1 { config, lib, pkgs, ... }:
6 cfg = config.services.infinoted;
8 options.services.infinoted = {
9 enable = mkEnableOption (lib.mdDoc "infinoted");
13 default = pkgs.libinfinity;
14 defaultText = literalExpression "pkgs.libinfinity";
15 description = lib.mdDoc ''
16 Package providing infinoted
21 type = types.nullOr types.path;
23 description = lib.mdDoc ''
24 Private key to use for TLS
28 certificateFile = mkOption {
29 type = types.nullOr types.path;
31 description = lib.mdDoc ''
32 Server certificate to use for TLS
36 certificateChain = mkOption {
37 type = types.nullOr types.path;
39 description = lib.mdDoc ''
40 Chain of CA-certificates to which our `certificateFile` is relative.
45 securityPolicy = mkOption {
46 type = types.enum ["no-tls" "allow-tls" "require-tls"];
47 default = "require-tls";
48 description = lib.mdDoc ''
49 How strictly to enforce clients connection with TLS.
56 description = lib.mdDoc ''
61 rootDirectory = mkOption {
63 default = "/var/lib/infinoted/documents/";
64 description = lib.mdDoc ''
65 Root of the directory structure to serve
70 type = types.listOf types.str;
71 default = [ "note-text" "note-chat" "logging" "autosave" ];
72 description = lib.mdDoc ''
77 passwordFile = mkOption {
78 type = types.nullOr types.path;
80 description = lib.mdDoc ''
81 File to read server-wide password from
85 extraConfig = mkOption {
91 description = lib.mdDoc ''
92 Additional configuration to append to infinoted.conf
98 default = "infinoted";
99 description = lib.mdDoc ''
100 What to call the dedicated user under which infinoted is run
106 default = "infinoted";
107 description = lib.mdDoc ''
108 What to call the primary group of the dedicated user under which infinoted is run
113 config = mkIf (cfg.enable) {
114 users.users = optionalAttrs (cfg.user == "infinoted")
116 description = "Infinoted user";
121 users.groups = optionalAttrs (cfg.group == "infinoted")
125 systemd.services.infinoted =
126 { description = "Gobby Dedicated Server";
128 wantedBy = [ "multi-user.target" ];
129 after = [ "network.target" ];
134 ExecStart = "${cfg.package.infinoted} --config-file=/var/lib/infinoted/infinoted.conf";
137 PermissionsStartOnly = true;
140 mkdir -p /var/lib/infinoted
141 install -o ${cfg.user} -g ${cfg.group} -m 0600 /dev/null /var/lib/infinoted/infinoted.conf
142 cat >>/var/lib/infinoted/infinoted.conf <<EOF
144 ${optionalString (cfg.keyFile != null) "key-file=${cfg.keyFile}"}
145 ${optionalString (cfg.certificateFile != null) "certificate-file=${cfg.certificateFile}"}
146 ${optionalString (cfg.certificateChain != null) "certificate-chain=${cfg.certificateChain}"}
147 port=${toString cfg.port}
148 security-policy=${cfg.securityPolicy}
149 root-directory=${cfg.rootDirectory}
150 plugins=${concatStringsSep ";" cfg.plugins}
151 ${optionalString (cfg.passwordFile != null) "password=$(head -n 1 ${cfg.passwordFile})"}
156 install -o ${cfg.user} -g ${cfg.group} -m 0750 -d ${cfg.rootDirectory}