| blob | 20bc56df85a4881bef02cf3ee43037b8af60a2c3 |
1 { config, pkgs, lib, ... }:
2 let
3 cfg = config.services.dgraph;
4 settingsFormat = pkgs.formats.json {};
5 configFile = settingsFormat.generate "config.json" cfg.settings;
6 dgraphWithNode = pkgs.runCommand "dgraph" {
7 nativeBuildInputs = [ pkgs.makeWrapper ];
8 }
9 ''
10 mkdir -p $out/bin
11 makeWrapper ${cfg.package}/bin/dgraph $out/bin/dgraph \
12 --prefix PATH : "${lib.makeBinPath [ pkgs.nodejs ]}" \
13 '';
14 securityOptions = {
15 NoNewPrivileges = true;
17 AmbientCapabilities = "";
18 CapabilityBoundingSet = "";
20 DeviceAllow = "";
22 LockPersonality = true;
24 PrivateTmp = true;
25 PrivateDevices = true;
26 PrivateUsers = true;
28 ProtectClock = true;
29 ProtectControlGroups = true;
30 ProtectHostname = true;
31 ProtectKernelLogs = true;
32 ProtectKernelModules = true;
33 ProtectKernelTunables = true;
35 RemoveIPC = true;
37 RestrictNamespaces = true;
38 RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
39 RestrictRealtime = true;
40 RestrictSUIDSGID = true;
42 SystemCallArchitectures = "native";
43 SystemCallErrorNumber = "EPERM";
44 SystemCallFilter = [
45 "@system-service"
46 "~@cpu-emulation" "~@debug" "~@keyring" "~@memlock" "~@obsolete" "~@privileged" "~@setuid"
47 ];
48 };
49 in
50 {
51 options = {
52 services.dgraph = {
53 enable = lib.mkEnableOption "Dgraph native GraphQL database with a graph backend";
55 package = lib.mkPackageOption pkgs "dgraph" { };
57 settings = lib.mkOption {
58 type = settingsFormat.type;
59 default = {};
60 description = ''
61 Contents of the dgraph config. For more details see https://dgraph.io/docs/deploy/config
62 '';
63 };
65 alpha = {
66 host = lib.mkOption {
67 type = lib.types.str;
68 default = "localhost";
69 description = ''
70 The host which dgraph alpha will be run on.
71 '';
72 };
73 port = lib.mkOption {
74 type = lib.types.port;
75 default = 7080;
76 description = ''
77 The port which to run dgraph alpha on.
78 '';
79 };
81 };
83 zero = {
84 host = lib.mkOption {
85 type = lib.types.str;
86 default = "localhost";
87 description = ''
88 The host which dgraph zero will be run on.
89 '';
90 };
91 port = lib.mkOption {
92 type = lib.types.port;
93 default = 5080;
94 description = ''
95 The port which to run dgraph zero on.
96 '';
97 };
98 };
100 };
101 };
103 config = lib.mkIf cfg.enable {
104 services.dgraph.settings = {
105 badger.compression = lib.mkDefault "zstd:3";
106 };
108 systemd.services.dgraph-zero = {
109 description = "Dgraph native GraphQL database with a graph backend. Zero controls node clustering";
110 after = [ "network.target" ];
111 wantedBy = [ "multi-user.target" ];
113 serviceConfig = {
114 StateDirectory = "dgraph-zero";
115 WorkingDirectory = "/var/lib/dgraph-zero";
116 DynamicUser = true;
117 ExecStart = "${cfg.package}/bin/dgraph zero --my ${cfg.zero.host}:${toString cfg.zero.port}";
118 Restart = "on-failure";
119 } // securityOptions;
120 };
122 systemd.services.dgraph-alpha = {
123 description = "Dgraph native GraphQL database with a graph backend. Alpha serves data";
124 after = [ "network.target" "dgraph-zero.service" ];
125 requires = [ "dgraph-zero.service" ];
126 wantedBy = [ "multi-user.target" ];
128 serviceConfig = {
129 StateDirectory = "dgraph-alpha";
130 WorkingDirectory = "/var/lib/dgraph-alpha";
131 DynamicUser = true;
132 ExecStart = "${dgraphWithNode}/bin/dgraph alpha --config ${configFile} --my ${cfg.alpha.host}:${toString cfg.alpha.port} --zero ${cfg.zero.host}:${toString cfg.zero.port}";
133 ExecStop = ''
134 ${pkgs.curl}/bin/curl --data "mutation { shutdown { response { message code } } }" \
135 --header 'Content-Type: application/graphql' \
136 -X POST \
137 http://localhost:8080/admin
138 '';
139 Restart = "on-failure";
140 } // securityOptions;
141 };
142 };
144 meta.maintainers = with lib.maintainers; [ happysalada ];
145 }