| blob | b6e353b637e817dad11be222390aea69bf3a587e |
1 { config, lib, pkgs, ... }:
2 let
3 cfg = config.services.infinoted;
4 in {
5 options.services.infinoted = {
6 enable = lib.mkEnableOption "infinoted";
8 package = lib.mkPackageOption pkgs "libinfinity" { };
10 keyFile = lib.mkOption {
11 type = lib.types.nullOr lib.types.path;
12 default = null;
13 description = ''
14 Private key to use for TLS
15 '';
16 };
18 certificateFile = lib.mkOption {
19 type = lib.types.nullOr lib.types.path;
20 default = null;
21 description = ''
22 Server certificate to use for TLS
23 '';
24 };
26 certificateChain = lib.mkOption {
27 type = lib.types.nullOr lib.types.path;
28 default = null;
29 description = ''
30 Chain of CA-certificates to which our `certificateFile` is relative.
31 Optional for TLS.
32 '';
33 };
35 securityPolicy = lib.mkOption {
36 type = lib.types.enum ["no-tls" "allow-tls" "require-tls"];
37 default = "require-tls";
38 description = ''
39 How strictly to enforce clients connection with TLS.
40 '';
41 };
43 port = lib.mkOption {
44 type = lib.types.port;
45 default = 6523;
46 description = ''
47 Port to listen on
48 '';
49 };
51 rootDirectory = lib.mkOption {
52 type = lib.types.path;
53 default = "/var/lib/infinoted/documents/";
54 description = ''
55 Root of the directory structure to serve
56 '';
57 };
59 plugins = lib.mkOption {
60 type = lib.types.listOf lib.types.str;
61 default = [ "note-text" "note-chat" "logging" "autosave" ];
62 description = ''
63 Plugins to enable
64 '';
65 };
67 passwordFile = lib.mkOption {
68 type = lib.types.nullOr lib.types.path;
69 default = null;
70 description = ''
71 File to read server-wide password from
72 '';
73 };
75 extraConfig = lib.mkOption {
76 type = lib.types.lines;
77 default = ''
78 [autosave]
79 interval=10
80 '';
81 description = ''
82 Additional configuration to append to infinoted.conf
83 '';
84 };
86 user = lib.mkOption {
87 type = lib.types.str;
88 default = "infinoted";
89 description = ''
90 What to call the dedicated user under which infinoted is run
91 '';
92 };
94 group = lib.mkOption {
95 type = lib.types.str;
96 default = "infinoted";
97 description = ''
98 What to call the primary group of the dedicated user under which infinoted is run
99 '';
100 };
101 };
103 config = lib.mkIf (cfg.enable) {
104 users.users = lib.optionalAttrs (cfg.user == "infinoted")
105 { infinoted = {
106 description = "Infinoted user";
107 group = cfg.group;
108 isSystemUser = true;
109 };
110 };
111 users.groups = lib.optionalAttrs (cfg.group == "infinoted")
112 { infinoted = { };
113 };
115 systemd.services.infinoted =
116 { description = "Gobby Dedicated Server";
118 wantedBy = [ "multi-user.target" ];
119 after = [ "network.target" ];
121 serviceConfig = {
122 Type = "simple";
123 Restart = "always";
124 ExecStart = "${cfg.package.infinoted} --config-file=/var/lib/infinoted/infinoted.conf";
125 User = cfg.user;
126 Group = cfg.group;
127 PermissionsStartOnly = true;
128 };
129 preStart = ''
130 mkdir -p /var/lib/infinoted
131 install -o ${cfg.user} -g ${cfg.group} -m 0600 /dev/null /var/lib/infinoted/infinoted.conf
132 cat >>/var/lib/infinoted/infinoted.conf <<EOF
133 [infinoted]
134 ${lib.optionalString (cfg.keyFile != null) "key-file=${cfg.keyFile}"}
135 ${lib.optionalString (cfg.certificateFile != null) "certificate-file=${cfg.certificateFile}"}
136 ${lib.optionalString (cfg.certificateChain != null) "certificate-chain=${cfg.certificateChain}"}
137 port=${toString cfg.port}
138 security-policy=${cfg.securityPolicy}
139 root-directory=${cfg.rootDirectory}
140 plugins=${lib.concatStringsSep ";" cfg.plugins}
141 ${lib.optionalString (cfg.passwordFile != null) "password=$(head -n 1 ${cfg.passwordFile})"}
143 ${cfg.extraConfig}
144 EOF
146 install -o ${cfg.user} -g ${cfg.group} -m 0750 -d ${cfg.rootDirectory}
147 '';
148 };
149 };
150 }