1 { lib, pkgs, config, ... }:
3 name = "etherpad-lite";
4 cfg = config.services.etherpad-lite;
6 uid = config.ids.uids.etherpad-lite;
7 gid = config.ids.gids.etherpad-lite;
10 options.services.etherpad-lite = {
11 enable = lib.mkEnableOption "Enable Etherpad lite’s service";
15 description = "User account under which Etherpad lite runs";
17 group = lib.mkOption {
20 description = "Group under which Etherpad lite runs";
22 dataDir = lib.mkOption {
23 type = lib.types.path;
24 default = "/var/lib/${name}";
26 The directory where Etherpad lite stores its data.
29 configFile = lib.mkOption {
30 type = lib.types.path;
32 The config file path for Etherpad lite.
35 sessionKeyFile = lib.mkOption {
36 type = lib.types.path;
38 The Session key file path for Etherpad lite.
41 apiKeyFile = lib.mkOption {
42 type = lib.types.path;
44 The API key file path for Etherpad lite.
47 package = lib.mkOption {
48 type = lib.types.package;
49 default = pkgs.webapps.etherpad-lite;
51 Etherpad lite package to use.
54 modules = lib.mkOption {
55 type = lib.types.listOf lib.types.package;
58 Etherpad lite modules to use.
62 workdir = lib.mkOption {
63 type = lib.types.package;
64 default = cfg.package.withModules cfg.modules;
66 Adjusted Etherpad lite package with plugins
70 systemdStateDirectory = lib.mkOption {
72 # Use ReadWritePaths= instead if varDir is outside of /var/lib
73 default = assert lib.strings.hasPrefix "/var/lib/" cfg.dataDir;
74 lib.strings.removePrefix "/var/lib/" cfg.dataDir;
76 Adjusted Etherpad lite data directory for systemd
82 config = lib.mkIf cfg.enable {
83 systemd.services.etherpad-lite = {
84 description = "Etherpad-lite";
85 wantedBy = [ "multi-user.target" ];
86 after = [ "network.target" "postgresql.service" ];
87 wants = [ "postgresql.service" ];
89 environment.NODE_ENV = "production";
90 environment.HOME = cfg.workdir;
92 path = [ pkgs.nodejs ];
95 exec ${pkgs.nodejs}/bin/node ${cfg.workdir}/src/node/server.js \
96 --sessionkey ${cfg.sessionKeyFile} \
97 --apikey ${cfg.apiKeyFile} \
98 --settings ${cfg.configFile}
105 WorkingDirectory = cfg.workdir;
107 NoNewPrivileges = true;
108 PrivateDevices = true;
110 ProtectControlGroups = true;
111 ProtectKernelModules = true;
115 StateDirectory= cfg.systemdStateDirectory;
117 "+${pkgs.coreutils}/bin/install -d -m 0755 -o ${cfg.user} -g ${cfg.group} ${cfg.dataDir}/ep_initialized"
118 "+${pkgs.coreutils}/bin/chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir} ${cfg.configFile} ${cfg.sessionKeyFile} ${cfg.apiKeyFile}"