pump.io service: init
Pump.io runs its web server as a standalone service listening on 443. It's also possible to put the service behind a HTTP reverse proxy.
This commit is contained in:
parent
69b0661fa9
commit
b13b9489ad
@ -237,6 +237,7 @@
|
||||
calibre-server = 213;
|
||||
heapster = 214;
|
||||
bepasty = 215;
|
||||
pumpio = 216;
|
||||
|
||||
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
|
||||
|
||||
@ -451,6 +452,7 @@
|
||||
xtreemfs = 212;
|
||||
calibre-server = 213;
|
||||
bepasty = 215;
|
||||
pumpio = 216;
|
||||
|
||||
# When adding a gid, make sure it doesn't match an existing
|
||||
# uid. Users and groups with the same name should have equal
|
||||
|
@ -401,6 +401,7 @@
|
||||
./services/ttys/agetty.nix
|
||||
./services/ttys/gpm.nix
|
||||
./services/ttys/kmscon.nix
|
||||
./services/web-apps/pump.io.nix
|
||||
./services/web-servers/apache-httpd/default.nix
|
||||
./services/web-servers/fcgiwrap.nix
|
||||
./services/web-servers/jboss/default.nix
|
||||
|
364
nixos/modules/services/web-apps/pump.io.nix
Normal file
364
nixos/modules/services/web-apps/pump.io.nix
Normal file
@ -0,0 +1,364 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.pumpio;
|
||||
dataDir = "/var/lib/pump.io";
|
||||
user = "pumpio";
|
||||
|
||||
configOptions = {
|
||||
driver = if cfg.driver == "disk" then null else cfg.driver;
|
||||
params = ({ } //
|
||||
(if cfg.driver == "disk" then {
|
||||
dir = dataDir;
|
||||
} else { }) //
|
||||
(if cfg.driver == "mongodb" || cfg.driver == "redis" then {
|
||||
host = cfg.dbHost;
|
||||
port = cfg.dbPort;
|
||||
dbname = cfg.dbName;
|
||||
dbuser = cfg.dbUser;
|
||||
dbpass = cfg.dbPassword;
|
||||
} else { }) //
|
||||
(if cfg.driver == "memcached" then {
|
||||
host = cfg.dbHost;
|
||||
port = cfg.dbPort;
|
||||
} else { }) //
|
||||
cfg.driverParams);
|
||||
|
||||
secret = cfg.secret;
|
||||
|
||||
address = cfg.address;
|
||||
port = cfg.port;
|
||||
|
||||
noweb = false;
|
||||
urlPort = cfg.urlPort;
|
||||
hostname = cfg.hostname;
|
||||
favicon = cfg.favicon;
|
||||
|
||||
site = cfg.site;
|
||||
owner = cfg.owner;
|
||||
ownerURL = cfg.ownerURL;
|
||||
|
||||
key = cfg.sslKey;
|
||||
cert = cfg.sslCert;
|
||||
bounce = false;
|
||||
|
||||
spamhost = cfg.spamHost;
|
||||
spamclientid = cfg.spamClientId;
|
||||
spamclientsecret = cfg.spamClientSecret;
|
||||
|
||||
requireEmail = cfg.requireEmail;
|
||||
smtpserver = cfg.smtpHost;
|
||||
smtpport = cfg.smtpPort;
|
||||
smtpuser = cfg.smtpUser;
|
||||
smtppass = cfg.smtpPassword;
|
||||
smtpusessl = cfg.smtpUseSSL;
|
||||
smtpfrom = cfg.smtpFrom;
|
||||
|
||||
nologger = false;
|
||||
uploaddir = "${dataDir}/uploads";
|
||||
debugClient = false;
|
||||
firehose = cfg.firehose;
|
||||
disableRegistration = cfg.disableRegistration;
|
||||
} //
|
||||
(if cfg.port < 1024 then {
|
||||
serverUser = user; # have pump.io listen then drop privileges
|
||||
} else { }) //
|
||||
cfg.extraConfig;
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
options = {
|
||||
|
||||
services.pumpio = {
|
||||
|
||||
enable = mkEnableOption "Pump.io social streams server";
|
||||
|
||||
secret = mkOption {
|
||||
type = types.str;
|
||||
example = "my dog has fleas";
|
||||
description = ''
|
||||
A session-generating secret, server-wide password. Warning:
|
||||
this is stored in cleartext in the Nix store!
