modules/webapps/fiche.nix

   1 { lib, pkgs, config, ... }:
   2 let
   3   cfg = config.services.fiche;
   4 in
   5 {
   6   options.services.fiche = {
   7     enable = lib.mkEnableOption "Enable fiche’s service";
   8     port = lib.mkOption {
   9       type = lib.types.port;
  10       description = "Port to listen to";
  11     };
  12     domain = lib.mkOption {
  13       type = lib.types.str;
  14       description = "Domain";
  15     };
  16     dataDir = lib.mkOption {
  17       type = lib.types.path;
  18       default = "/var/lib/fiche";
  19       description = "Directory where to place the pastes";
  20     };
  21     https = lib.mkEnableOption "Use https";
  22   };
  23
  24   config = lib.mkIf cfg.enable {
  25     networking.firewall.allowedTCPPorts = [ cfg.port ];
  26
  27
  28     system.activationScripts.fiche = ''
  29       mkdir -p /var/lib/fiche
  30     '';
  31     systemd.services.fiche = {
  32       description = "Fiche server";
  33       wantedBy = [ "multi-user.target" ];
  34       after = [ "network.target" ];
  35
  36       script = ''
  37         exec ${pkgs.fiche}/bin/fiche -o ${cfg.dataDir} -d ${cfg.domain} ${lib.optionalString cfg.https "-S "} -p ${builtins.toString cfg.port}
  38       '';
  39
  40       serviceConfig = {
  41         ExecStartPre = [
  42           "+${pkgs.coreutils}/bin/install -m 0755 -o fiche -d /var/lib/fiche"
  43         ];
  44         DynamicUser = true;
  45         User = "fiche";
  46         PrivateTmp = true;
  47         Restart = "always";
  48         WorkingDirectory = cfg.dataDir;
  49         ReadWritePaths = cfg.dataDir;
  50       };
  51     };
  52   };
  53 }