summaryrefslogtreecommitdiff
path: root/modules/webapps/etherpad-lite.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/webapps/etherpad-lite.nix')
-rw-r--r--modules/webapps/etherpad-lite.nix158
1 files changed, 158 insertions, 0 deletions
diff --git a/modules/webapps/etherpad-lite.nix b/modules/webapps/etherpad-lite.nix
new file mode 100644
index 00000000..7f0e2ed4
--- /dev/null
+++ b/modules/webapps/etherpad-lite.nix
@@ -0,0 +1,158 @@
1{ lib, pkgs, config, ... }:
2let
3 name = "etherpad-lite";
4 cfg = config.services.etherpad-lite;
5
6 uid = config.ids.uids.etherpad-lite;
7 gid = config.ids.gids.etherpad-lite;
8in
9{
10 options.services.etherpad-lite = {
11 enable = lib.mkEnableOption "Enable Etherpad lite’s service";
12 user = lib.mkOption {
13 type = lib.types.str;
14 default = name;
15 description = "User account under which Etherpad lite runs";
16 };
17 group = lib.mkOption {
18 type = lib.types.str;
19 default = name;
20 description = "Group under which Etherpad lite runs";
21 };
22 dataDir = lib.mkOption {
23 type = lib.types.path;
24 default = "/var/lib/${name}";
25 description = ''
26 The directory where Etherpad lite stores its data.
27 '';
28 };
29 socketsDir = lib.mkOption {
30 type = lib.types.path;
31 default = "/run/${name}";
32 description = ''
33 The directory where Etherpad lite stores its sockets.
34 '';
35 };
36 configFile = lib.mkOption {
37 type = lib.types.path;
38 description = ''
39 The config file path for Etherpad lite.
40 '';
41 };
42 sessionKeyFile = lib.mkOption {
43 type = lib.types.path;
44 description = ''
45 The Session key file path for Etherpad lite.
46 '';
47 };
48 apiKeyFile = lib.mkOption {
49 type = lib.types.path;
50 description = ''
51 The API key file path for Etherpad lite.
52 '';
53 };
54 package = lib.mkOption {
55 type = lib.types.package;
56 default = pkgs.webapps.etherpad-lite;
57 description = ''
58 Etherpad lite package to use.
59 '';
60 };
61 modules = lib.mkOption {
62 type = lib.types.listOf lib.types.package;
63 default = [];
64 description = ''
65 Etherpad lite modules to use.
66 '';
67 };
68 # Output variables
69 workdir = lib.mkOption {
70 type = lib.types.package;
71 default = cfg.package.withModules cfg.modules;
72 description = ''
73 Adjusted Etherpad lite package with plugins
74 '';
75 readOnly = true;
76 };
77 systemdStateDirectory = lib.mkOption {
78 type = lib.types.str;
79 # Use ReadWritePaths= instead if varDir is outside of /var/lib
80 default = assert lib.strings.hasPrefix "/var/lib/" cfg.dataDir;
81 lib.strings.removePrefix "/var/lib/" cfg.dataDir;
82 description = ''
83 Adjusted Etherpad lite data directory for systemd
84 '';
85 readOnly = true;
86 };
87 systemdRuntimeDirectory = lib.mkOption {
88 type = lib.types.str;
89 # Use ReadWritePaths= instead if socketsDir is outside of /run
90 default = assert lib.strings.hasPrefix "/run/" cfg.socketsDir;
91 lib.strings.removePrefix "/run/" cfg.socketsDir;
92 description = ''
93 Adjusted Etherpad lite sockets directory for systemd
94 '';
95 readOnly = true;
96 };
97 sockets = lib.mkOption {
98 type = lib.types.attrsOf lib.types.path;
99 default = {
100 node = "${cfg.socketsDir}/etherpad-lite.sock";
101 };
102 readOnly = true;
103 description = ''
104 Etherpad lite sockets
105 '';
106 };
107 };
108
109 config = lib.mkIf cfg.enable {
110 systemd.services.etherpad-lite = {
111 description = "Etherpad-lite";
112 wantedBy = [ "multi-user.target" ];
113 after = [ "network.target" "postgresql.service" ];
114 wants = [ "postgresql.service" ];
115
116 environment.NODE_ENV = "production";
117 environment.HOME = cfg.workdir;
118
119 path = [ pkgs.nodejs ];
120
121 script = ''
122 exec ${pkgs.nodejs}/bin/node ${cfg.workdir}/src/node/server.js \
123 --sessionkey ${cfg.sessionKeyFile} \
124 --apikey ${cfg.apiKeyFile} \
125 --settings ${cfg.configFile}
126 '';
127
128 postStart = ''
129 while [ ! -S ${cfg.sockets.node} ]; do
130 sleep 0.5
131 done
132 chmod a+w ${cfg.sockets.node}
133 '';
134 serviceConfig = {
135 DynamicUser = true;
136 User = cfg.user;
137 Group = cfg.group;
138 WorkingDirectory = cfg.workdir;
139 PrivateTmp = true;
140 NoNewPrivileges = true;
141 PrivateDevices = true;
142 ProtectHome = true;
143 ProtectControlGroups = true;
144 ProtectKernelModules = true;
145 Restart = "always";
146 Type = "simple";
147 TimeoutSec = 60;
148 RuntimeDirectory = cfg.systemdRuntimeDirectory;
149 StateDirectory= cfg.systemdStateDirectory;
150 ExecStartPre = [
151 "+${pkgs.coreutils}/bin/install -d -m 0755 -o ${cfg.user} -g ${cfg.group} ${cfg.dataDir}/ep_initialized"
152 "+${pkgs.coreutils}/bin/chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir} ${cfg.configFile} ${cfg.sessionKeyFile} ${cfg.apiKeyFile}"
153 ];
154 };
155 };
156
157 };
158}