diff options
author | Pol Dellaiera <pol.dellaiera@protonmail.com> | 2023-08-17 18:08:48 +0200 |
---|---|---|
committer | Pol Dellaiera <pol.dellaiera@protonmail.com> | 2023-08-27 23:43:40 +0200 |
commit | 48de649336a552051afdcc42b007c84cb24dd1b1 (patch) | |
tree | 4eeb0db0127a0ed1675d209c74840099af4c3219 /nixos/modules | |
parent | fcef652da8210d753f85acaf0afb569be4cc40e4 (diff) |
nixos/modules/honk: init
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/web-apps/honk.md | 23 | ||||
-rw-r--r-- | nixos/modules/services/web-apps/honk.nix | 153 |
3 files changed, 177 insertions, 0 deletions
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 0fff271c86841..fa897959622ba 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -1223,6 +1223,7 @@ ./services/web-apps/healthchecks.nix ./services/web-apps/hedgedoc.nix ./services/web-apps/hledger-web.nix + ./services/web-apps/honk.nix ./services/web-apps/icingaweb2/icingaweb2.nix ./services/web-apps/icingaweb2/module-monitoring.nix ./services/web-apps/invidious.nix diff --git a/nixos/modules/services/web-apps/honk.md b/nixos/modules/services/web-apps/honk.md new file mode 100644 index 0000000000000..f34085f7dc52d --- /dev/null +++ b/nixos/modules/services/web-apps/honk.md @@ -0,0 +1,23 @@ +# Honk {#module-services-honk} + +With Honk on NixOS you can quickly configure a complete ActivityPub server with +minimal setup and support costs. + +## Basic usage {#module-services-honk-basic-usage} + +A minimal configuration looks like this: + +```nix +{ + services.honk = { + enable = true; + host = "0.0.0.0"; + port = 8080; + username = "username"; + passwordFile = "/etc/honk/password.txt"; + servername = "honk.example.com"; + }; + + networking.firewall.allowedTCPPorts = [ 8080 ]; +} +``` diff --git a/nixos/modules/services/web-apps/honk.nix b/nixos/modules/services/web-apps/honk.nix new file mode 100644 index 0000000000000..e8718774575b7 --- /dev/null +++ b/nixos/modules/services/web-apps/honk.nix @@ -0,0 +1,153 @@ +{ config +, lib +, pkgs +, ... +}: +let + cfg = config.services.honk; + + honk-initdb-script = cfg: pkgs.writeShellApplication { + name = "honk-initdb-script"; + + runtimeInputs = with pkgs; [ coreutils ]; + + text = '' + PW=$(cat "$CREDENTIALS_DIRECTORY/honk_passwordFile") + + echo -e "${cfg.username}\n''$PW\n${cfg.host}:${toString cfg.port}\n${cfg.servername}" | ${lib.getExe cfg.package} -datadir "$STATE_DIRECTORY" init + ''; + }; +in +{ + options = { + services.honk = { + enable = lib.mkEnableOption (lib.mdDoc "the Honk server"); + package = lib.mkPackageOptionMD pkgs "honk" { }; + + host = lib.mkOption { + default = "127.0.0.1"; + description = lib.mdDoc '' + The host name or IP address the server should listen to. + ''; + type = lib.types.str; + }; + + port = lib.mkOption { + default = 8080; + description = lib.mdDoc '' + The port the server should listen to. + ''; + type = lib.types.port; + }; + + username = lib.mkOption { + description = lib.mdDoc '' + The admin account username. + ''; + type = lib.types.str; + }; + + passwordFile = lib.mkOption { + description = lib.mdDoc '' + Password for admin account. + NOTE: Should be string not a store path, to prevent the password from being world readable + ''; + type = lib.types.path; + }; + + servername = lib.mkOption { + description = lib.mdDoc '' + The server name. + ''; + type = lib.types.str; + }; + + extraJS = lib.mkOption { + default = null; + description = lib.mdDoc '' + An extra JavaScript file to be loaded by the client. + ''; + type = lib.types.nullOr lib.types.path; + }; + + extraCSS = lib.mkOption { + default = null; + description = lib.mdDoc '' + An extra CSS file to be loaded by the client. + ''; + type = lib.types.nullOr lib.types.path; + }; + }; + }; + + config = lib.mkIf cfg.enable { + assertions = [ + { + assertion = cfg.username or "" != ""; + message = '' + You have to define a username for Honk (`services.honk.username`). + ''; + } + { + assertion = cfg.servername or "" != ""; + message = '' + You have to define a servername for Honk (`services.honk.servername`). + ''; + } + ]; + + systemd.services.honk-initdb = { + description = "Honk server database setup"; + requiredBy = [ "honk.service" ]; + before = [ "honk.service" ]; + + serviceConfig = { + LoadCredential = [ + "honk_passwordFile:${cfg.passwordFile}" + ]; + Type = "oneshot"; + StateDirectory = "honk"; + DynamicUser = true; + RemainAfterExit = true; + ExecStart = lib.getExe (honk-initdb-script cfg); + PrivateTmp = true; + }; + + unitConfig = { + ConditionPathExists = [ + # Skip this service if the database already exists + "!$STATE_DIRECTORY/honk.db" + ]; + }; + }; + + systemd.services.honk = { + description = "Honk server"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + bindsTo = [ "honk-initdb.service" ]; + preStart = '' + mkdir -p $STATE_DIRECTORY/views + ${lib.optionalString (cfg.extraJS != null) "ln -fs ${cfg.extraJS} $STATE_DIRECTORY/views/local.js"} + ${lib.optionalString (cfg.extraCSS != null) "ln -fs ${cfg.extraCSS} $STATE_DIRECTORY/views/local.css"} + ${lib.getExe cfg.package} -datadir $STATE_DIRECTORY -viewdir ${cfg.package}/share/honk backup $STATE_DIRECTORY/backup + ${lib.getExe cfg.package} -datadir $STATE_DIRECTORY -viewdir ${cfg.package}/share/honk upgrade + ${lib.getExe cfg.package} -datadir $STATE_DIRECTORY -viewdir ${cfg.package}/share/honk cleanup + ''; + serviceConfig = { + ExecStart = '' + ${lib.getExe cfg.package} -datadir $STATE_DIRECTORY -viewdir ${cfg.package}/share/honk + ''; + StateDirectory = "honk"; + DynamicUser = true; + PrivateTmp = "yes"; + Restart = "on-failure"; + }; + }; + }; + + meta = { + maintainers = with lib.maintainers; [ drupol ]; + doc = ./honk.md; + }; +} |