From 24271c6f6b4e730eccb238c28ca4b04eb70ede92 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 20 Oct 2015 18:11:30 +0200 Subject: m 3 bepasty-server.nix: init --- makefu/3modules/bepasty-server.nix | 160 +++++++++++++++++++++++++++++++++++++ 1 file changed, 160 insertions(+) create mode 100644 makefu/3modules/bepasty-server.nix (limited to 'makefu/3modules') diff --git a/makefu/3modules/bepasty-server.nix b/makefu/3modules/bepasty-server.nix new file mode 100644 index 000000000..d970652a4 --- /dev/null +++ b/makefu/3modules/bepasty-server.nix @@ -0,0 +1,160 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + gunicorn = pkgs.pythonPackages.gunicorn; + bepasty = pkgs.pythonPackages.bepasty-server; + gevent = pkgs.pythonPackages.gevent; + python = pkgs.pythonPackages.python; + cfg = config.makefu.bepasty-server; + + out = { + options.makefu.bepasty-server = api; + config = mkIf cfg.enable (mkMerge [(mkIf cfg.serveNginx nginx-imp) imp ]) ; + }; + + api = { + enable = mkEnableOption "Bepasty Servers"; + serveNginx = mkEnableOption "Serve Bepasty Servers with Nginx"; + + servers = mkOption { + type = with types; attrsOf optionSet; + options = singleton { + nginxCfg = mkOption { + # TODO use the correct type + type = with types; attrsOf unspecified; + description = '' + additional nginx configuration. see krebs.nginx for all options + '' ; + }; + debug = mkOption { + type = types.bool; + description = '' + run server in debug mode + ''; + default = false; + }; + + # TODO: assert secretKey + secretKey = mkOption { + type = types.str; + description = '' + server secret for safe session cookies, must be set. + ''; + }; + + # we create a wsgi socket in $workDir/gunicorn-${name}.wsgi + workDir = mkOption { + type = types.str; + description = '' + Path to the working directory (used for sockets and pidfile). + Defaults to the users home directory. Must be accessible to nginx, + permissions will be set to 755 + ''; + default = config.users.extraUsers.bepasty.home; + }; + + dataDir = mkOption { + type = types.str; + description = '' + Defaults to the new users home dir which defaults to + /var/lib/bepasty-server/data + ''; + default = "${config.users.extraUsers.bepasty.home}/data"; + }; + + extraConfig = mkOption { + type = types.str; + default = ""; + example = '' + PERMISSIONS = { + 'myadminsecret': 'admin,list,create,read,delete', + } + MAX_ALLOWED_FILE_SIZE = 5 * 1000 * 1000 + ''; + }; + + defaultPermissions = mkOption { + type = types.str; + default = "list"; + }; + + }; + default = {}; + }; + + }; + + imp = { + # Configures systemd services for each configured server + # environment.systemPackages = [ bepasty gunicorn gevent ]; + systemd.services = mapAttrs' (name: server: + nameValuePair ("bepasty-server-${name}") + ({ + description = "Bepasty Server ${name}"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + restartIfChanged = true; + environment = { + BEPASTY_CONFIG = "${server.workDir}/bepasty-${name}.conf"; + PYTHONPATH= "${bepasty}/lib/${python.libPrefix}/site-packages:${gevent}/lib/${python.libPrefix}/site-packages"; + }; + serviceConfig = { + Type = "simple"; + PrivateTmp = true; + ExecStartPre = pkgs.writeScript "bepasty-server.${name}-init" '' + #!/bin/sh + chmod 755 ${server.workDir} + mkdir -p ${server.dataDir} + cat > ${server.workDir}/bepasty-${name}.conf <