1 files changed, 228 insertions, 0 deletions
diff --git a/modules/etebase-server.nix b/modules/etebase-server.nix
new file mode 100644
index 00000000..341e7fa0
--- /dev/null
+++ b/modules/etebase-server.nix
@@ -0,0 +1,228 @@
+{ config, pkgs, lib, ... }:
+with lib;
+let
+  cfg = config.services.etebase-server;
+  pythonEnv = pkgs.python3.withPackages (ps: with ps;
+    [ etebase-server daphne psycopg2 ]);
+  iniFmt = pkgs.formats.ini {};
+  configIni = iniFmt.generate "etebase-server.ini" cfg.settings;
+  defaultUser = "etebase-server";
+in
+{
+  disabledModules = [ "services/misc/etebase-server.nix" ];
+  imports = [
+    (mkRemovedOptionModule
+      [ "services" "etebase-server" "customIni" ]
+      "Set the option `services.etebase-server.settings' instead.")
+    (mkRemovedOptionModule
+      [ "services" "etebase-server" "database" ]
+      "Set the option `services.etebase-server.settings.database' instead.")
+    (mkRenamedOptionModule
+      [ "services" "etebase-server" "secretFile" ]
+      [ "services" "etebase-server" "settings" "secret_file" ])
+    (mkRenamedOptionModule
+      [ "services" "etebase-server" "host" ]
+      [ "services" "etebase-server" "settings" "allowed_hosts" "allowed_host1" ])
+  ];
+  options = {
+    services.etebase-server = {
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        example = true;
+        description = lib.mdDoc ''
+          Whether to enable the Etebase server.
+          Once enabled you need to create an admin user by invoking the
+          shell command `etebase-server createsuperuser` with
+          the user specified by the `user` option or a superuser.
+          Then you can login and create accounts on your-etebase-server.com/admin
+        '';
+      };
+      dataDir = mkOption {
+        type = types.str;
+        default = "/var/lib/etebase-server";
+        description = lib.mdDoc "Directory to store the Etebase server data.";
+      };
+      port = mkOption {
+        type = with types; nullOr port;
+        default = 8001;
+        description = lib.mdDoc "Port to listen on.";
+      };
+      openFirewall = mkOption {
+        type = types.bool;
+        default = false;
+        description = lib.mdDoc ''
+          Whether to open ports in the firewall for the server.
+        '';
+      };
+      unixSocket = mkOption {
+        type = with types; nullOr str;
+        default = null;
+        description = lib.mdDoc "The path to the socket to bind to.";
+        example = "/run/etebase-server/etebase-server.sock";
+      };
+      settings = mkOption {
+        type = lib.types.submodule {
+          freeformType = iniFmt.type;
+          options = {
+            global = {
+              debug = mkOption {
+                type = types.bool;
+                default = false;
+                description = lib.mdDoc ''
+                  Whether to set django's DEBUG flag.
+                '';
+              };
+              secret_file = mkOption {
+                type = with types; nullOr str;
+                default = null;
+                description = lib.mdDoc ''
+                  The path to a file containing the secret
+                  used as django's SECRET_KEY.
+                '';
+              };
+              static_root = mkOption {
+                type = types.str;
+                default = "${cfg.dataDir}/static";
+                defaultText = literalExpression ''"''${config.services.etebase-server.dataDir}/static"'';
+                description = lib.mdDoc "The directory for static files.";
+              };
+              media_root = mkOption {
+                type = types.str;
+                default = "${cfg.dataDir}/media";
+                defaultText = literalExpression ''"''${config.services.etebase-server.dataDir}/media"'';
+                description = lib.mdDoc "The media directory.";
+              };
+            };
+            allowed_hosts = {
+              allowed_host1 = mkOption {
+                type = types.str;
+                default = "0.0.0.0";
+                example = "localhost";
+                description = lib.mdDoc ''
+                  The main host that is allowed access.