|
||||
'';
|
||||
};
|
||||
|
||||
site = mkOption {
|
||||
type = types.str;
|
||||
example = "Awesome Sauce";
|
||||
description = "Name of the server";
|
||||
};
|
||||
|
||||
owner = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
example = "Awesome Inc.";
|
||||
description = "Name of owning entity, if you want to link to it.";
|
||||
};
|
||||
|
||||
ownerURL = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
example = "https://pump.io";
|
||||
description = "URL of owning entity, if you want to link to it.";
|
||||
};
|
||||
|
||||
address = mkOption {
|
||||
type = types.str;
|
||||
default = "localhost";
|
||||
description = ''
|
||||
Web server listen address.
|
||||
'';
|
||||
};
|
||||
|
||||
port = mkOption {
|
||||
type = types.int;
|
||||
default = 31337;
|
||||
description = ''
|
||||
Port to listen on. Defaults to 31337, which is suitable for
|
||||
running behind a reverse proxy. For a standalone server,
|
||||
use 443.
|
||||
'';
|
||||
};
|
||||
|
||||
hostname = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
The hostname of the server, used for generating
|
||||
URLs. Defaults to "localhost" which doesn't do much for you.
|
||||
'';
|
||||
};
|
||||
|
||||
urlPort = mkOption {
|
||||
type = types.int;
|
||||
default = 443;
|
||||
description = ''
|
||||
Port to use for generating URLs. This basically has to be
|
||||
either 80 or 443 because the host-meta and Webfinger
|
||||
protocols don't make any provision for HTTP/HTTPS servers
|
||||
running on other ports.
|
||||
'';
|
||||
};
|
||||
|
||||
favicon = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
description = ''
|
||||
Local filesystem path to the favicon.ico file to use. This
|
||||
will be served as "/favicon.ico" by the server.
|
||||
'';
|
||||
};
|
||||
|
||||
sslKey = mkOption {
|
||||
type = types.path;
|
||||
example = "${dataDir}/myserver.key";
|
||||
default = "";
|
||||
description = ''
|
||||
The path to the server certificate private key. The
|
||||
certificate is required, but it can be self-signed.
|
||||
'';
|
||||
};
|
||||
|
||||
sslCert = mkOption {
|
||||
type = types.path;
|
||||
example = "${dataDir}/myserver.crt";
|
||||
default = "";
|
||||
description = ''
|
||||
The path to the server certificate. The certificate is
|
||||
required, but it can be self-signed.
|
||||
'';
|
||||
};
|
||||
|
||||
firehose = mkOption {
|
||||
type = types.str;
|
||||
default = "ofirehose.com";
|
||||
description = ''
|
||||
Firehose host running the ofirehose software. Defaults to
|
||||
"ofirehose.com". Public notices will be ping this firehose
|
||||
server and from there go out to search engines and the
|
||||
world. If you want to disconnect from the public web, set
|
||||
this to something falsy.
|
||||
'';
|
||||
};
|
||||
|
||||
disableRegistration = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Disables registering new users on the site through the Web
|
||||
or the API.
|
||||
'';
|
||||
};
|
||||
|
||||
requireEmail = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Require an e-mail address to register.";
|
||||
};
|
||||
|
||||
extraConfig = mkOption {
|
||||
default = { };
|
||||
description = ''
|
||||
Extra configuration options which are serialized to json and added
|
||||
to the pump.io.json config file.
