| blob | 4712a3c1b3db9af879448581fb239bdba140207c |
1 { config, pkgs, lib, ... }:
2 let
3 cfg = config.services.lxd-image-server;
4 format = pkgs.formats.toml {};
6 location = "/var/www/simplestreams";
7 in
8 {
9 options = {
10 services.lxd-image-server = {
11 enable = lib.mkEnableOption "lxd-image-server";
13 group = lib.mkOption {
14 type = lib.types.str;
15 description = "Group assigned to the user and the webroot directory.";
16 default = "nginx";
17 example = "www-data";
18 };
20 settings = lib.mkOption {
21 type = format.type;
22 description = ''
23 Configuration for lxd-image-server.
25 Example see <https://github.com/Avature/lxd-image-server/blob/master/config.toml>.
26 '';
27 default = {};
28 };
30 nginx = {
31 enable = lib.mkEnableOption "nginx";
32 domain = lib.mkOption {
33 type = lib.types.str;
34 description = "Domain to use for nginx virtual host.";
35 example = "images.example.org";
36 };
37 };
38 };
39 };
41 config = lib.mkMerge [
42 (lib.mkIf (cfg.enable) {
43 users.users.lxd-image-server = {
44 isSystemUser = true;
45 group = cfg.group;
46 };
47 users.groups.${cfg.group} = {};
49 environment.etc."lxd-image-server/config.toml".source = format.generate "config.toml" cfg.settings;
51 services.logrotate.settings.lxd-image-server = {
52 files = "/var/log/lxd-image-server/lxd-image-server.log";
53 frequency = "daily";
54 rotate = 21;
55 create = "755 lxd-image-server ${cfg.group}";
56 compress = true;
57 delaycompress = true;
58 copytruncate = true;
59 };
61 systemd.tmpfiles.rules = [
62 "d /var/www/simplestreams 0755 lxd-image-server ${cfg.group}"
63 ];
65 systemd.services.lxd-image-server = {
66 wantedBy = [ "multi-user.target" ];
67 after = [ "network.target" ];
69 description = "LXD Image Server";
71 script = ''
72 ${pkgs.lxd-image-server}/bin/lxd-image-server init
73 ${pkgs.lxd-image-server}/bin/lxd-image-server watch
74 '';
76 serviceConfig = {
77 User = "lxd-image-server";
78 Group = cfg.group;
79 DynamicUser = true;
80 LogsDirectory = "lxd-image-server";
81 RuntimeDirectory = "lxd-image-server";
82 ExecReload = "${pkgs.lxd-image-server}/bin/lxd-image-server reload";
83 ReadWritePaths = [ location ];
84 };
85 };
86 })
87 # this is separate so it can be enabled on mirrored hosts
88 (lib.mkIf (cfg.nginx.enable) {
89 # https://github.com/Avature/lxd-image-server/blob/master/resources/nginx/includes/lxd-image-server.pkg.conf
90 services.nginx.virtualHosts = {
91 "${cfg.nginx.domain}" = {
92 forceSSL = true;
93 enableACME = lib.mkDefault true;
95 root = location;
97 locations = {
98 "/streams/v1/" = {
99 index = "index.json";
100 };
102 # Serve json files with content type header application/json
103 "~ \.json$" = {
104 extraConfig = ''
105 add_header Content-Type application/json;
106 '';
107 };
109 "~ \.tar.xz$" = {
110 extraConfig = ''
111 add_header Content-Type application/octet-stream;
112 '';
113 };
115 "~ \.tar.gz$" = {
116 extraConfig = ''
117 add_header Content-Type application/octet-stream;
118 '';
119 };
121 # Deny access to document root and the images folder
122 "~ ^/(images/)?$" = {
123 return = "403";
124 };
125 };
126 };
127 };
128 })
129 ];
130 }