| blob | fbc310daea770f2735a7e73ff9f68168d9f91b61 |
1 {
2 config,
3 lib,
4 pkgs,
5 ...
6 }:
7 let
8 cfg = config.services.glance;
10 inherit (lib)
11 mkEnableOption
12 mkPackageOption
13 mkOption
14 mkIf
15 getExe
16 types
17 ;
19 settingsFormat = pkgs.formats.yaml { };
20 in
21 {
22 options.services.glance = {
23 enable = mkEnableOption "glance";
24 package = mkPackageOption pkgs "glance" { };
26 settings = mkOption {
27 type = types.submodule {
28 freeformType = settingsFormat.type;
29 options = {
30 server = {
31 host = mkOption {
32 description = "Glance bind address";
33 default = "127.0.0.1";
34 example = "0.0.0.0";
35 type = types.str;
36 };
37 port = mkOption {
38 description = "Glance port to listen on";
39 default = 8080;
40 example = 5678;
41 type = types.port;
42 };
43 };
44 pages = mkOption {
45 type = settingsFormat.type;
46 description = ''
47 List of pages to be present on the dashboard.
49 See <https://github.com/glanceapp/glance/blob/main/docs/configuration.md#pages--columns>
50 '';
51 default = [
52 {
53 name = "Calendar";
54 columns = [
55 {
56 size = "full";
57 widgets = [ { type = "calendar"; } ];
58 }
59 ];
60 }
61 ];
62 example = [
63 {
64 name = "Home";
65 columns = [
66 {
67 size = "full";
68 widgets = [
69 { type = "calendar"; }
70 {
71 type = "weather";
72 location = "Nivelles, Belgium";
73 }
74 ];
75 }
76 ];
77 }
78 ];
79 };
80 };
81 };
82 default = { };
83 description = ''
84 Configuration written to a yaml file that is read by glance. See
85 <https://github.com/glanceapp/glance/blob/main/docs/configuration.md>
86 for more.
87 '';
88 };
90 openFirewall = mkOption {
91 type = types.bool;
92 default = false;
93 description = ''
94 Whether to open the firewall for Glance.
95 This adds `services.glance.settings.server.port` to `networking.firewall.allowedTCPPorts`.
96 '';
97 };
98 };
100 config = mkIf cfg.enable {
101 systemd.services.glance = {
102 description = "Glance feed dashboard server";
103 wantedBy = [ "multi-user.target" ];
104 after = [ "network.target" ];
106 serviceConfig = {
107 ExecStart =
108 let
109 glance-yaml = settingsFormat.generate "glance.yaml" cfg.settings;
110 in
111 "${getExe cfg.package} --config ${glance-yaml}";
112 WorkingDirectory = "/var/lib/glance";
113 StateDirectory = "glance";
114 RuntimeDirectory = "glance";
115 RuntimeDirectoryMode = "0755";
116 PrivateTmp = true;
117 DynamicUser = true;
118 DevicePolicy = "closed";
119 LockPersonality = true;
120 MemoryDenyWriteExecute = true;
121 PrivateUsers = true;
122 ProtectHome = true;
123 ProtectHostname = true;
124 ProtectKernelLogs = true;
125 ProtectKernelModules = true;
126 ProtectKernelTunables = true;
127 ProtectControlGroups = true;
128 ProcSubset = "pid";
129 RestrictNamespaces = true;
130 RestrictRealtime = true;
131 SystemCallArchitectures = "native";
132 UMask = "0077";
133 };
134 };
136 networking.firewall = mkIf cfg.openFirewall { allowedTCPPorts = [ cfg.settings.server.port ]; };
137 };
139 meta.doc = ./glance.md;
140 meta.maintainers = [ lib.maintainers.drupol ];
141 }