flake

Francesco Saccone's Nix flake.
git clone https://git.francescosaccone.com/flake
Log | Files | Refs | README | LICENSE

default.nix (2667B)

      1 {
      2   lib,
      3   options,
      4   config,
      5   pkgs,
      6   ...
      7 }:
      8 {
      9   imports = [
     10     ./acme
     11     ./tls
     12   ];
     13 
     14   options.fs.services.quark = {
     15     enable = lib.mkOption {
     16       description = "Whether to enable Quark web server.";
     17       default = false;
     18       type = lib.types.bool;
     19     };
     20     directory = lib.mkOption {
     21       description = "The root directory to statically host.";
     22       default = "/var/www";
     23       type = lib.types.uniq lib.types.path;
     24     };
     25     user = lib.mkOption {
     26       description = "The user to drop privileges to.";
     27       default = "quark";
     28       type = lib.types.uniq lib.types.str;
     29     };
     30     preStart = {
     31       scripts = lib.mkOption {
     32         description = ''
     33           The list of scripts to run before starting the server.
     34         '';
     35         default = [ ];
     36         type = lib.types.listOf lib.types.path;
     37       };
     38       packages = lib.mkOption {
     39         description = "The list of packages required by the scripts.";
     40         default = [ ];
     41         type = lib.types.listOf lib.types.package;
     42       };
     43     };
     44   };
     45 
     46   config = lib.mkIf config.fs.services.quark.enable {
     47     users = {
     48       users = {
     49         quark = {
     50           hashedPassword = "!";
     51           isSystemUser = true;
     52           group = "quark";
     53           createHome = true;
     54           home = "/var/www";
     55         };
     56       };
     57       groups = {
     58         quark = { };
     59       };
     60     };
     61 
     62     systemd = {
     63       services = {
     64         quark =
     65           let
     66             inherit (config.fs.services.quark) preStart;
     67           in
     68           rec {
     69             enable = true;
     70             wantedBy = [ "multi-user.target" ];
     71             after = [ "network.target" ];
     72             path = preStart.packages;
     73             serviceConfig =
     74               let
     75                 script = pkgs.writeShellScriptBin "script" ''
     76                   ${builtins.concatStringsSep "\n" preStart.scripts}
     77 
     78                   ${pkgs.quark}/bin/quark \
     79                     -p 80 \
     80                     -d ${config.fs.services.quark.directory} \
     81                     -u ${config.fs.services.quark.user} \
     82                     -g quark \
     83                     -i index.html
     84                 '';
     85               in
     86               {
     87                 User = "root";
     88                 Group = "root";
     89                 Restart = "on-failure";
     90                 Type = "simple";
     91                 ExecStart = "${script}/bin/script";
     92               };
     93           };
     94       };
     95       paths = {
     96         quark = {
     97           enable = true;
     98           wantedBy = [ "multi-user.target" ];
     99           pathConfig = {
    100             PathModified = [ config.fs.services.quark.directory ];
    101           };
    102         };
    103       };
    104     };
    105 
    106     networking.firewall.allowedTCPPorts = [ 80 ];
    107   };
    108 }