]>
Commit | Line | Data |
---|---|---|
742c28ad IB |
1 | { lib, pkgs, config, ... }: |
2 | let | |
3 | name = "etherpad-lite"; | |
4 | cfg = config.services.etherpad-lite; | |
5 | ||
6 | uid = config.ids.uids.etherpad-lite; | |
7 | gid = config.ids.gids.etherpad-lite; | |
8 | in | |
9 | { | |
10 | options.services.etherpad-lite = { | |
11 | enable = lib.mkEnableOption "Enable Etherpad lite’s service"; | |
12 | user = lib.mkOption { | |
13 | type = lib.types.str; | |
14 | default = name; | |
15 | description = "User account under which Etherpad lite runs"; | |
16 | }; | |
17 | group = lib.mkOption { | |
18 | type = lib.types.str; | |
19 | default = name; | |
20 | description = "Group under which Etherpad lite runs"; | |
21 | }; | |
22 | dataDir = lib.mkOption { | |
23 | type = lib.types.path; | |
24 | default = "/var/lib/${name}"; | |
25 | description = '' | |
26 | The directory where Etherpad lite stores its data. | |
27 | ''; | |
28 | }; | |
5af8d43b IB |
29 | socketsDir = lib.mkOption { |
30 | type = lib.types.path; | |
31 | default = "/run/${name}"; | |
32 | description = '' | |
33 | The directory where Etherpad lite stores its sockets. | |
34 | ''; | |
35 | }; | |
742c28ad IB |
36 | configFile = lib.mkOption { |
37 | type = lib.types.path; | |
38 | description = '' | |
39 | The config file path for Etherpad lite. | |
40 | ''; | |
41 | }; | |
42 | sessionKeyFile = lib.mkOption { | |
43 | type = lib.types.path; | |
44 | description = '' | |
45 | The Session key file path for Etherpad lite. | |
46 | ''; | |
47 | }; | |
48 | apiKeyFile = lib.mkOption { | |
49 | type = lib.types.path; | |
50 | description = '' | |
51 | The API key file path for Etherpad lite. | |
52 | ''; | |
53 | }; | |
54 | package = lib.mkOption { | |
55 | type = lib.types.package; | |
56 | default = pkgs.webapps.etherpad-lite; | |
57 | description = '' | |
58 | Etherpad lite package to use. | |
59 | ''; | |
4b0a82cc IB |
60 | example = lib.literalExample '' |
61 | pkgs.webapps.etherpad-lite.withModules (p: [ p.ep_align ]); | |
62 | ''; | |
742c28ad IB |
63 | }; |
64 | modules = lib.mkOption { | |
65 | type = lib.types.listOf lib.types.package; | |
66 | default = []; | |
67 | description = '' | |
68 | Etherpad lite modules to use. | |
4b0a82cc | 69 | DEPRECATED: use package directly |
742c28ad IB |
70 | ''; |
71 | }; | |
72 | # Output variables | |
73 | workdir = lib.mkOption { | |
74 | type = lib.types.package; | |
4b0a82cc | 75 | default = cfg.package.withModules (_: cfg.modules); |
742c28ad IB |
76 | description = '' |
77 | Adjusted Etherpad lite package with plugins | |
78 | ''; | |
79 | readOnly = true; | |
80 | }; | |
81 | systemdStateDirectory = lib.mkOption { | |
82 | type = lib.types.str; | |
83 | # Use ReadWritePaths= instead if varDir is outside of /var/lib | |
84 | default = assert lib.strings.hasPrefix "/var/lib/" cfg.dataDir; | |
85 | lib.strings.removePrefix "/var/lib/" cfg.dataDir; | |
86 | description = '' | |
87 | Adjusted Etherpad lite data directory for systemd | |
88 | ''; | |
89 | readOnly = true; | |
90 | }; | |
5af8d43b IB |
91 | systemdRuntimeDirectory = lib.mkOption { |
92 | type = lib.types.str; | |
93 | # Use ReadWritePaths= instead if socketsDir is outside of /run | |
94 | default = assert lib.strings.hasPrefix "/run/" cfg.socketsDir; | |
95 | lib.strings.removePrefix "/run/" cfg.socketsDir; | |
96 | description = '' | |
97 | Adjusted Etherpad lite sockets directory for systemd | |
98 | ''; | |
99 | readOnly = true; | |
100 | }; | |
101 | sockets = lib.mkOption { | |
102 | type = lib.types.attrsOf lib.types.path; | |
103 | default = { | |
104 | node = "${cfg.socketsDir}/etherpad-lite.sock"; | |
105 | }; | |
106 | readOnly = true; | |
107 | description = '' | |
108 | Etherpad lite sockets | |
109 | ''; | |
110 | }; | |
742c28ad IB |
111 | }; |
112 | ||
113 | config = lib.mkIf cfg.enable { | |
114 | systemd.services.etherpad-lite = { | |
115 | description = "Etherpad-lite"; | |
116 | wantedBy = [ "multi-user.target" ]; | |
117 | after = [ "network.target" "postgresql.service" ]; | |
118 | wants = [ "postgresql.service" ]; | |
119 | ||
120 | environment.NODE_ENV = "production"; | |
121 | environment.HOME = cfg.workdir; | |
122 | ||
123 | path = [ pkgs.nodejs ]; | |
124 | ||
125 | script = '' | |
126 | exec ${pkgs.nodejs}/bin/node ${cfg.workdir}/src/node/server.js \ | |
127 | --sessionkey ${cfg.sessionKeyFile} \ | |
128 | --apikey ${cfg.apiKeyFile} \ | |
129 | --settings ${cfg.configFile} | |
130 | ''; | |
131 | ||
5af8d43b IB |
132 | postStart = '' |
133 | while [ ! -S ${cfg.sockets.node} ]; do | |
134 | sleep 0.5 | |
135 | done | |
136 | chmod a+w ${cfg.sockets.node} | |
137 | ''; | |
742c28ad IB |
138 | serviceConfig = { |
139 | DynamicUser = true; | |
140 | User = cfg.user; | |
141 | Group = cfg.group; | |
142 | WorkingDirectory = cfg.workdir; | |
143 | PrivateTmp = true; | |
144 | NoNewPrivileges = true; | |
145 | PrivateDevices = true; | |
146 | ProtectHome = true; | |
147 | ProtectControlGroups = true; | |
148 | ProtectKernelModules = true; | |
149 | Restart = "always"; | |
150 | Type = "simple"; | |
151 | TimeoutSec = 60; | |
5af8d43b | 152 | RuntimeDirectory = cfg.systemdRuntimeDirectory; |
742c28ad IB |
153 | StateDirectory= cfg.systemdStateDirectory; |
154 | ExecStartPre = [ | |
155 | "+${pkgs.coreutils}/bin/install -d -m 0755 -o ${cfg.user} -g ${cfg.group} ${cfg.dataDir}/ep_initialized" | |
156 | "+${pkgs.coreutils}/bin/chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir} ${cfg.configFile} ${cfg.sessionKeyFile} ${cfg.apiKeyFile}" | |
157 | ]; | |
158 | }; | |
159 | }; | |
160 | ||
161 | }; | |
162 | } |