]>
Commit | Line | Data |
---|---|---|
1a64deeb IB |
1 | { |
2 | description = "Your self-hosted, globally interconnected microblogging community"; | |
3 | inputs.flake-utils.url = "github:numtide/flake-utils"; | |
4 | inputs.nixpkgs = { | |
5 | url = "github:NixOS/nixpkgs/840c782d507d60aaa49aa9e3f6d0b0e780912742"; | |
6 | flake = false; | |
7 | }; | |
8 | inputs.etherpad-lite = { | |
9 | url = "github:ether/etherpad-lite/1.8.3"; | |
10 | flake = false; | |
11 | }; | |
12 | inputs.mypackages.url = "path:../mypackages"; | |
13 | ||
14 | outputs = { self, nixpkgs, etherpad-lite, flake-utils, mypackages }: flake-utils.lib.eachSystem ["x86_64-linux"] (system: | |
15 | let | |
16 | pkgs = import nixpkgs { inherit system; overlays = []; }; | |
17 | version = (builtins.fromJSON (builtins.readFile ./flake.lock)).nodes.etherpad-lite.original.ref; | |
18 | inherit (pkgs) callPackage; | |
19 | in rec { | |
20 | packages.etherpad-lite = callPackage ./. { inherit (mypackages.mylibs) nodeEnv; src = etherpad-lite // { inherit version; }; }; | |
21 | defaultPackage = packages.etherpad-lite; | |
22 | legacyPackages.etherpad-lite = packages.etherpad-lite; | |
23 | checks = { | |
24 | build = defaultPackage; | |
25 | }; | |
26 | } | |
27 | ) // rec { | |
28 | overlays = { | |
29 | etherpad-lite = final: prev: { | |
30 | etherpad-lite = self.defaultPackage."${final.system}"; | |
31 | }; | |
32 | }; | |
33 | overlay = overlays.etherpad-lite; | |
34 | nixosModule = { lib, pkgs, config, ... }: | |
35 | let | |
36 | name = "etherpad-lite"; | |
37 | cfg = config.services.etherpad-lite; | |
38 | in | |
39 | { | |
40 | options.services.etherpad-lite = { | |
41 | enable = lib.mkEnableOption "Enable Etherpad lite’s service"; | |
42 | user = lib.mkOption { | |
43 | type = lib.types.str; | |
44 | default = name; | |
45 | description = "User account under which Etherpad lite runs"; | |
46 | }; | |
47 | group = lib.mkOption { | |
48 | type = lib.types.str; | |
49 | default = name; | |
50 | description = "Group under which Etherpad lite runs"; | |
51 | }; | |
52 | dataDir = lib.mkOption { | |
53 | type = lib.types.path; | |
54 | default = "/var/lib/${name}"; | |
55 | description = '' | |
56 | The directory where Etherpad lite stores its data. | |
57 | ''; | |
58 | }; | |
59 | socketsDir = lib.mkOption { | |
60 | type = lib.types.path; | |
61 | default = "/run/${name}"; | |
62 | description = '' | |
63 | The directory where Etherpad lite stores its sockets. | |
64 | ''; | |
65 | }; | |
66 | configFile = lib.mkOption { | |
67 | type = lib.types.path; | |
68 | description = '' | |
69 | The config file path for Etherpad lite. | |
70 | ''; | |
71 | }; | |
72 | sessionKeyFile = lib.mkOption { | |
73 | type = lib.types.path; | |
74 | description = '' | |
75 | The Session key file path for Etherpad lite. | |
76 | ''; | |
77 | }; | |
78 | apiKeyFile = lib.mkOption { | |
79 | type = lib.types.path; | |
80 | description = '' | |
81 | The API key file path for Etherpad lite. | |
82 | ''; | |
83 | }; | |
84 | package = lib.mkOption { | |
85 | type = lib.types.package; | |
86 | default = pkgs.etherpad-lite; | |
87 | description = '' | |
88 | Etherpad lite package to use. | |
89 | ''; | |
90 | example = lib.literalExample '' | |
91 | pkgs.webapps.etherpad-lite.withModules (p: [ p.ep_align ]); | |
92 | ''; | |
93 | }; | |
94 | modules = lib.mkOption { | |
95 | type = lib.types.listOf lib.types.package; | |
96 | default = []; | |
97 | description = '' | |
98 | Etherpad lite modules to use. | |
99 | DEPRECATED: use package directly | |
100 | ''; | |
101 | }; | |
102 | # Output variables | |
103 | workdir = lib.mkOption { | |
104 | type = lib.types.package; | |
105 | default = cfg.package.withModules (_: cfg.modules); | |
106 | description = '' | |
107 | Adjusted Etherpad lite package with plugins | |
108 | ''; | |
109 | readOnly = true; | |
110 | }; | |
111 | systemdStateDirectory = lib.mkOption { | |
112 | type = lib.types.str; | |
