]>
Commit | Line | Data |
---|---|---|
bc0f9fcf IB |
1 | { |
2 | description = "Your self-hosted, globally interconnected microblogging community"; | |
3 | inputs.flake-utils.url = "github:numtide/flake-utils"; | |
4 | inputs.nixpkgs = { | |
5 | url = "github:NixOS/nixpkgs/840c782d507d60aaa49aa9e3f6d0b0e780912742"; | |
6 | flake = false; | |
7 | }; | |
8 | inputs.etherpad-lite = { | |
9 | url = "github:ether/etherpad-lite/1.8.3"; | |
10 | flake = false; | |
11 | }; | |
12 | ||
13 | outputs = { self, nixpkgs, etherpad-lite, flake-utils }: flake-utils.lib.eachSystem ["x86_64-linux"] (system: | |
14 | let | |
15 | pkgs = import nixpkgs { inherit system; overlays = []; }; | |
16 | version = (builtins.fromJSON (builtins.readFile ./flake.lock)).nodes.etherpad-lite.original.ref; | |
17 | inherit (pkgs) callPackage; | |
18 | in rec { | |
19 | packages.etherpad-lite = callPackage ./. { src = etherpad-lite // { inherit version; }; }; | |
20 | defaultPackage = packages.etherpad-lite; | |
21 | legacyPackages.etherpad-lite = packages.etherpad-lite; | |
22 | checks = { | |
23 | build = defaultPackage; | |
24 | }; | |
25 | } | |
26 | ) // rec { | |
27 | overlays = { | |
28 | etherpad-lite = final: prev: { | |
29 | etherpad-lite = self.defaultPackage."${final.system}"; | |
30 | }; | |
31 | }; | |
32 | overlay = overlays.etherpad-lite; | |
33 | nixosModule = { lib, pkgs, config, ... }: | |
34 | let | |
35 | name = "etherpad-lite"; | |
36 | cfg = config.services.etherpad-lite; | |
37 | in | |
38 | { | |
39 | options.services.etherpad-lite = { | |
40 | enable = lib.mkEnableOption "Enable Etherpad lite’s service"; | |
41 | user = lib.mkOption { | |
42 | type = lib.types.str; | |
43 | default = name; | |
44 | description = "User account under which Etherpad lite runs"; | |
45 | }; | |
46 | group = lib.mkOption { | |
47 | type = lib.types.str; | |
48 | default = name; | |
49 | description = "Group under which Etherpad lite runs"; | |
50 | }; | |
51 | dataDir = lib.mkOption { | |
52 | type = lib.types.path; | |
53 | default = "/var/lib/${name}"; | |
54 | description = '' | |
55 | The directory where Etherpad lite stores its data. | |
56 | ''; | |
57 | }; | |
58 | socketsDir = lib.mkOption { | |
59 | type = lib.types.path; | |
60 | default = "/run/${name}"; | |
61 | description = '' | |
62 | The directory where Etherpad lite stores its sockets. | |
63 | ''; | |
64 | }; | |
65 | configFile = lib.mkOption { | |
66 | type = lib.types.path; | |
67 | description = '' | |
68 | The config file path for Etherpad lite. | |
69 | ''; | |
70 | }; | |
71 | sessionKeyFile = lib.mkOption { | |
72 | type = lib.types.path; | |
73 | description = '' | |
74 | The Session key file path for Etherpad lite. | |
75 | ''; | |
76 | }; | |
77 | apiKeyFile = lib.mkOption { | |
78 | type = lib.types.path; | |
79 | description = '' | |
80 | The API key file path for Etherpad lite. | |
81 | ''; | |
82 | }; | |
83 | package = lib.mkOption { | |
84 | type = lib.types.package; | |
85 | default = pkgs.etherpad-lite; | |
86 | description = '' | |
87 | Etherpad lite package to use. | |
88 | ''; | |
89 | example = lib.literalExample '' | |
90 | pkgs.webapps.etherpad-lite.withModules (p: [ p.ep_align ]); | |
91 | ''; | |
92 | }; | |
93 | modules = lib.mkOption { | |
94 | type = lib.types.listOf lib.types.package; | |
95 | default = []; | |
96 | description = '' | |
97 | Etherpad lite modules to use. | |
