nixos/zeronet: Improved config, dynamic user, remove static UI… (#70305)

nixos/zeronet: Improved config, dynamic user, remove static UID and GID
NixOS · Oct 4, 2019 · bf3360c · bf3360c
2 parents 161c9dc + 5c18c08
commit bf3360c
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 61 deletions.
diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix
@@ -328,7 +328,7 @@
       qemu-libvirtd = 301;
       # kvm = 302; # unused
       # render = 303; # unused
-      zeronet = 304;
+      # zeronet = 304; # removed 2019-01-03
       lirc = 305;
       lidarr = 306;
       slurm = 307;
@@ -629,7 +629,7 @@
       qemu-libvirtd = 301;
       kvm = 302; # default udev rules from systemd requires these
       render = 303; # default udev rules from systemd requires these
-      zeronet = 304;
+      # zeronet = 304; # removed 2019-01-03
       lirc = 305;
       lidarr = 306;
       slurm = 307;

diff --git a/nixos/modules/services/networking/zeronet.nix b/nixos/modules/services/networking/zeronet.nix
@@ -1,44 +1,39 @@
 { config, lib, pkgs, ... }:
 
 let
+  inherit (lib) generators literalExample mkEnableOption mkIf mkOption recursiveUpdate types;
   cfg = config.services.zeronet;
-
-  zConfFile = pkgs.writeTextFile {
-    name = "zeronet.conf";
-
-    text = ''
-      [global]
-      data_dir = ${cfg.dataDir}
-      log_dir = ${cfg.logDir}
-    '' + lib.optionalString (cfg.port != null) ''
-      ui_port = ${toString cfg.port}
-    '' + lib.optionalString (cfg.fileserverPort != null) ''
-      fileserver_port = ${toString cfg.fileserverPort}
-    '' + lib.optionalString (cfg.torAlways) ''
-      tor = always
-    '' + cfg.extraConfig;
+  dataDir = "/var/lib/zeronet";
+  configFile = pkgs.writeText "zeronet.conf" (generators.toINI {} (recursiveUpdate defaultSettings cfg.settings));
+
+  defaultSettings = {
+    global = {
+      data_dir = dataDir;
+      log_dir = dataDir;
+      ui_port = cfg.port;
+      fileserver_port = cfg.fileserverPort;
+      tor = if !cfg.tor then "disable" else if cfg.torAlways then "always" else "enable";
+    };
   };
 in with lib; {
   options.services.zeronet = {
     enable = mkEnableOption "zeronet";
 
-    dataDir = mkOption {
-      type = types.path;
-      default = "/var/lib/zeronet";
-      example = "/home/okina/zeronet";
-      description = "Path to the zeronet data directory.";
-    };
+    settings = mkOption {
+      type = with types; attrsOf (oneOf [ str int bool (listOf str) ]);
+      default = {};
+      example = literalExample "global.tor = enable;";
 
-    logDir = mkOption {
-      type = types.path;
-      default = "/var/log/zeronet";
-      example = "/home/okina/zeronet/log";
-      description = "Path to the zeronet log directory.";
+      description = ''
+        <filename>zeronet.conf</filename> configuration. Refer to
+        <link xlink:href="https://zeronet.readthedocs.io/en/latest/faq/#is-it-possible-to-use-a-configuration-file"/>
+        for details on supported values;
+      '';
     };
 
     port = mkOption {
-      type = types.nullOr types.int;
-      default = null;
+      type = types.int;
+      default = 43110;
       example = 43110;
       description = "Optional zeronet web UI port.";
     };
@@ -63,60 +58,39 @@ in with lib; {
       default = false;
       description = "Use TOR for all zeronet traffic.";
     };
-
-    extraConfig = mkOption {
-      type = types.lines;
-      default = "";
-
-      description = ''
-        Extra configuration. Contents will be added verbatim to the
-        configuration file at the end.
-      '';
-    };
   };
 
   config = mkIf cfg.enable {
     services.tor = mkIf cfg.tor {
       enable = true;
       controlPort = 9051;
+
       extraConfig = ''
         CacheDirectoryGroupReadable 1
         CookieAuthentication 1
         CookieAuthFileGroupReadable 1
       '';
     };
 
-    systemd.tmpfiles.rules = [
-      "d '${cfg.dataDir}' 750 zeronet zeronet - -"
-      "d '${cfg.logDir}' 750 zeronet zeronet - -"
-    ];
-
     systemd.services.zeronet = {
       description = "zeronet";
       after = [ "network.target" (optionalString cfg.tor "tor.service") ];
       wantedBy = [ "multi-user.target" ];
 
       serviceConfig = {
-        PrivateTmp = "yes";
         User = "zeronet";
-        Group = "zeronet";
-        ExecStart = "${pkgs.zeronet}/bin/zeronet --config_file ${zConfFile}";
-      };
-    };
-
-    users = {
-      groups.zeronet.gid = config.ids.gids.zeronet;
-
-      users.zeronet = {
-        description = "zeronet service user";
-        home = cfg.dataDir;
-        createHome = true;
-        group = "zeronet";
-        extraGroups = mkIf cfg.tor [ "tor" ];
-        uid = config.ids.uids.zeronet;
+        DynamicUser = true;
+        StateDirectory = "zeronet";
+        SupplementaryGroups = mkIf cfg.tor [ "tor" ];
+        ExecStart = "${pkgs.zeronet}/bin/zeronet --config_file ${configFile}";
       };
     };
   };
 
+  imports = [
+    (mkRemovedOptionModule [ "services" "zeronet" "dataDir" ] "Zeronet will store data by default in /var/lib/zeronet")
+    (mkRemovedOptionModule [ "services" "zeronet" "logDir" ] "Zeronet will log by default in /var/lib/zeronet")
+  ];
+
   meta.maintainers = with maintainers; [ chiiruno ];
 }