motiejus
/
e11sync
1
Fork 0
Code
e11sync/modules/e11sync/default.nix

89 lines
2.5 KiB
Nix
Raw Blame History

geoip2-tarball: {
config,
lib,
pkgs,
...
}: let
overlay = import ../../overlays/default.nix geoip2-tarball;
pkgs1 = pkgs.extend overlay;
inherit (pkgs1) e11sync-backend e11sync-caddyfile;
in {
options.e11sync = with lib.types; {
enable = lib.mkEnableOption "Enable e11sync";
secretKeyPath = lib.mkOption {type = oneOf [path (enum ["unsafe"])];};
secretKeyUnsafe = lib.mkOption {
type = bool;
default = false;
};
migrateOnStart = lib.mkOption {
type = bool;
default = false;
};
backendPort = lib.mkOption {
type = port;
default = 8002;
};
databasePath = lib.mkOption {
type = path;
default = "/var/lib/e11sync-backend/db.sqlite3";
};
vhost = lib.mkOption {type = str;};
};
config = let
cfg = config.e11sync;
in
lib.mkIf cfg.enable {
environment.systemPackages = [
e11sync-backend
];
systemd.services = {
e11sync-backend = {
description = "e11sync backend";
environment = lib.mkMerge [
{
TZ = "UTC";
E11SYNC_DATABASE_PATH = cfg.databasePath;
}
(lib.mkIf (cfg.secretKeyPath != "unsafe") {
E11SYNC_SECRET_KEY_PATH = "/run/credentials/e11sync-backend.service/secret_key";
})
];
wantedBy = ["multi-user.target"];
serviceConfig = lib.mkMerge [
{
Type = "notify";
NotifyAccess = "all";
Restart = "on-failure";
RuntimeDirectory = "e11sync-backend";
StateDirectory = "e11sync-backend";
WorkingDirectory = "/var/lib/e11sync-backend";
KillSignal = "SIGQUIT";
ExecStart = "${e11sync-backend}/bin/e11sync-backend";
MemoryHigh = "1535M";
MemoryMax = "4096M";
LimitNOFILE = 1048576;
DynamicUser = true;
NoNewPrivileges = true;
PrivateDevices = true;
ProtectKernelTunables = true;
ProtectControlGroups = true;
}
(lib.mkIf cfg.migrateOnStart {
ExecStartPre = "${e11sync-backend}/bin/e11sync migrate";
})
(lib.mkIf (cfg.secretKeyPath != "unsafe") {
LoadCredential = "secret_key:${cfg.secretKeyPath}";
})
];
};
};
services.caddy.virtualHosts."${cfg.vhost}".extraConfig =
lib.mkDefault
(builtins.readFile "${e11sync-caddyfile}");
};
}
View Git Blame Copy Permalink