diff options
author | makefu <github@syntax-fehler.de> | 2015-10-21 14:45:27 +0200 |
---|---|---|
committer | makefu <makefu@syntax-fehler.de> | 2015-11-23 22:10:14 +0100 |
commit | 0bdc5e269be16aeaa946dd136051d8e4d15c6014 (patch) | |
tree | bdddf2a72452521c745a047883baaceff7527208 /nixos | |
parent | 21abe66d78160f49604e564cafdd6f724f44b345 (diff) |
services/misc/bepasty: init at 2015-10-21
This module implements a way to start one or more bepasty servers. It supports configuring the listen address of gunicorn and how bepasty behaves internally. Configuring multiple bepasty servers provides a way to serve pastes externally without authentication and provide creating,listing,deleting pastes interally. nginx can be used to provide access via hostname + listen address. `configuration.nix`: services.bepasty = { enable = true; servers = { internal = { defaultPermissions = "admin,list,create,read,delete"; secretKey = "secret"; bind = "127.0.0.1:8000"; }; external = { defaultPermissions = "read"; bind = "127.0.0.1:8001"; secretKey = "another-secret"; }; }; };
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/misc/ids.nix | 2 | ||||
-rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/misc/bepasty.nix | 151 |
3 files changed, 154 insertions, 0 deletions
diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index b1130c2b124bd..c9810b6fccb14 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -236,6 +236,7 @@ xtreemfs = 212; calibre-server = 213; heapster = 214; + bepasty = 215; # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! @@ -449,6 +450,7 @@ #kibana = 211; xtreemfs = 212; calibre-server = 213; + bepasty = 215; # When adding a gid, make sure it doesn't match an existing # uid. Users and groups with the same name should have equal diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index ecdf2264d698d..387d90737ee1f 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -190,6 +190,7 @@ ./services/mail/spamassassin.nix ./services/misc/apache-kafka.nix ./services/misc/autofs.nix + ./services/misc/bepasty.nix ./services/misc/canto-daemon.nix ./services/misc/calibre-server.nix ./services/misc/cpuminer-cryptonight.nix diff --git a/nixos/modules/services/misc/bepasty.nix b/nixos/modules/services/misc/bepasty.nix new file mode 100644 index 0000000000000..12671cb1b6cd9 --- /dev/null +++ b/nixos/modules/services/misc/bepasty.nix @@ -0,0 +1,151 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + gunicorn = pkgs.pythonPackages.gunicorn; + bepasty = pkgs.pythonPackages.bepasty-server; + gevent = pkgs.pythonPackages.gevent; + python = pkgs.pythonPackages.python; + cfg = config.services.bepasty; + user = "bepasty"; + group = "bepasty"; + default_home = "/var/lib/bepasty"; +in +{ + options.services.bepasty = { + enable = mkEnableOption "Bepasty servers"; + + servers = mkOption { + default = {}; + description = '' + configure a number of bepasty servers which will be started with + gunicorn. + ''; + type = with types ; attrsOf (submodule ({ + + options = { + + bind = mkOption { + type = types.str; + description = '' + Bind address to be used for this server. + ''; + example = "0.0.0.0:8000"; + default = "127.0.0.1:8000"; + }; + + + dataDir = mkOption { + type = types.str; + description = '' + Path to the directory where the pastes will be saved to + ''; + default = default_home+"/data"; + }; + + defaultPermissions = mkOption { + type = types.str; + description = '' + default permissions for all unauthenticated accesses. + ''; + example = "read,create,delete"; + default = "read"; + }; + + extraConfig = mkOption { + type = types.str; + description = '' + Extra configuration for bepasty server to be appended on the + configuration. + see https://bepasty-server.readthedocs.org/en/latest/quickstart.html#configuring-bepasty + for all options. + ''; + default = ""; + example = '' + PERMISSIONS = { + 'myadminsecret': 'admin,list,create,read,delete', + } + MAX_ALLOWED_FILE_SIZE = 5 * 1000 * 1000 + ''; + }; + + secretKey = mkOption { + type = types.str; + description = '' + server secret for safe session cookies, must be set. + ''; + default = ""; + }; + + workDir = mkOption { + type = types.str; + description = '' + Path to the working directory (used for config and pidfile). + Defaults to the users home directory. + ''; + default = default_home; + }; + + }; + })); + }; + }; + + config = mkIf cfg.enable { + environment.systemPackages = [ bepasty ]; + + # creates gunicorn systemd service for each configured server + systemd.services = mapAttrs' (name: server: + nameValuePair ("bepasty-server-${name}-gunicorn") + ({ + description = "Bepasty Server ${name}"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + restartIfChanged = true; + + environment = { + BEPASTY_CONFIG = "${server.workDir}/bepasty-${name}.conf"; + PYTHONPATH= "${bepasty}/lib/${python.libPrefix}/site-packages:${gevent}/lib/${python.libPrefix}/site-packages"; + }; + + serviceConfig = { + Type = "simple"; + PrivateTmp = true; + ExecStartPre = assert server.secretKey != ""; pkgs.writeScript "bepasty-server.${name}-init" '' + #!/bin/sh + mkdir -p "${server.workDir}" + mkdir -p "${server.dataDir}" + chown ${user}:${group} "${server.workDir}" "${server.dataDir}" + cat > ${server.workDir}/bepasty-${name}.conf <<EOF + SITENAME="${name}" + STORAGE_FILESYSTEM_DIRECTORY="${server.dataDir}" + SECRET_KEY="${server.secretKey}" + DEFAULT_PERMISSIONS="${server.defaultPermissions}" + ${server.extraConfig} + EOF + ''; + ExecStart = ''${gunicorn}/bin/gunicorn bepasty.wsgi --name ${name} \ + -u ${user} \ + -g ${group} \ + --workers 3 --log-level=info \ + --bind=${server.bind} \ + --pid ${server.workDir}/gunicorn-${name}.pid \ + -k gevent + ''; + }; + }) + ) cfg.servers; + + users.extraUsers = [{ + uid = config.ids.uids.bepasty; + name = user; + group = group; + home = default_home; + }]; + + users.extraGroups = [{ + name = group; + gid = config.ids.gids.bepasty; + }]; + }; +} |