1 { lib, pkgs, config, ... }:
5 settingsFormat = pkgs.formats.yaml { };
7 # gemstash uses a yaml config where the keys are ruby symbols,
8 # which means they start with ':'. This would be annoying to use
9 # on the nix side, so we rewrite plain names instead.
10 prefixColon = s: listToAttrs (map
12 name = ":${attrName}";
14 if isAttrs s.${attrName}
15 then prefixColon s."${attrName}"
20 # parse the port number out of the tcp://ip:port bind setting string
21 parseBindPort = bind: strings.toInt (last (strings.splitString ":" bind));
23 cfg = config.services.gemstash;
26 options.services.gemstash = {
27 enable = mkEnableOption "gemstash, a cache for rubygems.org and a private gem server";
29 openFirewall = mkOption {
33 Whether to open the firewall for the port in {option}`services.gemstash.bind`.
40 Configuration for Gemstash. The details can be found at in
41 [gemstash documentation](https://github.com/rubygems/gemstash/blob/master/man/gemstash-configuration.5.md).
42 Each key set here is automatically prefixed with ":" to match the gemstash expectations.
44 type = types.submodule {
45 freeformType = settingsFormat.type;
47 base_path = mkOption {
49 default = "/var/lib/gemstash";
50 description = "Path to store the gem files and the sqlite database. If left unchanged, the directory will be created.";
54 default = "tcp://0.0.0.0:9292";
55 description = "Host and port combination for the server to listen on.";
57 db_adapter = mkOption {
58 type = types.nullOr (types.enum [ "sqlite3" "postgres" "mysql" "mysql2" ]);
60 description = "Which database type to use. For choices other than sqlite3, the dbUrl has to be specified as well.";
63 type = types.nullOr types.str;
65 description = "The database to connect to when using postgres, mysql, or mysql2.";
79 groups.gemstash = { };
82 networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ (parseBindPort cfg.settings.bind) ];
84 systemd.services.gemstash = {
85 wantedBy = [ "multi-user.target" ];
86 after = [ "network.target" ];
87 serviceConfig = mkMerge [
89 ExecStart = "${pkgs.gemstash}/bin/gemstash start --no-daemonize --config-file ${settingsFormat.generate "gemstash.yaml" (prefixColon cfg.settings)}";
90 NoNewPrivileges = true;
94 RestrictSUIDSGID = true;
95 LockPersonality = true;
97 (mkIf (cfg.settings.base_path == "/var/lib/gemstash") {
98 StateDirectory = "gemstash";