diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index cc7d8684982..93452a89616 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -307,6 +307,7 @@ duplicati = 289; monetdb = 290; restic = 291; + meguca = 292; # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! @@ -582,6 +583,7 @@ duplicati = 289; monetdb = 290; restic = 291; + meguca = 292; # When adding a gid, make sure it doesn't match an existing # uid. Users and groups with the same name should have equal diff --git a/nixos/modules/services/web-servers/meguca.nix b/nixos/modules/services/web-servers/meguca.nix index 4b616259366..af6e1a5676c 100644 --- a/nixos/modules/services/web-servers/meguca.nix +++ b/nixos/modules/services/web-servers/meguca.nix @@ -9,6 +9,12 @@ in options.services.meguca = { enable = mkEnableOption "meguca"; + baseDir = mkOption { + type = types.path; + default = "/run/meguca"; + description = "Location where meguca stores it's database and links."; + }; + password = mkOption { type = types.str; default = "meguca"; @@ -94,12 +100,11 @@ in description = "meguca"; after = [ "network.target" "postgresql.service" ]; wantedBy = [ "multi-user.target" ]; - script = "/run/meguca/start"; preStart = '' # Ensure folder exists and links are correct or create them - mkdir -p /run/meguca - ln -sf ${pkgs.meguca}/share/meguca/www /run/meguca + mkdir -p ${cfg.baseDir} + ln -sf ${pkgs.meguca}/share/meguca/www ${cfg.baseDir} # Ensure the database is correct or create it ${pkgs.sudo}/bin/sudo -u ${postgres.superUser} ${postgres.package}/bin/createuser \ @@ -108,31 +113,46 @@ in -c "ALTER ROLE meguca WITH PASSWORD '$(cat ${cfg.passwordFile})';" || true ${pkgs.sudo}/bin/sudo -u ${postgres.superUser} ${postgres.package}/bin/createdb \ -T template0 -E UTF8 -O meguca meguca || true - - cat > /run/meguca/start << EOF -#!/bin/sh -cd /run/meguca -${pkgs.meguca}/bin/meguca -d "$(cat ${cfg.postgresArgsFile})"\ -${optionalString (cfg.reverseProxy != null) " -R ${cfg.reverseProxy}"}\ -${optionalString (cfg.sslCertificate != null) " -S ${cfg.sslCertificate}"}\ -${optionalString (cfg.listenAddress != null) " -a ${cfg.listenAddress}"}\ -${optionalString (cfg.cacheSize != null) " -c ${toString cfg.cacheSize}"}\ -${optionalString (cfg.compressTraffic) " -g"}\ -${optionalString (cfg.assumeReverseProxy) " -r"}\ -${optionalString (cfg.httpsOnly) " -s"} start -rm -f /run/meguca/start -EOF - - chmod 700 /run/meguca/start ''; + script = '' + cd ${cfg.baseDir} + + ${pkgs.meguca}/bin/meguca -d "$(cat ${cfg.postgresArgsFile})"\ + ${optionalString (cfg.reverseProxy != null) " -R ${cfg.reverseProxy}"}\ + ${optionalString (cfg.sslCertificate != null) " -S ${cfg.sslCertificate}"}\ + ${optionalString (cfg.listenAddress != null) " -a ${cfg.listenAddress}"}\ + ${optionalString (cfg.cacheSize != null) " -c ${toString cfg.cacheSize}"}\ + ${optionalString (cfg.compressTraffic) " -g"}\ + ${optionalString (cfg.assumeReverseProxy) " -r"}\ + ${optionalString (cfg.httpsOnly) " -s"} start + ''; + serviceConfig = { + PermissionsStartOnly = true; Type = "forking"; - RuntimeDirectory = "/run/meguca"; + User = "meguca"; + Group = "meguca"; + RuntimeDirectory = "meguca"; ExecStop = "${pkgs.meguca}/bin/meguca stop"; }; }; + + users = { + extraUsers.meguca = { + description = "meguca server service user"; + home = cfg.baseDir; + createHome = true; + group = "meguca"; + uid = config.ids.uids.meguca; + }; + + extraGroups.meguca = { + gid = config.ids.gids.meguca; + members = [ "meguca" ]; + }; + }; }; - meta.maintainers = [ maintainers.chiiruno ]; + meta.maintainers = with maintainers; [ chiiruno ]; }