Move etherpad-lite module outside of nixops

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-05-10 19:59:29 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-05-10 19:59:29 +0200
commit: 742c28ad92467859fb7f54c4b8b4d09d9864a75e (patch)
tree: 165f4ece0a86c8bd437ffc6cc7b1caa7da0987ae /modules
parent: 7009832ab635a664e26c73cdc0ca0f8689a57774 (diff)
download: Nix-742c28ad92467859fb7f54c4b8b4d09d9864a75e.tar.gz
Nix-742c28ad92467859fb7f54c4b8b4d09d9864a75e.tar.zst
Nix-742c28ad92467859fb7f54c4b8b4d09d9864a75e.zip
2 files changed, 125 insertions, 0 deletions
diff --git a/modules/default.nix b/modules/default.nix
index 20386af..c920a51 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -3,6 +3,7 @@
  secrets = ./secrets.nix;
  diaspora = ./webapps/diaspora.nix;
+  etherpad-lite = ./webapps/etherpad-lite.nix;
  mastodon = ./webapps/mastodon.nix;
  mediagoblin = ./webapps/mediagoblin.nix;
  peertube = ./webapps/peertube.nix;
diff --git a/modules/webapps/etherpad-lite.nix b/modules/webapps/etherpad-lite.nix
new file mode 100644
index 0000000..3e951c5
--- /dev/null
+++ b/modules/webapps/etherpad-lite.nix
@@ -0,0 +1,124 @@
+{ lib, pkgs, config, ... }:
+let
+  name = "etherpad-lite";
+  cfg = config.services.etherpad-lite;
+  uid = config.ids.uids.etherpad-lite;
+  gid = config.ids.gids.etherpad-lite;
+in
+{
+  options.services.etherpad-lite = {
+    enable = lib.mkEnableOption "Enable Etherpad lite’s service";
+    user = lib.mkOption {
+      type = lib.types.str;
+      default = name;
+      description = "User account under which Etherpad lite runs";
+    };
+    group = lib.mkOption {
+      type = lib.types.str;
+      default = name;
+      description = "Group under which Etherpad lite runs";
+    };
+    dataDir = lib.mkOption {
+      type = lib.types.path;
+      default = "/var/lib/${name}";
+      description = ''
+        The directory where Etherpad lite stores its data.
+      '';
+    };
+    configFile = lib.mkOption {
+      type = lib.types.path;
+      description = ''
+        The config file path for Etherpad lite.
+        '';
+    };
+    sessionKeyFile = lib.mkOption {
+      type = lib.types.path;
+      description = ''
+        The Session key file path for Etherpad lite.
+        '';
+    };
+    apiKeyFile = lib.mkOption {
+      type = lib.types.path;
+      description = ''
+        The API key file path for Etherpad lite.
+        '';
+    };
+    package = lib.mkOption {
+      type = lib.types.package;
+      default = pkgs.webapps.etherpad-lite;
+      description = ''
+        Etherpad lite package to use.
+        '';
+    };
+    modules = lib.mkOption {
+      type = lib.types.listOf lib.types.package;
+      default = [];
+      description = ''
+        Etherpad lite modules to use.
+        '';
+    };
+    # Output variables
+    workdir = lib.mkOption {
+      type = lib.types.package;
+      default = cfg.package.withModules cfg.modules;
+      description = ''
+      Adjusted Etherpad lite package with plugins
+      '';
+      readOnly = true;
+    };
+    systemdStateDirectory = lib.mkOption {
+      type = lib.types.str;
+      # Use ReadWritePaths= instead if varDir is outside of /var/lib
+      default = assert lib.strings.hasPrefix "/var/lib/" cfg.dataDir;
+        lib.strings.removePrefix "/var/lib/" cfg.dataDir;
+      description = ''
+      Adjusted Etherpad lite data directory for systemd
+      '';
+      readOnly = true;
+    };
+  };
+  config = lib.mkIf cfg.enable {
+    systemd.services.etherpad-lite = {
+      description = "Etherpad-lite";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" "postgresql.service" ];
+      wants = [ "postgresql.service" ];
+      environment.NODE_ENV = "production";
+      environment.HOME = cfg.workdir;
+      path = [ pkgs.nodejs ];
+      script = ''
+        exec ${pkgs.nodejs}/bin/node ${cfg.workdir}/src/node/server.js \
+          --sessionkey ${cfg.sessionKeyFile} \
+          --apikey ${cfg.apiKeyFile} \
+          --settings ${cfg.configFile}
+      '';
+      serviceConfig = {
+        DynamicUser = true;
+        User = cfg.user;
+        Group = cfg.group;
+        WorkingDirectory = cfg.workdir;
+        PrivateTmp = true;
+        NoNewPrivileges = true;
+        PrivateDevices = true;
+        ProtectHome = true;
+        ProtectControlGroups = true;
+        ProtectKernelModules = true;
+        Restart = "always";
+        Type = "simple";
+        TimeoutSec = 60;
+        StateDirectory= cfg.systemdStateDirectory;
+        ExecStartPre = [
+          "+${pkgs.coreutils}/bin/install -d -m 0755 -o ${cfg.user} -g ${cfg.group} ${cfg.dataDir}/ep_initialized"
+          "+${pkgs.coreutils}/bin/chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir} ${cfg.configFile} ${cfg.sessionKeyFile} ${cfg.apiKeyFile}"
+        ];
+      };
+    };
+  };
+}
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-05-10 19:59:29 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-05-10 19:59:29 +0200
commit	742c28ad92467859fb7f54c4b8b4d09d9864a75e (patch)
tree	165f4ece0a86c8bd437ffc6cc7b1caa7da0987ae /modules
parent	7009832ab635a664e26c73cdc0ca0f8689a57774 (diff)
download	Nix-742c28ad92467859fb7f54c4b8b4d09d9864a75e.tar.gz Nix-742c28ad92467859fb7f54c4b8b4d09d9864a75e.tar.zst Nix-742c28ad92467859fb7f54c4b8b4d09d9864a75e.zip

