zeronet/log";
+        for details on supported values;
-      description = "Path to the zeronet log directory.";
+      '';
    };
    port = mkOption {
-      type = types.nullOr types.int;
+      type = types.int;
-      default = null;
+      default = 43110;
      example = 43110;
      description = "Optional zeronet web UI port.";
    };
@ -63,22 +58,13 @@ in with lib; {
      default = false;
      description = "Use TOR for all zeronet traffic.";
    };
    extraConfig = mkOption {
      type = types.lines;
      default = "";
      description = ''
        Extra configuration. Contents will be added verbatim to the
        configuration file at the end.
      '';
    };
  };
  config = mkIf cfg.enable {
    services.tor = mkIf cfg.tor {
      enable = true;
      controlPort = 9051;
      extraConfig = ''
        CacheDirectoryGroupReadable 1
        CookieAuthentication 1
@ -86,37 +72,25 @@ in with lib; {
      '';
    };
    systemd.tmpfiles.rules = [
      "d '${cfg.dataDir}' 750 zeronet zeronet - -"
      "d '${cfg.logDir}' 750 zeronet zeronet - -"
    ];
    systemd.services.zeronet = {
      description = "zeronet";
      after = [ "network.target" (optionalString cfg.tor "tor.service") ];
      wantedBy = [ "multi-user.target" ];
      serviceConfig = {
        PrivateTmp = "yes";
        User = "zeronet";
-        Group = "zeronet";
+        DynamicUser = true;
-        ExecStart = "${pkgs.zeronet}/bin/zeronet --config_file ${zConfFile}";
+        StateDirectory = "zeronet";
-      };
+        SupplementaryGroups = mkIf cfg.tor [ "tor" ];
-    };
+        ExecStart = "${pkgs.zeronet}/bin/zeronet --config_file ${configFile}";
    users = {
      groups.zeronet.gid = config.ids.gids.zeronet;
      users.zeronet = {
        description = "zeronet service user";
        home = cfg.dataDir;
        createHome = true;
        group = "zeronet";
        extraGroups = mkIf cfg.tor [ "tor" ];
        uid = config.ids.uids.zeronet;
      };
    };
  };
  imports = [
    (mkRemovedOptionModule [ "services" "zeronet" "dataDir" ] "Zeronet will store data by default in /var/lib/zeronet")
    (mkRemovedOptionModule [ "services" "zeronet" "logDir" ] "Zeronet will log by default in /var/lib/zeronet")
  ];
  meta.maintainers = with maintainers; [ chiiruno ];
 }