+                '';
+              };
+            };
+            database = {
+              engine = mkOption {
+                type = types.enum [ "django.db.backends.sqlite3" "django.db.backends.postgresql" ];
+                default = "django.db.backends.sqlite3";
+                description = lib.mdDoc "The database engine to use.";
+              };
+              name = mkOption {
+                type = types.str;
+                default = "${cfg.dataDir}/db.sqlite3";
+                defaultText = literalExpression ''"''${config.services.etebase-server.dataDir}/db.sqlite3"'';
+                description = lib.mdDoc "The database name.";
+              };
+            };
+          };
+        };
+        default = {};
+        description = lib.mdDoc ''
+          Configuration for `etebase-server`. Refer to
+          <https://github.com/etesync/server/blob/master/etebase-server.ini.example>
+          and <https://github.com/etesync/server/wiki>
+          for details on supported values.
+        '';
+        example = {
+          global = {
+            debug = true;
+            media_root = "/path/to/media";
+          };
+          allowed_hosts = {
+            allowed_host2 = "localhost";
+          };
+        };
+      };
+      user = mkOption {
+        type = types.str;
+        default = defaultUser;
+        description = lib.mdDoc "User under which Etebase server runs.";
+      };
+    };
+  };
+  config = mkIf cfg.enable {
+    environment.systemPackages = with pkgs; [
+      (runCommand "etebase-server" {
+        nativeBuildInputs = [ makeWrapper ];
+      } ''
+        makeWrapper ${pythonEnv}/bin/etebase-server \
+          $out/bin/etebase-server \
+          --chdir ${escapeShellArg cfg.dataDir} \
+          --prefix ETEBASE_EASY_CONFIG_PATH : "${configIni}"
+      '')
+    ];
+    systemd.tmpfiles.rules = [
+      "d '${cfg.dataDir}' - ${cfg.user} ${config.users.users.${cfg.user}.group} - -"
+    ];
+    systemd.services.etebase-server = {
+      description = "An Etebase (EteSync 2.0) server";
+      after = [ "network.target" "systemd-tmpfiles-setup.service" ];
+      wantedBy = [ "multi-user.target" ];
+      path = [ pythonEnv ];
+      serviceConfig = {
+        User = cfg.user;
+        Restart = "always";
+        WorkingDirectory = cfg.dataDir;
+      };
+      environment = {
+        ETEBASE_EASY_CONFIG_PATH = configIni;
+      };
+      preStart = ''
+        # Auto-migrate on first run or if the package has changed
+        versionFile="${cfg.dataDir}/src-version"
+        if [[ $(cat "$versionFile" 2>/dev/null) != ${pkgs.etebase-server} ]]; then
+          etebase-server migrate --no-input
+          etebase-server collectstatic --no-input --clear
+          echo ${pkgs.etebase-server} > "$versionFile"
+        fi
+      '';
+      script =
+        let
+          networking = if cfg.unixSocket != null
+          then "-u ${cfg.unixSocket}"
+          else "-b 0.0.0.0 -p ${toString cfg.port}";
+        in ''
+          cd "${pythonEnv}/lib/etebase-server";
+          daphne ${networking} \
+            etebase_server.asgi:application
+        '';
+    };
+    users = optionalAttrs (cfg.user == defaultUser) {
+      users.${defaultUser} = {
+        isSystemUser = true;
+        group = defaultUser;
+        home = cfg.dataDir;
+      };
+      groups.${defaultUser} = {};
+    };
+    networking.firewall = mkIf cfg.openFirewall {
+      allowedTCPPorts = [ cfg.port ];
+    };
+  };
+}

diff --git a/modules/etebase-server.nix b/modules/etebase-server.nix new file mode 100644 index 00000000..341e7fa0 --- /dev/null +++ b/modules/etebase-server.nix
@@ -0,0 +1,228 @@
	1	{ config, pkgs, lib, ... }:
	2
	3	with lib;
	4
	5	let
	6	cfg = config.services.etebase-server;
	7
	8	pythonEnv = pkgs.python3.withPackages (ps: with ps;
	9	[ etebase-server daphne psycopg2 ]);
	10
	11	iniFmt = pkgs.formats.ini {};
	12
	13	configIni = iniFmt.generate "etebase-server.ini" cfg.settings;
	14
	15	defaultUser = "etebase-server";
	16	in
	17	{
	18	disabledModules = [ "services/misc/etebase-server.nix" ];
	19
	20	imports = [
	21	(mkRemovedOptionModule
	22	[ "services" "etebase-server" "customIni" ]
	23	"Set the option `services.etebase-server.settings' instead.")