diff --git a/modules/default.nix b/modules/default.nix index 20386af..c920a51 100644 --- a/modules/default.nix +++ b/modules/default.nix
@@ -3,6 +3,7 @@
3	secrets = ./secrets.nix;	3	secrets = ./secrets.nix;
4		4
5	diaspora = ./webapps/diaspora.nix;	5	diaspora = ./webapps/diaspora.nix;
		6	etherpad-lite = ./webapps/etherpad-lite.nix;
6	mastodon = ./webapps/mastodon.nix;	7	mastodon = ./webapps/mastodon.nix;
7	mediagoblin = ./webapps/mediagoblin.nix;	8	mediagoblin = ./webapps/mediagoblin.nix;
8	peertube = ./webapps/peertube.nix;	9	peertube = ./webapps/peertube.nix;


diff --git a/modules/webapps/etherpad-lite.nix b/modules/webapps/etherpad-lite.nix new file mode 100644 index 0000000..3e951c5 --- /dev/null +++ b/modules/webapps/etherpad-lite.nix
@@ -0,0 +1,124 @@
		1	{ lib, pkgs, config, ... }:
		2	let
		3	name = "etherpad-lite";
		4	cfg = config.services.etherpad-lite;
		5
		6	uid = config.ids.uids.etherpad-lite;
		7	gid = config.ids.gids.etherpad-lite;
		8	in
		9	{
		10	options.services.etherpad-lite = {
		11	enable = lib.mkEnableOption "Enable Etherpad lite’s service";
		12	user = lib.mkOption {
		13	type = lib.types.str;
		14	default = name;
		15	description = "User account under which Etherpad lite runs";
		16	};
		17	group = lib.mkOption {
		18	type = lib.types.str;
		19	default = name;
		20	description = "Group under which Etherpad lite runs";
		21	};
		22	dataDir = lib.mkOption {
		23	type = lib.types.path;
		24	default = "/var/lib/${name}";
		25	description = ''
		26	The directory where Etherpad lite stores its data.
		27	'';
		28	};
		29	configFile = lib.mkOption {
		30	type = lib.types.path;
		31	description = ''
		32	The config file path for Etherpad lite.
		33	'';
		34	};
		35	sessionKeyFile = lib.mkOption {
		36	type = lib.types.path;
		37	description = ''
		38	The Session key file path for Etherpad lite.
		39	'';
		40	};
		41	apiKeyFile = lib.mkOption {
		42	type = lib.types.path;
		43	description = ''
		44	The API key file path for Etherpad lite.
		45	'';
		46	};
		47	package = lib.mkOption {
		48	type = lib.types.package;
		49	default = pkgs.webapps.etherpad-lite;
		50	description = ''
		51	Etherpad lite package to use.
		52	'';
		53	};
		54	modules = lib.mkOption {
		55	type = lib.types.listOf lib.types.package;
		56	default = [];
		57	description = ''
		58	Etherpad lite modules to use.
		59	'';
		60	};
		61	# Output variables
		62	workdir = lib.mkOption {
		63	type = lib.types.package;
		64	default = cfg.package.withModules cfg.modules;
		65	description = ''
		66	Adjusted Etherpad lite package with plugins
		67	'';
		68	readOnly = true;
		69	};
		70	systemdStateDirectory = lib.mkOption {
		71	type = lib.types.str;
		72	# Use ReadWritePaths= instead if varDir is outside of /var/lib
		73	default = assert lib.strings.hasPrefix "/var/lib/" cfg.dataDir;
		74	lib.strings.removePrefix "/var/lib/" cfg.dataDir;
		75	description = ''
		76	Adjusted Etherpad lite data directory for systemd
		77	'';
		78	readOnly = true;
		79	};
		80	};
		81
		82	config = lib.mkIf cfg.enable {
		83	systemd.services.etherpad-lite = {
		84	description = "Etherpad-lite";
		85	wantedBy = [ "multi-user.target" ];
		86	after = [ "network.target" "postgresql.service" ];
		87	wants = [ "postgresql.service" ];
		88
		89	environment.NODE_ENV = "production";
		90	environment.HOME = cfg.workdir;
		91
		92	path = [ pkgs.nodejs ];
		93
		94	script = ''
		95	exec ${pkgs.nodejs}/bin/node ${cfg.workdir}/src/node/server.js \
		96	--sessionkey ${cfg.sessionKeyFile} \
		97	--apikey ${cfg.apiKeyFile} \
		98	--settings ${cfg.configFile}
		99	'';
		100
		101	serviceConfig = {
		102	DynamicUser = true;
		103	User = cfg.user;
		104	Group = cfg.group;
		105	WorkingDirectory = cfg.workdir;
		106	PrivateTmp = true;
		107	NoNewPrivileges = true;
		108	PrivateDevices = true;
		109	ProtectHome = true;
		110	ProtectControlGroups = true;
		111	ProtectKernelModules = true;
		112	Restart = "always";
		113	Type = "simple";
		114	TimeoutSec = 60;
		115	StateDirectory= cfg.systemdStateDirectory;
		116	ExecStartPre = [
		117	"+${pkgs.coreutils}/bin/install -d -m 0755 -o ${cfg.user} -g ${cfg.group} ${cfg.dataDir}/ep_initialized"
		118	"+${pkgs.coreutils}/bin/chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir} ${cfg.configFile} ${cfg.sessionKeyFile} ${cfg.apiKeyFile}"
		119	];
		120	};
		121	};
		122
		123	};
		124	}