98 | DEPRECATED: use package directly | |
99 | ''; | |
100 | }; | |
101 | # Output variables | |
102 | workdir = lib.mkOption { | |
103 | type = lib.types.package; | |
104 | default = cfg.package.withModules (_: cfg.modules); | |
105 | description = '' | |
106 | Adjusted Etherpad lite package with plugins | |
107 | ''; | |
108 | readOnly = true; | |
109 | }; | |
110 | systemdStateDirectory = lib.mkOption { | |
111 | type = lib.types.str; | |
112 | # Use ReadWritePaths= instead if varDir is outside of /var/lib | |
113 | default = assert lib.strings.hasPrefix "/var/lib/" cfg.dataDir; | |
114 | lib.strings.removePrefix "/var/lib/" cfg.dataDir; | |
115 | description = '' | |
116 | Adjusted Etherpad lite data directory for systemd | |
117 | ''; | |
118 | readOnly = true; | |
119 | }; | |
120 | systemdRuntimeDirectory = lib.mkOption { | |
121 | type = lib.types.str; | |
122 | # Use ReadWritePaths= instead if socketsDir is outside of /run | |
123 | default = assert lib.strings.hasPrefix "/run/" cfg.socketsDir; | |
124 | lib.strings.removePrefix "/run/" cfg.socketsDir; | |
125 | description = '' | |
126 | Adjusted Etherpad lite sockets directory for systemd | |
127 | ''; | |
128 | readOnly = true; | |
129 | }; | |
130 | sockets = lib.mkOption { | |
131 | type = lib.types.attrsOf lib.types.path; | |
132 | default = { | |
133 | node = "${cfg.socketsDir}/etherpad-lite.sock"; | |
134 | }; | |
135 | readOnly = true; | |
136 | description = '' | |
137 | Etherpad lite sockets | |
138 | ''; | |
139 | }; | |
140 | }; | |
141 | ||
142 | config = lib.mkIf cfg.enable { | |
143 | nixpkgs.overlays = [ self.overlay ]; | |
144 | systemd.services.etherpad-lite = { | |
145 | description = "Etherpad-lite"; | |
146 | wantedBy = [ "multi-user.target" ]; | |
147 | after = [ "network.target" "postgresql.service" ]; | |
148 | wants = [ "postgresql.service" ]; | |
149 | ||
150 | environment.NODE_ENV = "production"; | |
151 | environment.HOME = cfg.workdir; | |
152 | ||
153 | path = [ cfg.workdir.nodejs ]; | |
154 | ||
155 | script = '' | |
156 | exec ${cfg.workdir.nodejs}/bin/node ${cfg.workdir}/src/node/server.js \ | |
157 | --sessionkey ${cfg.sessionKeyFile} \ | |
158 | --apikey ${cfg.apiKeyFile} \ | |
159 | --settings ${cfg.configFile} | |
160 | ''; | |
161 | ||
162 | postStart = '' | |
163 | while [ ! -S ${cfg.sockets.node} ]; do | |
164 | sleep 0.5 | |
165 | done | |
166 | chmod a+w ${cfg.sockets.node} | |
167 | ''; | |
168 | serviceConfig = { | |
169 | DynamicUser = true; | |
170 | User = cfg.user; | |
171 | Group = cfg.group; | |
172 | WorkingDirectory = cfg.workdir; | |
173 | PrivateTmp = true; | |
174 | NoNewPrivileges = true; | |
175 | PrivateDevices = true; | |
176 | ProtectHome = true; | |
177 | ProtectControlGroups = true; | |
178 | ProtectKernelModules = true; | |
179 | Restart = "always"; | |
180 | Type = "simple"; | |
181 | TimeoutSec = 60; | |
182 | RuntimeDirectory = cfg.systemdRuntimeDirectory; | |
183 | StateDirectory= cfg.systemdStateDirectory; | |
184 | ExecStartPre = [ | |
185 | "+${pkgs.coreutils}/bin/install -d -m 0755 -o ${cfg.user} -g ${cfg.group} ${cfg.dataDir}/ep_initialized" | |
186 | "+${pkgs.coreutils}/bin/chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir} ${cfg.configFile} ${cfg.sessionKeyFile} ${cfg.apiKeyFile}" | |
187 | ]; | |
188 | }; | |
189 | }; | |
190 | ||
191 | }; | |
192 | }; | |
193 | }; | |
194 | } | |
195 | ||
196 |