113 | # Use ReadWritePaths= instead if varDir is outside of /var/lib | |
114 | default = assert lib.strings.hasPrefix "/var/lib/" cfg.dataDir; | |
115 | lib.strings.removePrefix "/var/lib/" cfg.dataDir; | |
116 | description = '' | |
117 | Adjusted Etherpad lite data directory for systemd | |
118 | ''; | |
119 | readOnly = true; | |
120 | }; | |
121 | systemdRuntimeDirectory = lib.mkOption { | |
122 | type = lib.types.str; | |
123 | # Use ReadWritePaths= instead if socketsDir is outside of /run | |
124 | default = assert lib.strings.hasPrefix "/run/" cfg.socketsDir; | |
125 | lib.strings.removePrefix "/run/" cfg.socketsDir; | |
126 | description = '' | |
127 | Adjusted Etherpad lite sockets directory for systemd | |
128 | ''; | |
129 | readOnly = true; | |
130 | }; | |
131 | sockets = lib.mkOption { | |
132 | type = lib.types.attrsOf lib.types.path; | |
133 | default = { | |
134 | node = "${cfg.socketsDir}/etherpad-lite.sock"; | |
135 | }; | |
136 | readOnly = true; | |
137 | description = '' | |
138 | Etherpad lite sockets | |
139 | ''; | |
140 | }; | |
141 | }; | |
142 | ||
143 | config = lib.mkIf cfg.enable { | |
144 | nixpkgs.overlays = [ self.overlay ]; | |
145 | systemd.services.etherpad-lite-cleanup = { | |
146 | description = "Etherpad-lite cleanup old mypads"; | |
147 | after = [ "network.target" "postgresql.service" ]; | |
148 | wants = [ "postgresql.service" ]; | |
149 | ||
150 | environment.NODE_ENV = "production"; | |
151 | environment.HOME = cfg.workdir; | |
152 | ||
153 | path = [ cfg.workdir.nodejs ]; | |
154 | ||
155 | script = '' | |
156 | exec ${cfg.workdir.nodejs}/bin/node ${cfg.workdir}/node_modules/ep_mypads/scripts/mypads-jobqueue-minion.js \ | |
157 | --settings ${cfg.configFile} \ | |
158 | --oneshot | |
159 | ''; | |
160 | ||
161 | serviceConfig = { | |
162 | DynamicUser = true; | |
163 | User = cfg.user; | |
164 | Group = cfg.group; | |
165 | WorkingDirectory = "%T"; | |
166 | PrivateTmp = true; | |
167 | NoNewPrivileges = true; | |
168 | PrivateDevices = true; | |
169 | ProtectHome = true; | |
170 | ProtectControlGroups = true; | |
171 | ProtectKernelModules = true; | |
172 | Type = "oneshot"; | |
173 | }; | |
174 | }; | |
175 | systemd.services.etherpad-lite = { | |
176 | description = "Etherpad-lite"; | |
177 | wantedBy = [ "multi-user.target" ]; | |
178 | after = [ "network.target" "postgresql.service" ]; | |
179 | wants = [ "postgresql.service" ]; | |
180 | ||
181 | environment.NODE_ENV = "production"; | |
182 | environment.HOME = cfg.workdir; | |
183 | ||
184 | path = [ cfg.workdir.nodejs ]; | |
185 | ||
186 | script = '' | |
187 | exec ${cfg.workdir.nodejs}/bin/node ${cfg.workdir}/src/node/server.js \ | |
188 | --sessionkey ${cfg.sessionKeyFile} \ | |
189 | --apikey ${cfg.apiKeyFile} \ | |
190 | --settings ${cfg.configFile} | |
191 | ''; | |
192 | ||
193 | postStart = '' | |
194 | while [ ! -S ${cfg.sockets.node} ]; do | |
195 | sleep 0.5 | |
196 | done | |
197 | chmod a+w ${cfg.sockets.node} | |
198 | ''; | |
199 | serviceConfig = { | |
200 | DynamicUser = true; | |
201 | User = cfg.user; | |
202 | Group = cfg.group; | |
203 | WorkingDirectory = cfg.workdir; | |
204 | PrivateTmp = true; | |
205 | NoNewPrivileges = true; | |
206 | PrivateDevices = true; | |
207 | ProtectHome = true; | |
208 | ProtectControlGroups = true; | |
209 | ProtectKernelModules = true; | |
210 | Restart = "always"; | |
211 | Type = "simple"; | |
212 | TimeoutSec = 60; | |
213 | RuntimeDirectory = cfg.systemdRuntimeDirectory; | |
214 | StateDirectory= cfg.systemdStateDirectory; | |
215 | ExecStartPre = [ | |
216 | "+${pkgs.coreutils}/bin/install -d -m 0755 -o ${cfg.user} -g ${cfg.group} ${cfg.dataDir}/var ${cfg.dataDir}/ep_initialized" | |
217 | "+${pkgs.coreutils}/bin/chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir} ${cfg.configFile} ${cfg.sessionKeyFile} ${cfg.apiKeyFile}" | |
218 | ]; | |
219 | }; | |
220 | }; | |
221 | ||
222 | }; | |
223 | }; | |
224 | }; | |
225 | } | |
226 | ||
227 |