dandri/server
1
0
Fork 0
mirror of https://github.com/spacebarchat/server.git synced 2026-03-30 13:55:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Clean up nix a little

Browse Source
This commit is contained in:
Rory&
2025-12-29 11:38:11 +01:00
parent 916e6f454a
commit e46d6fc0df
5 changed files with 114 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

109
nix/modules/default/default.nix
View File

@@ -29,37 +29,18 @@ let
);
in
{
imports = [ ./integration-nginx.nix ];
imports = [
./integration-nginx.nix
./secrets.nix
./users.nix
];
options.services.spacebarchat-server =
let
mkEndpointOptions =
defaultHost: defaultPort:
lib.mkOption {
type = lib.types.submodule {
options = {
useSsl = lib.mkEnableOption "Use SSL for this endpoint.";
host = lib.mkOption {
type = lib.types.str;
default = defaultHost;
description = "Host to bind to.";
};
localPort = lib.mkOption {
type = lib.types.port;
default = defaultPort;
description = "Port to bind to.";
};
publicPort = lib.mkOption {
type = lib.types.port;
default = 443;
description = "Public port to use in .well-known, defaults to 443.";
};
};
};
default = { };
};
mkEndpointOptions = import ./options-subtypes/mkEndpointOptions.nix { inherit lib; };
in
{
enable = lib.mkEnableOption "Spacebar server";
enableAdminApi = lib.mkEnableOption "Spacebar server Admin API";
package = lib.mkPackageOption self.packages.${pkgs.stdenv.hostPlatform.system} "spacebar-server" { default = "default"; };
databaseFile = lib.mkOption {
type = lib.types.nullOr lib.types.path;
@@ -84,72 +65,6 @@ in
description = "Path to store CDN files.";
};
cdnSignaturePath = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = "Path to the secret";
};
legacyJwtSecretPath = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = "Path to the secret";
};
mailjetApiKeyPath = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = "Path to the secret";
};
mailjetApiSecretPath = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = "Path to the secret";
};
smtpPasswordPath = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = "Path to the secret";
};
gifApiKeyPath = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = "Path to the secret";
};
rabbitmqHost = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = "Path to the secret";
};
rabbitmqHostPath = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = "Path to the secret";
};
abuseIpDbApiKeyPath = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = "Path to the secret";
};
captchaSecretKeyPath = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = "Path to the secret";
};
captchaSiteKeyPath = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = "Path to the secret";
};
ipdataApiKeyPath = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = "Path to the secret";
};
requestSignaturePath = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = "Path to the secret";
};
extraEnvironment = lib.mkOption {
default = { };
description = ''
@@ -253,7 +168,7 @@ in
"~@privileged"
"@chown" # Required for copying files with FICLONE, apparently.
];
CapabilityBoundingSet=[
CapabilityBoundingSet = [
"~CAP_SYS_ADMIN"
"~CAP_AUDIT_*"
"~CAP_NET_(BIND_SERVICE|BROADCAST|RAW)"
@@ -306,14 +221,6 @@ in
# }
];
users.users.spacebarchat = {
isSystemUser = true;
description = "Spacebar service user";
home = "/var/lib/spacebar";
group = "spacebarchat";
};
users.groups.spacebarchat = { };
systemd.services.spacebar-api = makeServerTsService {
description = "Spacebar Server - API";
environment = builtins.mapAttrs (_: val: builtins.toString val) (

25
nix/modules/default/options-subtypes/mkEndpointOptions.nix Normal file
View File

@@ -0,0 +1,25 @@
{ lib }:
defaultHost: defaultPort:
lib.mkOption {
type = lib.types.submodule {
options = {
useSsl = lib.mkEnableOption "Use SSL for this endpoint.";
host = lib.mkOption {
type = lib.types.str;
default = defaultHost;
description = "Host to bind to.";
};
localPort = lib.mkOption {
type = lib.types.port;
default = defaultPort;
description = "Port to bind to.";
};
publicPort = lib.mkOption {
type = lib.types.port;
default = 443;
description = "Public port to use in .well-known, defaults to 443.";
};
};
};
default = { };
}

70
nix/modules/default/secrets.nix Normal file
View File

@@ -0,0 +1,70 @@
{ lib, ... }:
{
options.services.spacebarchat-server = {
cdnSignaturePath = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = "Path to the secret";
};
legacyJwtSecretPath = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = "Path to the secret";
};
mailjetApiKeyPath = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = "Path to the secret";
};
mailjetApiSecretPath = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = "Path to the secret";
};
smtpPasswordPath = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = "Path to the secret";
};
gifApiKeyPath = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = "Path to the secret";
};
rabbitmqHost = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = "Path to the secret";
};
rabbitmqHostPath = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = "Path to the secret";
};
abuseIpDbApiKeyPath = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = "Path to the secret";
};
captchaSecretKeyPath = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = "Path to the secret";
};
captchaSiteKeyPath = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = "Path to the secret";
};
ipdataApiKeyPath = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = "Path to the secret";
};
requestSignaturePath = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = "Path to the secret";
};
};
}

10
nix/modules/default/users.nix Normal file
View File

@@ -0,0 +1,10 @@
{ ... }:
{
users.users.spacebarchat = {
isSystemUser = true;
description = "Spacebar service user";
home = "/var/lib/spacebar";
group = "spacebarchat";
};
users.groups.spacebarchat = { };
}

1
nix/tests/test-bundle-starts.nix
View File

@@ -23,6 +23,7 @@ in
gatewayEndpoint = sb.mkEndpoint "gw.sb.localhost" 3002 false;
cdnEndpoint = sb.mkEndpoint "cdn.sb.localhost" 3003 false;
nginx.enable = true;
serverName = "sb.localhost";
};
in
lib.trace ("Testing with config: " + builtins.toJSON cfg) cfg;