nixpkgs/nixos/modules/services/security/sks.nix
Michael Weiss a0d3d098ff nixos/sks: Add a webroot option
The module will now, by default, serve a simple webpage via the built-in
web server (instead of displaying an error message).
2018-09-08 16:24:05 +02:00

112 lines
3.4 KiB
Nix

{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.sks;
sksPkg = cfg.package;
in {
meta.maintainers = with maintainers; [ primeos calbrecht jcumming ];
options = {
services.sks = {
enable = mkEnableOption ''
SKS (synchronizing key server for OpenPGP) and start the database
server. You need to create "''${dataDir}/dump/*.gpg" for the initial
import'';
package = mkOption {
default = pkgs.sks;
defaultText = "pkgs.sks";
type = types.package;
description = "Which SKS derivation to use.";
};
dataDir = mkOption {
type = types.path;
default = "/var/db/sks";
example = "/var/lib/sks";
# TODO: The default might change to "/var/lib/sks" as this is more
# common. There's also https://github.com/NixOS/nixpkgs/issues/26256
# and "/var/db" is not FHS compliant (seems to come from BSD).
description = ''
Data directory (-basedir) for SKS, where the database and all
configuration files are located (e.g. KDB, PTree, membership and
sksconf).
'';
};
hkpAddress = mkOption {
default = [ "127.0.0.1" "::1" ];
type = types.listOf types.str;
description = ''
Domain names, IPv4 and/or IPv6 addresses to listen on for HKP
requests.
'';
};
hkpPort = mkOption {
default = 11371;
type = types.ints.u16;
description = "HKP port to listen on.";
};
webroot = mkOption {
type = types.path;
default = "${sksPkg.webSamples}/OpenPKG";
defaultText = "\${pkgs.sks.webSamples}/OpenPKG";
description = ''
Source directory (will be symlinked) for the files the built-in
webserver should serve. SKS (''${pkgs.sks.webSamples}) provides the
following examples: "HTML5", "OpenPKG", and "XHTML+ES". The index
file can be named index.html, index.htm, index.xhtm, or index.xhtml.
Files with the extensions .css, .es, .js, .jpg, .jpeg, .png, or .gif
are supported. Subdirectories and filenames with anything other than
alphanumeric characters and the '.' character will be ignored.
'';
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ sksPkg ];
users.users.sks = {
createHome = true;
home = cfg.dataDir;
isSystemUser = true;
shell = "${pkgs.coreutils}/bin/true";
};
systemd.services = let
hkpAddress = "'" + (builtins.concatStringsSep " " cfg.hkpAddress) + "'" ;
hkpPort = builtins.toString cfg.hkpPort;
home = config.users.users.sks.home;
user = config.users.users.sks.name;
in {
"sks-db" = {
description = "SKS database server";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
preStart = ''
ln -sfT "${cfg.webroot}" web
mkdir -p ${home}/dump
${sksPkg}/bin/sks build ${home}/dump/*.gpg -n 10 -cache 100 || true #*/
${sksPkg}/bin/sks cleandb || true
${sksPkg}/bin/sks pbuild -cache 20 -ptree_cache 70 || true
'';
serviceConfig = {
WorkingDirectory = home;
User = user;
Restart = "always";
ExecStart = "${sksPkg}/bin/sks db -hkp_address ${hkpAddress} -hkp_port ${hkpPort}";
};
};
};
};
}