diff --git a/3modules/bepasty-server.nix b/3modules/bepasty-server.nix deleted file mode 100644 index ff32eea..0000000 --- a/3modules/bepasty-server.nix +++ /dev/null @@ -1,164 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - gunicorn = pkgs.pythonPackages.gunicorn; - bepasty = pkgs.pythonPackages.bepasty-server; - gevent = pkgs.pythonPackages.gevent; - python = pkgs.pythonPackages.python; - cfg = config.krebs.bepasty; - - out = { - options.krebs.bepasty = api; - config = mkIf cfg.enable (mkMerge [(mkIf cfg.serveNginx nginx-imp) imp ]) ; - }; - - api = { - enable = mkEnableOption "Bepasty Servers"; - serveNginx = mkEnableOption "Serve Bepasty Servers with Nginx"; - - servers = mkOption { - type = with types; attrsOf optionSet; - options = singleton { - nginx = mkOption { - # TODO use the correct type - type = with types; attrsOf unspecified; - description = '' - additional nginx configuration. see krebs.nginx for all options - '' ; - }; - - secretKey = mkOption { - type = types.str; - description = '' - server secret for safe session cookies, must be set. - ''; - default = ""; - }; - - # we create a wsgi socket in $workDir/gunicorn-${name}.wsgi - workDir = mkOption { - type = types.str; - description = '' - Path to the working directory (used for sockets and pidfile). - Defaults to the users home directory. Must be accessible to nginx, - permissions will be set to 755 - ''; - default = config.users.extraUsers.bepasty.home; - }; - - dataDir = mkOption { - type = types.str; - description = '' - Defaults to the new users home dir which defaults to - /var/lib/bepasty-server/data - ''; - default = "${config.users.extraUsers.bepasty.home}/data"; - }; - - extraConfig = mkOption { - type = types.str; - default = ""; - # TODO configure permissions in separate - example = '' - PERMISSIONS = { - 'myadminsecret': 'admin,list,create,read,delete', - } - MAX_ALLOWED_FILE_SIZE = 5 * 1000 * 1000 - ''; - }; - - defaultPermissions = mkOption { - # TODO: listOf str - type = types.str; - description = '' - default permissions for all unauthenticated users. - ''; - example = "read,create,delete"; - default = "read"; - }; - - }; - default = {}; - }; - - }; - - imp = { - # Configures systemd services for each configured server - # environment.systemPackages = [ bepasty gunicorn gevent ]; - systemd.services = mapAttrs' (name: server: - nameValuePair ("bepasty-server-${name}") - ({ - description = "Bepasty Server ${name}"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - restartIfChanged = true; - environment = { - BEPASTY_CONFIG = "${server.workDir}/bepasty-${name}.conf"; - PYTHONPATH= "${bepasty}/lib/${python.libPrefix}/site-packages:${gevent}/lib/${python.libPrefix}/site-packages"; - }; - serviceConfig = { - Type = "simple"; - PrivateTmp = true; - - ExecStartPre = assert server.secretKey != ""; pkgs.writeScript "bepasty-server.${name}-init" '' - #!/bin/sh - mkdir -p "${server.dataDir}" "${server.workDir}" - chown bepasty:bepasty "${server.workDir}" "${server.dataDir}" - cat > "${server.workDir}/bepasty-${name}.conf" <