infinoted service: init

Service module for the dedicated gobby server included in libinfinity
2025-06-14 13:39:15 +03:00 · 2016-11-27 17:23:21 +01:00 · 2016-11-27 17:23:21 +01:00 · bcc9a6ac75
commit bcc9a6ac75
parent bbd39a8057
3 changed files with 161 additions and 0 deletions
--- a/nixos/modules/misc/ids.nix
+++ b/nixos/modules/misc/ids.nix
@ -281,6 +281,7 @@
      ipfs  = 261;
      stanchion = 262;
      riak-cs = 263;
      infinoted = 264;
      # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
@ -532,6 +533,7 @@
      ipfs = 261;
      stanchion = 262;
      riak-cs = 263;
      infinoted = 264;
      # When adding a gid, make sure it doesn't match an existing
      # uid. Users and groups with the same name should have equal
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@ -180,6 +180,7 @@
  ./services/desktops/telepathy.nix
  ./services/development/hoogle.nix
  ./services/editors/emacs.nix
  ./services/editors/infinoted.nix
  ./services/games/factorio.nix
  ./services/games/ghost-one.nix
  ./services/games/minecraft-server.nix
--- a/nixos/modules/services/editors/infinoted.nix
+++ b/nixos/modules/services/editors/infinoted.nix
@ -0,0 +1,158 @@
 { config, lib, pkgs, ... }:
 with lib;
 let
  cfg = config.services.infinoted;
 in {
  options.services.infinoted = {
    enable = mkEnableOption "infinoted";
    package = mkOption {
      type = types.package;
      default = pkgs.libinfinity.override { daemon = true; };
      defaultText = "pkgs.libinfinity.override { daemon = true; }";
      description = ''
        Package providing infinoted
      '';
    };
    keyFile = mkOption {
      type = types.nullOr types.path;
      default = null;
      description = ''
        Private key to use for TLS
      '';
    };
    certificateFile = mkOption {
      type = types.nullOr types.path;
      default = null;
      description = ''
        Server certificate to use for TLS
      '';
    };
    certificateChain = mkOption {
      type = types.nullOr types.path;
      default = null;
      description = ''
        Chain of CA-certificates to which our `certificateFile` is relative.
        Optional for TLS.
      '';
    };
    securityPolicy = mkOption {
      type = types.enum ["no-tls" "allow-tls" "require-tls"];
      default = "require-tls";
      description = ''
        How strictly to enforce clients connection with TLS.
      '';
    };
    port = mkOption {
      type = types.int;
      default = 6523;
      description = ''
        Port to listen on
      '';
    };
    rootDirectory = mkOption {
      type = types.path;
      default = "/var/lib/infinoted/documents/";
      description = ''
        Root of the directory structure to serve
      '';
    };
    plugins = mkOption {
      type = types.listOf types.str;
      default = [ "note-text" "note-chat" "logging" "autosave" ];
      description = ''
        Plugins to enable
      '';
    };
    passwordFile = mkOption {
      type = types.nullOr types.path;
      default = null;
      description = ''
        File to read server-wide password from
      '';
    };
    extraConfig = mkOption {
      type = types.lines;
      default = ''
        [autosave]
        interval=10
      '';
      description = ''
        Additional configuration to append to infinoted.conf
      '';
    };
    user = mkOption {
      type = types.str;
      default = "infinoted";
      description = ''
        What to call the dedicated user under which infinoted is run
      '';
    };
    group = mkOption {
      type = types.str;
      default = "infinoted";
      description = ''
        What to call the primary group of the dedicated user under which infinoted is run
      '';
    };
  };
  config = mkIf (cfg.enable) {
    users.extraUsers = optional (cfg.user == "infinoted")
      { name = "infinoted";
        description = "Infinoted user";
        group = cfg.group;
      };
    users.extraGroups = optional (cfg.group == "infinoted")
      { name = "infinoted";
      };
    systemd.services.infinoted =
      { description = "Gobby Dedicated Server";
        wantedBy = [ "multi-user.target" ];
        after = [ "network.target" ];
        serviceConfig = {
          Type = "simple";
          Restart = "always";
          ExecStart = "${cfg.package}/bin/infinoted-0.6 --config-file=/var/lib/infinoted/infinoted.conf";
          User = cfg.user;
          Group = cfg.group;
          PermissionsStartOnly = true;
        };
        preStart = ''
          mkdir -p /var/lib/infinoted
          install -o ${cfg.user} -g ${cfg.group} -m 0600 /dev/null /var/lib/infinoted/infinoted.conf
          cat >>/var/lib/infinoted/infinoted.conf <<EOF
          [infinoted]
          ${optionalString (cfg.keyFile != null) ''key-file=${cfg.keyFile}''}
          ${optionalString (cfg.certificateFile != null) ''certificate-file=${cfg.certificateFile}''}
          ${optionalString (cfg.certificateChain != null) ''certificate-chain=${cfg.certificateChain}''}
          port=${toString cfg.port}
          security-policy=${cfg.securityPolicy}
          root-directory=${cfg.rootDirectory}
          plugins=${concatStringsSep ";" cfg.plugins}
          ${optionalString (cfg.passwordFile != null) ''password=$(head -n 1 ${cfg.passwordFile})''}
          ${cfg.extraConfig}
          EOF
          install -o ${cfg.user} -g ${cfg.group} -m 0750 -d ${cfg.rootDirectory}
        '';
      };
  };
 }