From 807968bac104ff850f22e814cf04556cc2361dc6 Mon Sep 17 00:00:00 2001 From: Olivier 'reivilibre Date: Wed, 25 May 2022 21:42:36 +0100 Subject: [PATCH] Add experimental NixOS module --- flake.nix | 14 ++-- nixos_modules/olivefsd.nix | 114 ++++++++++++++++++++++++++++++ nixos_modules/olivefsd_config.nix | 29 ++++++++ 3 files changed, 150 insertions(+), 7 deletions(-) create mode 100644 nixos_modules/olivefsd.nix create mode 100644 nixos_modules/olivefsd_config.nix diff --git a/flake.nix b/flake.nix index c210d74..a81fc41 100644 --- a/flake.nix +++ b/flake.nix @@ -29,15 +29,15 @@ defaultPackage = packages.olivefs; # NixOS Modules -# nixosModules = { -# olivefsd = import ./nixos_modules/olivefsd.nix self; -# }; + nixosModules = { + olivefsd = import ./nixos_modules/olivefsd.nix self; + }; # `nix run` -# apps.olivefs = utils.lib.mkApp { -# drv = packages.olivefs; -# }; -# defaultApp = apps.olivefs; + apps.olivefs = utils.lib.mkApp { + drv = packages.olivefs; + }; + defaultApp = apps.olivefs; # `nix develop` devShell = pkgs.mkShell { diff --git a/nixos_modules/olivefsd.nix b/nixos_modules/olivefsd.nix new file mode 100644 index 0000000..f73f2cf --- /dev/null +++ b/nixos_modules/olivefsd.nix @@ -0,0 +1,114 @@ +flake: {config, pkgs, lib, ...}: + +let + cfg = config.services.olivefsd; + inherit (flake.packages.${pkgs.stdenv.hostPlatform.system}) olivefs; +in + +with lib; + +{ + options = { + services.olivefsd = { + enable = mkOption { + default = false; + type = with types; bool; + description = '' + Start the OliveFSd Search web interface. + ''; + }; + + user = mkOption { + default = "olivefsd"; + type = with types; uniq str; + description = '' + Name of the user. + ''; + }; + + bindHost = mkOption { + default = "127.0.0.1"; + type = with types; str; + description = '' + Host upon which to bind the OliveFS interface. + ''; + }; + + bindPort = mkOption { + default = 7510; + type = with types; port; + description = '' + Port upon which to bind the OliveFS interface. + ''; + }; + + rootDir = mkOption { + type = with types; path; + example = "/my/path/olivefsd"; + description = '' + Path that is the root of the OliveFS volume. + ''; + }; + + clients = mkOption { + type = with types; listOf str; + example = ''["mypc", "mylaptop"]''; + description = '' + Names of all the SANs to accept. + ''; + }; + + serverKeyFile = mkOption { + type = with types; path; + description = '' + Server's TLS key (in DER format). + ''; + }; + + serverCertFile = mkOption { + type = with types; path; + description = '' + Server's TLS cert (in DER format). + ''; + }; + + caCertFile = mkOption { + type = with types; path; + description = '' + CA's TLS cert (in DER format). + ''; + }; + + idleTimeout = mkOption { + type = with types; int; + default = 30; + description = '' + Idle connection timeout in seconds. + ''; + }; + }; + }; + + config = mkIf cfg.enable { + users.users."${cfg.user}" = { + description = "OliveFS User"; + isSystemUser = true; + group = "${cfg.user}"; + }; + users.groups."${cfg.user}" = {}; + + systemd.services.olivefsd = { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + description = "Start the OliveFS server."; + + serviceConfig = { + Type = "simple"; + User = "${cfg.user}"; + ExecStart = + let cfgPath = builtins.toFile "olivefsd.toml" (import ./olivefsd_config.nix { inherit cfg lib; }); + in ''${olivefs}/bin/olivefsd serve ${cfgPath}''; + }; + }; + }; +} diff --git a/nixos_modules/olivefsd_config.nix b/nixos_modules/olivefsd_config.nix new file mode 100644 index 0000000..ff82fdb --- /dev/null +++ b/nixos_modules/olivefsd_config.nix @@ -0,0 +1,29 @@ +{ cfg, lib }: +let + + clientSection = + clientName: + '' + [clients.${clientName}] + ''; + + clientSections = map clientSection cfg.clients; + +in +'' +[listen] +listen_to = "${cfg.bindHost}:${builtins.toString cfg.bindPort}" + +# Must be kept secret. +server_key = "${cfg.serverKeyFile}" + +server_certificate = "${cfg.serverCertFile}" +ca_certificate = "${cfg.caCertFile}" + +timeout = ${builtins.toString cfg.idleTimeout} + +[service] +root = "${cfg.rootDir}" + +${lib.strings.concatStrings clientSections} +''