Add fiche module (a program to submit paste from command line)

[perso/Immae/Config/Nix/NUR.git] / modules / webapps / fiche.nix

diff --git a/modules/webapps/fiche.nix b/modules/webapps/fiche.nix
new file mode 100644 (file)
index 0000000..9061b2e
--- /dev/null
+++ b/modules/webapps/fiche.nix
@@ -0,0 +1,53 @@
+{ lib, pkgs, config, ... }:
+let
+  cfg = config.services.fiche;
+in
+{
+  options.services.fiche = {
+    enable = lib.mkEnableOption "Enable fiche’s service";
+    port = lib.mkOption {
+      type = lib.types.port;
+      description = "Port to listen to";
+    };
+    domain = lib.mkOption {
+      type = lib.types.str;
+      description = "Domain";
+    };
+    dataDir = lib.mkOption {
+      type = lib.types.path;
+      default = "/var/lib/fiche";
+      description = "Directory where to place the pastes";
+    };
+    https = lib.mkEnableOption "Use https";
+  };
+
+  config = lib.mkIf cfg.enable {
+    networking.firewall.allowedTCPPorts = [ cfg.port ];
+
+
+    system.activationScripts.fiche = ''
+      mkdir -p /var/lib/fiche
+    '';
+    systemd.services.fiche = {
+      description = "Fiche server";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+
+      script = ''
+        exec ${pkgs.fiche}/bin/fiche -o ${cfg.dataDir} -d ${cfg.domain} ${lib.optionalString cfg.https "-S "} -p ${builtins.toString cfg.port}
+      '';
+
+      serviceConfig = {
+        ExecStartPre = [
+          "+${pkgs.coreutils}/bin/install -m 0755 -o fiche -d /var/lib/fiche"
+        ];
+        DynamicUser = true;
+        User = "fiche";
+        PrivateTmp = true;
+        Restart = "always";
+        WorkingDirectory = cfg.dataDir;
+        ReadWritePaths = cfg.dataDir;
+      };
+    };
+  };
+}