mirror of
https://github.com/SebastianWendel/nixpkgs.git
synced 2024-09-20 04:19:00 +02:00
nixos/lxd-image-server: init
Co-authored-by: Aaron Andersen <aaron@fosslib.net>
This commit is contained in:
parent
0cecb3303a
commit
e7fd175e97
|
@ -772,6 +772,7 @@
|
|||
./services/networking/libreswan.nix
|
||||
./services/networking/lldpd.nix
|
||||
./services/networking/logmein-hamachi.nix
|
||||
./services/networking/lxd-image-server.nix
|
||||
./services/networking/mailpile.nix
|
||||
./services/networking/magic-wormhole-mailbox-server.nix
|
||||
./services/networking/matterbridge.nix
|
||||
|
|
138
nixos/modules/services/networking/lxd-image-server.nix
Normal file
138
nixos/modules/services/networking/lxd-image-server.nix
Normal file
|
@ -0,0 +1,138 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.lxd-image-server;
|
||||
format = pkgs.formats.toml {};
|
||||
|
||||
location = "/var/www/simplestreams";
|
||||
in
|
||||
{
|
||||
options = {
|
||||
services.lxd-image-server = {
|
||||
enable = mkEnableOption "lxd-image-server";
|
||||
|
||||
group = mkOption {
|
||||
type = types.str;
|
||||
description = "Group assigned to the user and the webroot directory.";
|
||||
default = "nginx";
|
||||
example = "www-data";
|
||||
};
|
||||
|
||||
settings = mkOption {
|
||||
type = format.type;
|
||||
description = ''
|
||||
Configuration for lxd-image-server.
|
||||
|
||||
Example see <link xlink:href="https://github.com/Avature/lxd-image-server/blob/master/config.toml"/>.
|
||||
'';
|
||||
default = {};
|
||||
};
|
||||
|
||||
nginx = {
|
||||
enable = mkEnableOption "nginx";
|
||||
domain = mkOption {
|
||||
type = types.str;
|
||||
description = "Domain to use for nginx virtual host.";
|
||||
example = "images.example.org";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkMerge [
|
||||
(mkIf (cfg.enable) {
|
||||
users.users.lxd-image-server = {
|
||||
isSystemUser = true;
|
||||
group = cfg.group;
|
||||
};
|
||||
users.groups.${cfg.group} = {};
|
||||
|
||||
environment.etc."lxd-image-server/config.toml".source = format.generate "config.toml" cfg.settings;
|
||||
|
||||
services.logrotate.paths.lxd-image-server = {
|
||||
path = "/var/log/lxd-image-server/lxd-image-server.log";
|
||||
frequency = "daily";
|
||||
keep = 21;
|
||||
user = "lxd-image-server";
|
||||
group = cfg.group;
|
||||
extraConfig = ''
|
||||
missingok
|
||||
compress
|
||||
delaycompress
|
||||
copytruncate
|
||||
notifempty
|
||||
'';
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d /var/www/simplestreams 0755 lxd-image-server ${cfg.group}"
|
||||
];
|
||||
|
||||
systemd.services.lxd-image-server = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
|
||||
description = "LXD Image Server";
|
||||
|
||||
script = ''
|
||||
${pkgs.lxd-image-server}/bin/lxd-image-server init
|
||||
${pkgs.lxd-image-server}/bin/lxd-image-server watch
|
||||
'';
|
||||
|
||||
serviceConfig = {
|
||||
User = "lxd-image-server";
|
||||
Group = cfg.group;
|
||||
DynamicUser = true;
|
||||
LogsDirectory = "lxd-image-server";
|
||||
RuntimeDirectory = "lxd-image-server";
|
||||
ExecReload = "${pkgs.lxd-image-server}/bin/lxd-image-server reload";
|
||||
ReadWritePaths = [ location ];
|
||||
};
|
||||
};
|
||||
})
|
||||
# this is seperate so it can be enabled on mirrored hosts
|
||||
(mkIf (cfg.nginx.enable) {
|
||||
# https://github.com/Avature/lxd-image-server/blob/master/resources/nginx/includes/lxd-image-server.pkg.conf
|
||||
services.nginx.virtualHosts = {
|
||||
"${cfg.nginx.domain}" = {
|
||||
forceSSL = true;
|
||||
enableACME = mkDefault true;
|
||||
|
||||
root = location;
|
||||
|
||||
locations = {
|
||||
"/streams/v1/" = {
|
||||
index = "index.json";
|
||||
};
|
||||
|
||||
# Serve json files with content type header application/json
|
||||
"~ \.json$" = {
|
||||
extraConfig = ''
|
||||
add_header Content-Type application/json;
|
||||
'';
|
||||
};
|
||||
|
||||
"~ \.tar.xz$" = {
|
||||
extraConfig = ''
|
||||
add_header Content-Type application/octet-stream;
|
||||
'';
|
||||
};
|
||||
|
||||
"~ \.tar.gz$" = {
|
||||
extraConfig = ''
|
||||
add_header Content-Type application/octet-stream;
|
||||
'';
|
||||
};
|
||||
|
||||
# Deny access to document root and the images folder
|
||||
"~ ^/(images/)?$" = {
|
||||
return = "403";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
})
|
||||
];
|
||||
}
|
Loading…
Reference in a new issue