]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - modules/webapps/etherpad-lite.nix
projects / perso / Immae / Config / Nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Move etherpad-lite module outside of nixops
[perso/Immae/Config/Nix.git] / modules / webapps / etherpad-lite.nix
1 { lib, pkgs, config, ... }:
2 let
3 name = "etherpad-lite";
4 cfg = config.services.etherpad-lite;
5
6 uid = config.ids.uids.etherpad-lite;
7 gid = config.ids.gids.etherpad-lite;
8 in
9 {
10 options.services.etherpad-lite = {
11 enable = lib.mkEnableOption "Enable Etherpad lite’s service";
12 user = lib.mkOption {
13 type = lib.types.str;
14 default = name;
15 description = "User account under which Etherpad lite runs";
16 };
17 group = lib.mkOption {
18 type = lib.types.str;
19 default = name;
20 description = "Group under which Etherpad lite runs";
21 };
22 dataDir = lib.mkOption {
23 type = lib.types.path;
24 default = "/var/lib/${name}";
25 description = ''
26 The directory where Etherpad lite stores its data.
27 '';
28 };
29 configFile = lib.mkOption {
30 type = lib.types.path;
31 description = ''
32 The config file path for Etherpad lite.
33 '';
34 };
35 sessionKeyFile = lib.mkOption {
36 type = lib.types.path;
37 description = ''
38 The Session key file path for Etherpad lite.
39 '';
40 };
41 apiKeyFile = lib.mkOption {
42 type = lib.types.path;
43 description = ''
44 The API key file path for Etherpad lite.
45 '';
46 };
47 package = lib.mkOption {
48 type = lib.types.package;
49 default = pkgs.webapps.etherpad-lite;
50 description = ''
51 Etherpad lite package to use.
52 '';
53 };
54 modules = lib.mkOption {
55 type = lib.types.listOf lib.types.package;
56 default = [];
57 description = ''
58 Etherpad lite modules to use.
59 '';
60 };
61 # Output variables
62 workdir = lib.mkOption {
63 type = lib.types.package;
64 default = cfg.package.withModules cfg.modules;
65 description = ''
66 Adjusted Etherpad lite package with plugins
67 '';
68 readOnly = true;
69 };
70 systemdStateDirectory = lib.mkOption {
71 type = lib.types.str;
72 # Use ReadWritePaths= instead if varDir is outside of /var/lib
73 default = assert lib.strings.hasPrefix "/var/lib/" cfg.dataDir;
74 lib.strings.removePrefix "/var/lib/" cfg.dataDir;
75 description = ''
76 Adjusted Etherpad lite data directory for systemd
77 '';
78 readOnly = true;
79 };
80 };
81
82 config = lib.mkIf cfg.enable {
83 systemd.services.etherpad-lite = {
84 description = "Etherpad-lite";
85 wantedBy = [ "multi-user.target" ];
86 after = [ "network.target" "postgresql.service" ];
87 wants = [ "postgresql.service" ];
88
89 environment.NODE_ENV = "production";
90 environment.HOME = cfg.workdir;
91
92 path = [ pkgs.nodejs ];
93
94 script = ''
95 exec ${pkgs.nodejs}/bin/node ${cfg.workdir}/src/node/server.js \
96 --sessionkey ${cfg.sessionKeyFile} \
97 --apikey ${cfg.apiKeyFile} \
98 --settings ${cfg.configFile}
99 '';
100
101 serviceConfig = {
102 DynamicUser = true;
103 User = cfg.user;
104 Group = cfg.group;
105 WorkingDirectory = cfg.workdir;
106 PrivateTmp = true;
107 NoNewPrivileges = true;
108 PrivateDevices = true;
109 ProtectHome = true;
110 ProtectControlGroups = true;
111 ProtectKernelModules = true;
112 Restart = "always";
113 Type = "simple";
114 TimeoutSec = 60;
115 StateDirectory= cfg.systemdStateDirectory;
116 ExecStartPre = [
117 "+${pkgs.coreutils}/bin/install -d -m 0755 -o ${cfg.user} -g ${cfg.group} ${cfg.dataDir}/ep_initialized"
118 "+${pkgs.coreutils}/bin/chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir} ${cfg.configFile} ${cfg.sessionKeyFile} ${cfg.apiKeyFile}"
119 ];
120 };
121 };
122
123 };
124 }
My infrastructure configuration