| blob | 76cb16bee0d130e43efeb448cd89c37dfe289132 |
1 {
2 config,
3 lib,
4 pkgs,
5 ...
6 }:
8 with lib;
10 let
12 cfg = config.services.manticore;
13 format = pkgs.formats.json { };
15 toSphinx =
16 {
17 mkKeyValue ? generators.mkKeyValueDefault { } "=",
18 listsAsDuplicateKeys ? true,
19 }:
20 attrsOfAttrs:
21 let
22 # map function to string for each key val
23 mapAttrsToStringsSep =
24 sep: mapFn: attrs:
25 concatStringsSep sep (mapAttrsToList mapFn attrs);
26 mkSection =
27 sectName: sectValues:
28 ''
29 ${sectName} {
30 ''
31 + lib.generators.toKeyValue { inherit mkKeyValue listsAsDuplicateKeys; } sectValues
32 + ''}'';
33 in
34 # map input to ini sections
35 mapAttrsToStringsSep "\n" mkSection attrsOfAttrs;
37 configFile = pkgs.writeText "manticore.conf" (
38 toSphinx {
39 mkKeyValue = k: v: " ${k} = ${v}";
40 } cfg.settings
41 );
43 in
44 {
46 options = {
47 services.manticore = {
49 enable = mkEnableOption "Manticoresearch";
51 settings = mkOption {
52 default = {
53 searchd = {
54 listen = [
55 "127.0.0.1:9312"
56 "127.0.0.1:9306:mysql"
57 "127.0.0.1:9308:http"
58 ];
59 log = "/var/log/manticore/searchd.log";
60 query_log = "/var/log/manticore/query.log";
61 pid_file = "/run/manticore/searchd.pid";
62 data_dir = "/var/lib/manticore";
63 };
64 };
65 description = ''
66 Configuration for Manticoresearch. See
67 <https://manual.manticoresearch.com/Server%20settings>
68 for more information.
69 '';
70 type = types.submodule {
71 freeformType = format.type;
72 };
73 example = literalExpression ''
74 {
75 searchd = {
76 listen = [
77 "127.0.0.1:9312"
78 "127.0.0.1:9306:mysql"
79 "127.0.0.1:9308:http"
80 ];
81 log = "/var/log/manticore/searchd.log";
82 query_log = "/var/log/manticore/query.log";
83 pid_file = "/run/manticore/searchd.pid";
84 data_dir = "/var/lib/manticore";
85 };
86 }
87 '';
88 };
90 };
91 };
93 config = mkIf cfg.enable {
95 systemd = {
96 packages = [ pkgs.manticoresearch ];
97 services.manticore = {
98 wantedBy = [ "multi-user.target" ];
99 after = [ "network.target" ];
100 serviceConfig =
101 {
102 ExecStart = [
103 ""
104 "${pkgs.manticoresearch}/bin/searchd --config ${configFile}"
105 ];
106 ExecStop = [
107 ""
108 "${pkgs.manticoresearch}/bin/searchd --config ${configFile} --stopwait"
109 ];
110 ExecStartPre = [ "" ];
111 DynamicUser = true;
112 LogsDirectory = "manticore";
113 RuntimeDirectory = "manticore";
114 StateDirectory = "manticore";
115 ReadWritePaths = "";
116 CapabilityBoundingSet = "";
117 RestrictAddressFamilies = [
118 "AF_UNIX"
119 "AF_INET"
120 "AF_INET6"
121 ];
122 RestrictNamespaces = true;
123 PrivateDevices = true;
124 PrivateUsers = true;
125 ProtectClock = true;
126 ProtectControlGroups = true;
127 ProtectHome = true;
128 ProtectKernelLogs = true;
129 ProtectKernelModules = true;
130 ProtectKernelTunables = true;
131 SystemCallArchitectures = "native";
132 SystemCallFilter = [
133 "@system-service"
134 "~@privileged"
135 ];
136 RestrictRealtime = true;
137 LockPersonality = true;
138 MemoryDenyWriteExecute = true;
139 UMask = "0066";
140 ProtectHostname = true;
141 }
142 // lib.optionalAttrs (cfg.settings.searchd.pid_file != null) {
143 PIDFile = cfg.settings.searchd.pid_file;
144 };
145 };
146 };
148 };
150 meta.maintainers = with lib.maintainers; [ onny ];
152 }