shimun/brownpaper
1
0
Fork 0
Code Issues Pull Requests Releases Activity
brownpaper/mod.nix
shimun 7e2a3961a8
gc
2020-12-22 20:05:29 +01:00

104 lines
3.3 KiB
Nix
Raw Blame History

{ lib, pkgs, config, ... }:
with lib;
let
cfg = config.services.brownpaper;
cfgc = config.programs.brownpaper;
keyDir = pkgs.runCommand "brownpaper-keys" { } ''
mkdir -p $out
${concatStringsSep " && " (builtins.map (key: "ln -s ${key} $out") cfg.pgpKeys)}
'';
keyScript = pkgs.writeScript "brownpaper-keyscript" ''
#!${pkgs.bash}/bin/bash
DATADIR='${toString cfg.dataDir}'
([ ! -s "$DATADIR/keys" ] && [ -d "$DATADIR/keys" ]) && mv "$DATADIR/keys" "$DATADIR/keys.bak"
[ -s "$DATADIR/keys" ] && rm "$DATADIR/keys"
ln -s ${keyDir} "$DATADIR/keys"
'';
in
{
options.services.brownpaper = {
enable = mkEnableOption "brownpaper service";
listen = mkOption {
type = types.str;
default = "127.0.0.1";
};
port = mkOption {
type = types.int;
default = 3000;
};
dataDir = mkOption {
type = types.path;
default = "/var/lib/brownpaper";
};
user = mkOption {
type = types.str;
default = "brownpaper";
};
pgpKeys = mkOption {
type = with types; listOf path;
default = [ ];
};
gc = {
enable = mkEnableOption "delete old snippets";
dates = mkOption {
type = types.str;
default = "00:00";
description = ''
Specification (in the format described by
<citerefentry><refentrytitle>systemd.time</refentrytitle>
<manvolnum>7</manvolnum></citerefentry>) of the time at
which the garbage collector will run.
'';
};
maxAge = mkOption {
type = types.ints.positive;
default = 60 * 24 * 30;
description = "maximum age in minutes after which snippets will be garbage collected. Defaults to 30 days";
};
};
};
options.programs.brownpaper = {
enable = mkEnableOption "brownpaper client";
endpoint = mkOption {
type = types.str;
default = "http://${cfg.listen}:${toString cfg.port}";
};
};
config = {
users.users = mkIf cfg.enable { ${cfg.user} = { }; };
system.activationScripts.brownpaper = {
text = ''
mkdir -p ${toString cfg.dataDir}
chown ${toString cfg.user} -R ${toString cfg.dataDir}
${optionalString (cfg.pgpKeys != [ ]) "${keyScript}"}
'';
deps = [ ];
};
systemd.services.brownpaper = mkIf cfg.enable {
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
path = [ pkgs.coreutils ];
environment.BROWNPAPER_STORAGE_DIR = "${toString cfg.dataDir}";
confinement = {
enable = true;
packages = with pkgs;[ bash coreutils findutils tzdata keyDir ];
};
serviceConfig =
{
BindPaths = [ cfg.dataDir ];
ExecStart = "${(pkgs.callPackage ./. { inherit pkgs; src = ./.; }).server.rootCrate.build}/bin/brownpaper ${cfg.listen}:${toString cfg.port}";
User = cfg.user;
};
};
systemd.services.brownpaper-gc = mkIf (cfg.enable && cfg.gc.enable) {
startAt = cfg.gc.dates;
script = "${pkgs.findutils}/bin/find ${cfg.dataDir} -maxdepth 1 -type f -mmin +${toString cfg.gc.maxAge} -delete";
};
environment.systemPackages = optionals cfgc.enable [
(pkgs.writeShellScriptBin "brownpaper" ''
BROWNPAPER_ENDPOINT='${cfgc.endpoint}' ${(pkgs.callPackage ./. { inherit pkgs; src = ./.; }).client}/bin/brownpaper "$@"
'')
];
};
}
Reference in New Issue View Git Blame Copy Permalink