pump.io service: init
Pump.io runs its web server as a standalone service listening on 443. It's also possible to put the service behind a HTTP reverse proxy.
This commit is contained in:
parent
69b0661fa9
commit
b13b9489ad
@ -237,6 +237,7 @@
|
|||||||
calibre-server = 213;
|
calibre-server = 213;
|
||||||
heapster = 214;
|
heapster = 214;
|
||||||
bepasty = 215;
|
bepasty = 215;
|
||||||
|
pumpio = 216;
|
||||||
|
|
||||||
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
|
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
|
||||||
|
|
||||||
@ -451,6 +452,7 @@
|
|||||||
xtreemfs = 212;
|
xtreemfs = 212;
|
||||||
calibre-server = 213;
|
calibre-server = 213;
|
||||||
bepasty = 215;
|
bepasty = 215;
|
||||||
|
pumpio = 216;
|
||||||
|
|
||||||
# When adding a gid, make sure it doesn't match an existing
|
# When adding a gid, make sure it doesn't match an existing
|
||||||
# uid. Users and groups with the same name should have equal
|
# uid. Users and groups with the same name should have equal
|
||||||
|
@ -401,6 +401,7 @@
|
|||||||
./services/ttys/agetty.nix
|
./services/ttys/agetty.nix
|
||||||
./services/ttys/gpm.nix
|
./services/ttys/gpm.nix
|
||||||
./services/ttys/kmscon.nix
|
./services/ttys/kmscon.nix
|
||||||
|
./services/web-apps/pump.io.nix
|
||||||
./services/web-servers/apache-httpd/default.nix
|
./services/web-servers/apache-httpd/default.nix
|
||||||
./services/web-servers/fcgiwrap.nix
|
./services/web-servers/fcgiwrap.nix
|
||||||
./services/web-servers/jboss/default.nix
|
./services/web-servers/jboss/default.nix
|
||||||
|
364
nixos/modules/services/web-apps/pump.io.nix
Normal file
364
nixos/modules/services/web-apps/pump.io.nix
Normal file
@ -0,0 +1,364 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.services.pumpio;
|
||||||
|
dataDir = "/var/lib/pump.io";
|
||||||
|
user = "pumpio";
|
||||||
|
|
||||||
|
configOptions = {
|
||||||
|
driver = if cfg.driver == "disk" then null else cfg.driver;
|
||||||
|
params = ({ } //
|
||||||
|
(if cfg.driver == "disk" then {
|
||||||
|
dir = dataDir;
|
||||||
|
} else { }) //
|
||||||
|
(if cfg.driver == "mongodb" || cfg.driver == "redis" then {
|
||||||
|
host = cfg.dbHost;
|
||||||
|
port = cfg.dbPort;
|
||||||
|
dbname = cfg.dbName;
|
||||||
|
dbuser = cfg.dbUser;
|
||||||
|
dbpass = cfg.dbPassword;
|
||||||
|
} else { }) //
|
||||||
|
(if cfg.driver == "memcached" then {
|
||||||
|
host = cfg.dbHost;
|
||||||
|
port = cfg.dbPort;
|
||||||
|
} else { }) //
|
||||||
|
cfg.driverParams);
|
||||||
|
|
||||||
|
secret = cfg.secret;
|
||||||
|
|
||||||
|
address = cfg.address;
|
||||||
|
port = cfg.port;
|
||||||
|
|
||||||
|
noweb = false;
|
||||||
|
urlPort = cfg.urlPort;
|
||||||
|
hostname = cfg.hostname;
|
||||||
|
favicon = cfg.favicon;
|
||||||
|
|
||||||
|
site = cfg.site;
|
||||||
|
owner = cfg.owner;
|
||||||
|
ownerURL = cfg.ownerURL;
|
||||||
|
|
||||||
|
key = cfg.sslKey;
|
||||||
|
cert = cfg.sslCert;
|
||||||
|
bounce = false;
|
||||||
|
|
||||||
|
spamhost = cfg.spamHost;
|
||||||
|
spamclientid = cfg.spamClientId;
|
||||||
|
spamclientsecret = cfg.spamClientSecret;
|
||||||
|
|
||||||
|
requireEmail = cfg.requireEmail;
|
||||||
|
smtpserver = cfg.smtpHost;
|
||||||
|
smtpport = cfg.smtpPort;
|
||||||
|
smtpuser = cfg.smtpUser;
|
||||||
|
smtppass = cfg.smtpPassword;
|
||||||
|
smtpusessl = cfg.smtpUseSSL;
|
||||||
|
smtpfrom = cfg.smtpFrom;
|
||||||
|
|
||||||
|
nologger = false;
|
||||||
|
uploaddir = "${dataDir}/uploads";
|
||||||
|
debugClient = false;
|
||||||
|
firehose = cfg.firehose;
|
||||||
|
disableRegistration = cfg.disableRegistration;
|
||||||
|
} //
|
||||||
|
(if cfg.port < 1024 then {
|
||||||
|
serverUser = user; # have pump.io listen then drop privileges
|
||||||
|
} else { }) //
|
||||||
|
cfg.extraConfig;
|
||||||
|
|
||||||
|
in
|
||||||
|
|
||||||
|
{
|
||||||
|
options = {
|
||||||
|
|
||||||
|
services.pumpio = {
|
||||||
|
|
||||||
|
enable = mkEnableOption "Pump.io social streams server";
|
||||||
|
|
||||||
|
secret = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
example = "my dog has fleas";
|
||||||
|
description = ''
|
||||||
|
A session-generating secret, server-wide password. Warning:
|
||||||
|
this is stored in cleartext in the Nix store!