|
||||
'';
|
||||
};
|
||||
|
||||
driver = mkOption {
|
||||
type = types.enum [ "mongodb" "disk" "lrucache" "memcached" "redis" ];
|
||||
default = "mongodb";
|
||||
description = "Type of database. Corresponds to a nodejs databank driver.";
|
||||
};
|
||||
|
||||
driverParams = mkOption {
|
||||
default = { };
|
||||
description = "Extra parameters for the driver.";
|
||||
};
|
||||
|
||||
dbHost = mkOption {
|
||||
type = types.str;
|
||||
default = "localhost";
|
||||
description = "The database host to connect to.";
|
||||
};
|
||||
|
||||
dbPort = mkOption {
|
||||
type = types.int;
|
||||
default = 27017;
|
||||
description = "The port that the database is listening on.";
|
||||
};
|
||||
|
||||
dbName = mkOption {
|
||||
type = types.str;
|
||||
default = "pumpio";
|
||||
description = "The name of the database to use.";
|
||||
};
|
||||
|
||||
dbUser = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
The username. Defaults to null, meaning no authentication.
|
||||
'';
|
||||
};
|
||||
|
||||
dbPassword = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
The password corresponding to dbUser. Warning: this is
|
||||
stored in cleartext in the Nix store!
|
||||
'';
|
||||
};
|
||||
|
||||
smtpHost = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
example = "localhost";
|
||||
description = ''
|
||||
Server to use for sending transactional email. If it's not
|
||||
set up, no email is sent and features like password recovery
|
||||
and email notification won't work.
|
||||
'';
|
||||
};
|
||||
|
||||
smtpPort = mkOption {
|
||||
type = types.int;
|
||||
default = 25;
|
||||
description = ''
|
||||
Port to connect to on SMTP server.
|
||||
'';
|
||||
};
|
||||
|
||||
smtpUser = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
Username to use to connect to SMTP server. Might not be
|
||||
necessary for some servers.
|
||||
'';
|
||||
};
|
||||
|
||||
smtpPassword = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
Password to use to connect to SMTP server. Might not be
|
||||
necessary for some servers. Warning: this is stored in
|
||||
cleartext in the Nix store!
|
||||
'';
|
||||
};
|
||||
|
||||
smtpUseSSL = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Only use SSL with the SMTP server. By default, a SSL
|
||||
connection is negotiated using TLS. You may need to change
|
||||
the smtpPort value if you set this.
|
||||
'';
|
||||
};
|
||||
|
||||
smtpFrom = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
Email address to use in the "From:" header of outgoing
|
||||
notifications. Defaults to 'no-reply@' plus the site
|
||||
hostname.
|
||||
'';
|
||||
};
|
||||
|
||||
spamHost = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
Host running activityspam software to use to test updates
|
||||
for spam.
|
||||
'';
|
||||
};
|
||||
spamClientId = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = "OAuth pair for spam server.";
|
||||
};
|
||||
spamClientSecret = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = ''
|
||||
OAuth pair for spam server. Warning: this is
|
||||
stored in cleartext in the Nix store!
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
systemd.services."pump.io" =
|
||||
{ description = "pump.io social network stream server";
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig.ExecStart = "${pkgs.pumpio}/bin/pump -c /etc/pump.io.json";
|
||||
serviceConfig.User = if cfg.port < 1024 then "root" else user;
|
||||
serviceConfig.Group = user;
|
||||
};
|
||||
|
||||
environment.etc."pump.io.json" = {
|
||||
mode = "0440";
|
||||
gid = config.ids.gids.pumpio;
|
||||
text = builtins.toJSON configOptions;
|
||||
};
|
||||
|
||||
users.extraGroups.pumpio.gid = config.ids.gids.pumpio;
|
||||
users.extraUsers.pumpio = {
|
||||
group = "pumpio";
|
||||
uid = config.ids.uids.pumpio;
|
||||
description = "Pump.io user";
|
||||
home = dataDir;
|
||||
createHome = true;
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in New Issue
Block a user