X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fwebapps%2Ffiche.nix;fp=modules%2Fwebapps%2Ffiche.nix;h=9061b2eaae4e628348d97cb06d6bb5e1207d864e;hb=db85e40f318ce354b3a431ec46d573316d88afee;hp=0000000000000000000000000000000000000000;hpb=7315af9f9babd5942cd685f04fff347b996fb522;p=perso%2FImmae%2FConfig%2FNix%2FNUR.git

diff --git a/modules/webapps/fiche.nix b/modules/webapps/fiche.nix
new file mode 100644
index 00000000..9061b2ea
--- /dev/null
+++ b/modules/webapps/fiche.nix
@@ -0,0 +1,53 @@
+{ lib, pkgs, config, ... }:
+let
+  cfg = config.services.fiche;
+in
+{
+  options.services.fiche = {
+    enable = lib.mkEnableOption "Enable fiche’s service";
+    port = lib.mkOption {
+      type = lib.types.port;
+      description = "Port to listen to";
+    };
+    domain = lib.mkOption {
+      type = lib.types.str;
+      description = "Domain";
+    };
+    dataDir = lib.mkOption {
+      type = lib.types.path;
+      default = "/var/lib/fiche";
+      description = "Directory where to place the pastes";
+    };
+    https = lib.mkEnableOption "Use https";
+  };
+
+  config = lib.mkIf cfg.enable {
+    networking.firewall.allowedTCPPorts = [ cfg.port ];
+
+
+    system.activationScripts.fiche = ''
+      mkdir -p /var/lib/fiche
+    '';
+    systemd.services.fiche = {
+      description = "Fiche server";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+
+      script = ''
+        exec ${pkgs.fiche}/bin/fiche -o ${cfg.dataDir} -d ${cfg.domain} ${lib.optionalString cfg.https "-S "} -p ${builtins.toString cfg.port}
+      '';
+
+      serviceConfig = {
+        ExecStartPre = [
+          "+${pkgs.coreutils}/bin/install -m 0755 -o fiche -d /var/lib/fiche"
+        ];
+        DynamicUser = true;
+        User = "fiche";
+        PrivateTmp = true;
+        Restart = "always";
+        WorkingDirectory = cfg.dataDir;
+        ReadWritePaths = cfg.dataDir;
+      };
+    };
+  };
+}