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
site = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
example = "Awesome Sauce";
|
||||||
|
description = "Name of the server";
|
||||||
|
};
|
||||||
|
|
||||||
|
owner = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "";
|
||||||
|
example = "Awesome Inc.";
|
||||||
|
description = "Name of owning entity, if you want to link to it.";
|
||||||
|
};
|
||||||
|
|
||||||
|
ownerURL = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "";
|
||||||
|
example = "https://pump.io";
|
||||||
|
description = "URL of owning entity, if you want to link to it.";
|
||||||
|
};
|
||||||
|
|
||||||
|
address = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "localhost";
|
||||||
|
description = ''
|
||||||
|
Web server listen address.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
port = mkOption {
|
||||||
|
type = types.int;
|
||||||
|
default = 31337;
|
||||||
|
description = ''
|
||||||
|
Port to listen on. Defaults to 31337, which is suitable for
|
||||||
|
running behind a reverse proxy. For a standalone server,
|
||||||
|
use 443.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
hostname = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
description = ''
|
||||||
|
The hostname of the server, used for generating
|
||||||
|
URLs. Defaults to "localhost" which doesn't do much for you.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
urlPort = mkOption {
|
||||||
|
type = types.int;
|
||||||
|
default = 443;
|
||||||
|
description = ''
|
||||||
|
Port to use for generating URLs. This basically has to be
|
||||||
|
either 80 or 443 because the host-meta and Webfinger
|
||||||
|
protocols don't make any provision for HTTP/HTTPS servers
|
||||||
|
running on other ports.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
favicon = mkOption {
|
||||||
|
type = types.nullOr types.path;
|
||||||
|
default = null;
|
||||||
|
description = ''
|
||||||
|
Local filesystem path to the favicon.ico file to use. This
|
||||||
|
will be served as "/favicon.ico" by the server.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
sslKey = mkOption {
|
||||||
|
type = types.path;
|
||||||
|
example = "${dataDir}/myserver.key";
|
||||||
|
default = "";
|
||||||
|
description = ''
|
||||||
|
The path to the server certificate private key. The
|
||||||
|
certificate is required, but it can be self-signed.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
sslCert = mkOption {
|
||||||
|
type = types.path;
|
||||||
|
example = "${dataDir}/myserver.crt";
|
||||||
|
default = "";
|
||||||
|
description = ''
|
||||||
|
The path to the server certificate. The certificate is
|
||||||
|
required, but it can be self-signed.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
firehose = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "ofirehose.com";
|
||||||
|
description = ''
|
||||||
|
Firehose host running the ofirehose software. Defaults to
|
||||||
|
"ofirehose.com". Public notices will be ping this firehose
|
||||||
|
server and from there go out to search engines and the
|
||||||
|
world. If you want to disconnect from the public web, set
|
||||||
|
this to something falsy.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
disableRegistration = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = ''
|
||||||
|
Disables registering new users on the site through the Web
|
||||||
|
or the API.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
requireEmail = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = "Require an e-mail address to register.";
|
||||||
|
};
|
||||||
|
|
||||||
|
extraConfig = mkOption {
|
||||||
|
default = { };
|
||||||
|
description = ''
|
||||||
|
Extra configuration options which are serialized to json and added
|
||||||
|
to the pump.io.json config file.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
driver = mkOption {
|
||||||
|
type = types.enum [ "mongodb" "disk" "lrucache" "memcached" "redis" ];
|
||||||
|
default = "mongodb";
|
||||||
|
description = "Type of database. Corresponds to a nodejs databank driver.";
|
||||||
|
};
|
||||||
|
|
||||||
|
driverParams = mkOption {
|
||||||
|
default = { };
|
||||||
|
description = "Extra parameters for the driver.";
