nixos/glance: init module

nixos/doc/manual/release-notes/rl-2411.section.md

@@ -25,6 +25,8 @@
 
 - [Playerctld](https://github.com/altdesktop/playerctl), a daemon to track media player activity. Available as [services.playerctld](option.html#opt-services.playerctld).
 
+- [Glance](https://github.com/glanceapp/glance), a self-hosted dashboard that puts all your feeds in one place. Available as [services.glance](option.html#opt-services.glance).
+
 ## Backward Incompatibilities {#sec-release-24.11-incompatibilities}
 
 - `transmission` package has been aliased with a `trace` warning to `transmission_3`. Since [Transmission 4 has been released last year](https://github.com/transmission/transmission/releases/tag/4.0.0), and Transmission 3 will eventually go away, it was decided perform this warning alias to make people aware of the new version. The `services.transmission.package` defaults to `transmission_3` as well because the upgrade can cause data loss in certain specific usage patterns (examples: [#5153](https://github.com/transmission/transmission/issues/5153), [#6796](https://github.com/transmission/transmission/issues/6796)). Please make sure to back up to your data directory per your usage:

nixos/modules/module-list.nix

@@ -1379,6 +1379,7 @@
   ./services/web-apps/freshrss.nix
   ./services/web-apps/galene.nix
   ./services/web-apps/gerrit.nix
+  ./services/web-apps/glance.nix
   ./services/web-apps/gotify-server.nix
   ./services/web-apps/gotosocial.nix
   ./services/web-apps/grocy.nix

nixos/modules/services/web-apps/glance.md

@@ -0,0 +1,39 @@
+# Glance {#module-services-glance}
+
+Glance is a self-hosted dashboard that puts all your feeds in one place.
+
+Visit [the Glance project page](https://github.com/glanceapp/glance) to learn
+more about it.
+
+## Quickstart {#module-services-glance-quickstart}
+
+Checkout the [configuration docs](https://github.com/glanceapp/glance/blob/main/docs/configuration.md) to learn more.
+Use the following configuration to start a public instance of Glance locally:
+
+```nix
+{
+  services.glance = {
+    enable = true;
+    settings = {
+      pages = [
+        {
+          name = "Home";
+          columns = [
+            {
+              size = "full";
+              widgets = [
+                { type = "calendar"; }
+                {
+                  type = "weather";
+                  location = "Nivelles, Belgium";
+                }
+              ];
+            }
+          ];
+        }
+      ];
+    };
+    openFirewall = true;
+  };
+}
+```

nixos/modules/services/web-apps/glance.nix

@@ -0,0 +1,141 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.services.glance;
+
+  inherit (lib)
+    mkEnableOption
+    mkPackageOption
+    mkOption
+    mkIf
+    getExe
+    types
+    ;
+
+  settingsFormat = pkgs.formats.yaml { };
+in
+{
+  options.services.glance = {
+    enable = mkEnableOption "glance";
+    package = mkPackageOption pkgs "glance" { };
+
+    settings = mkOption {
+      type = types.submodule {
+        freeformType = settingsFormat.type;
+        options = {
+          server = {
+            host = mkOption {
+              description = "Glance bind address";
+              default = "127.0.0.1";
+              example = "0.0.0.0";
+              type = types.str;
+            };
+            port = mkOption {
+              description = "Glance port to listen on";
+              default = 8080;
+              example = 5678;
+              type = types.port;
+            };
+          };
+          pages = mkOption {
+            type = settingsFormat.type;
+            description = ''
+              List of pages to be present on the dashboard.
+
+              See <https://github.com/glanceapp/glance/blob/main/docs/configuration.md#pages--columns>
+            '';
+            default = [
+              {
+                name = "Calendar";
+                columns = [
+                  {
+                    size = "full";
+                    widgets = [ { type = "calendar"; } ];
+                  }
+                ];
+              }
+            ];
+            example = [
+              {
+                name = "Home";
+                columns = [
+                  {
+                    size = "full";
+                    widgets = [
+                      { type = "calendar"; }
+                      {
+                        type = "weather";
+                        location = "Nivelles, Belgium";
+                      }
+                    ];
+                  }
+                ];
+              }
+            ];
+          };
+        };
+      };
+      default = { };
+      description = ''
+        Configuration written to a yaml file that is read by glance. See
+        <https://github.com/glanceapp/glance/blob/main/docs/configuration.md>
+        for more.
+      '';
+    };
+
+    openFirewall = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        Whether to open the firewall for Glance.
+        This adds `services.glance.settings.server.port` to `networking.firewall.allowedTCPPorts`.
+      '';
+    };
+  };
+
+  config = mkIf cfg.enable {
+    systemd.services.glance = {
+      description = "Glance feed dashboard server";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+
+      serviceConfig = {
+        ExecStart =
+          let
+            glance-yaml = settingsFormat.generate "glance.yaml" cfg.settings;
+          in
+          "${getExe cfg.package} --config ${glance-yaml}";
+        WorkingDirectory = "/var/lib/glance";
+        StateDirectory = "glance";
+        RuntimeDirectory = "glance";
+        RuntimeDirectoryMode = "0755";
+        PrivateTmp = true;
+        DynamicUser = true;
+        DevicePolicy = "closed";
+        LockPersonality = true;
+        MemoryDenyWriteExecute = true;
+        PrivateUsers = true;
+        ProtectHome = true;
+        ProtectHostname = true;
+        ProtectKernelLogs = true;
+        ProtectKernelModules = true;
+        ProtectKernelTunables = true;
+        ProtectControlGroups = true;
+        ProcSubset = "pid";
+        RestrictNamespaces = true;
+        RestrictRealtime = true;
+        SystemCallArchitectures = "native";
+        UMask = "0077";
+      };
+    };
+
+    networking.firewall = mkIf cfg.openFirewall { allowedTCPPorts = [ cfg.settings.server.port ]; };
+  };
+
+  meta.doc = ./glance.md;
+  meta.maintainers = [ lib.maintainers.drupol ];
+}

nixos/tests/all-tests.nix

@@ -361,6 +361,7 @@ in {
   gitlab = runTest ./gitlab.nix;
   gitolite = handleTest ./gitolite.nix {};
   gitolite-fcgiwrap = handleTest ./gitolite-fcgiwrap.nix {};
+  glance = runTest ./glance.nix;
   glusterfs = handleTest ./glusterfs.nix {};
   gnome = handleTest ./gnome.nix {};
   gnome-extensions = handleTest ./gnome-extensions.nix {};

nixos/tests/glance.nix

@@ -0,0 +1,36 @@
+{ lib, ... }:
+
+{
+  name = "glance";
+
+  nodes = {
+    machine_default =
+      { pkgs, ... }:
+      {
+        services.glance = {
+          enable = true;
+        };
+      };
+
+    machine_custom_port =
+      { pkgs, ... }:
+      {
+        services.glance = {
+          enable = true;
+          settings.server.port = 5678;
+        };
+      };
+  };
+
+  testScript = ''
+    machine_default.start()
+    machine_default.wait_for_unit("glance.service")
+    machine_default.wait_for_open_port(8080)
+
+    machine_custom_port.start()
+    machine_custom_port.wait_for_unit("glance.service")
+    machine_custom_port.wait_for_open_port(5678)
+  '';
+
+  meta.maintainers = [ lib.maintainers.drupol ];
+}