|
||||||
|
};
|
||||||
|
|
||||||
|
dbHost = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "localhost";
|
||||||
|
description = "The database host to connect to.";
|
||||||
|
};
|
||||||
|
|
||||||
|
dbPort = mkOption {
|
||||||
|
type = types.int;
|
||||||
|
default = 27017;
|
||||||
|
description = "The port that the database is listening on.";
|
||||||
|
};
|
||||||
|
|
||||||
|
dbName = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "pumpio";
|
||||||
|
description = "The name of the database to use.";
|
||||||
|
};
|
||||||
|
|
||||||
|
dbUser = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
description = ''
|
||||||
|
The username. Defaults to null, meaning no authentication.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
dbPassword = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
description = ''
|
||||||
|
The password corresponding to dbUser. Warning: this is
|
||||||
|
stored in cleartext in the Nix store!
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
smtpHost = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
example = "localhost";
|
||||||
|
description = ''
|
||||||
|
Server to use for sending transactional email. If it's not
|
||||||
|
set up, no email is sent and features like password recovery
|
||||||
|
and email notification won't work.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
smtpPort = mkOption {
|
||||||
|
type = types.int;
|
||||||
|
default = 25;
|
||||||
|
description = ''
|
||||||
|
Port to connect to on SMTP server.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
smtpUser = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
description = ''
|
||||||
|
Username to use to connect to SMTP server. Might not be
|
||||||
|
necessary for some servers.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
smtpPassword = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
description = ''
|
||||||
|
Password to use to connect to SMTP server. Might not be
|
||||||
|
necessary for some servers. Warning: this is stored in
|
||||||
|
cleartext in the Nix store!
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
smtpUseSSL = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = ''
|
||||||
|
Only use SSL with the SMTP server. By default, a SSL
|
||||||
|
connection is negotiated using TLS. You may need to change
|
||||||
|
the smtpPort value if you set this.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
smtpFrom = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
description = ''
|
||||||
|
Email address to use in the "From:" header of outgoing
|
||||||
|
notifications. Defaults to 'no-reply@' plus the site
|
||||||
|
hostname.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
spamHost = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
description = ''
|
||||||
|
Host running activityspam software to use to test updates
|
||||||
|
for spam.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
spamClientId = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
description = "OAuth pair for spam server.";
|
||||||
|
};
|
||||||
|
spamClientSecret = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
description = ''
|
||||||
|
OAuth pair for spam server. Warning: this is
|
||||||
|
stored in cleartext in the Nix store!
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
systemd.services."pump.io" =
|
||||||
|
{ description = "pump.io social network stream server";
|
||||||
|
after = [ "network.target" ];
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
serviceConfig.ExecStart = "${pkgs.pumpio}/bin/pump -c /etc/pump.io.json";
|
||||||
|
serviceConfig.User = if cfg.port < 1024 then "root" else user;
|
||||||
|
serviceConfig.Group = user;
|
||||||
|
};
|
||||||
|
|
||||||
|
environment.etc."pump.io.json" = {
|
||||||
|
mode = "0440";
|
||||||
|
gid = config.ids.gids.pumpio;
|
||||||
|
text = builtins.toJSON configOptions;
|
||||||
|
};
|
||||||
|
|
||||||
|
users.extraGroups.pumpio.gid = config.ids.gids.pumpio;
|
||||||
|
users.extraUsers.pumpio = {
|
||||||
|
group = "pumpio";
|
||||||
|
uid = config.ids.uids.pumpio;
|
||||||
|
description = "Pump.io user";
|
||||||
|
home = dataDir;
|
||||||
|
createHome = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user