	24	(mkRemovedOptionModule
	25	[ "services" "etebase-server" "database" ]
	26	"Set the option `services.etebase-server.settings.database' instead.")
	27	(mkRenamedOptionModule
	28	[ "services" "etebase-server" "secretFile" ]
	29	[ "services" "etebase-server" "settings" "secret_file" ])
	30	(mkRenamedOptionModule
	31	[ "services" "etebase-server" "host" ]
	32	[ "services" "etebase-server" "settings" "allowed_hosts" "allowed_host1" ])
	33	];
	34
	35	options = {
	36	services.etebase-server = {
	37	enable = mkOption {
	38	type = types.bool;
	39	default = false;
	40	example = true;
	41	description = lib.mdDoc ''
	42	Whether to enable the Etebase server.
	43
	44	Once enabled you need to create an admin user by invoking the
	45	shell command `etebase-server createsuperuser` with
	46	the user specified by the `user` option or a superuser.
	47	Then you can login and create accounts on your-etebase-server.com/admin
	48	'';
	49	};
	50
	51	dataDir = mkOption {
	52	type = types.str;
	53	default = "/var/lib/etebase-server";
	54	description = lib.mdDoc "Directory to store the Etebase server data.";
	55	};
	56
	57	port = mkOption {
	58	type = with types; nullOr port;
	59	default = 8001;
	60	description = lib.mdDoc "Port to listen on.";
	61	};
	62
	63	openFirewall = mkOption {
	64	type = types.bool;
	65	default = false;
	66	description = lib.mdDoc ''
	67	Whether to open ports in the firewall for the server.
	68	'';
	69	};
	70
	71	unixSocket = mkOption {
	72	type = with types; nullOr str;
	73	default = null;
	74	description = lib.mdDoc "The path to the socket to bind to.";
	75	example = "/run/etebase-server/etebase-server.sock";
	76	};
	77
	78	settings = mkOption {
	79	type = lib.types.submodule {
	80	freeformType = iniFmt.type;
	81
	82	options = {
	83	global = {
	84	debug = mkOption {
	85	type = types.bool;
	86	default = false;
	87	description = lib.mdDoc ''
	88	Whether to set django's DEBUG flag.
	89	'';
	90	};
	91	secret_file = mkOption {
	92	type = with types; nullOr str;
	93	default = null;
	94	description = lib.mdDoc ''
	95	The path to a file containing the secret
	96	used as django's SECRET_KEY.
	97	'';
	98	};
	99	static_root = mkOption {
	100	type = types.str;
	101	default = "${cfg.dataDir}/static";
	102	defaultText = literalExpression ''"''${config.services.etebase-server.dataDir}/static"'';
	103	description = lib.mdDoc "The directory for static files.";
	104	};
	105	media_root = mkOption {
	106	type = types.str;
	107	default = "${cfg.dataDir}/media";
	108	defaultText = literalExpression ''"''${config.services.etebase-server.dataDir}/media"'';
	109	description = lib.mdDoc "The media directory.";
	110	};
	111	};
	112	allowed_hosts = {
	113	allowed_host1 = mkOption {
	114	type = types.str;
	115	default = "0.0.0.0";
	116	example = "localhost";
	117	description = lib.mdDoc ''
	118	The main host that is allowed access.
	119	'';
	120	};
	121	};
	122	database = {
	123	engine = mkOption {
	124	type = types.enum [ "django.db.backends.sqlite3" "django.db.backends.postgresql" ];
	125	default = "django.db.backends.sqlite3";
	126	description = lib.mdDoc "The database engine to use.";
	127	};
	128	name = mkOption {
	129	type = types.str;
	130	default = "${cfg.dataDir}/db.sqlite3";
	131	defaultText = literalExpression ''"''${config.services.etebase-server.dataDir}/db.sqlite3"'';
	132	description = lib.mdDoc "The database name.";
	133	};
	134	};
	135	};
	136	};
	137	default = {};
	138	description = lib.mdDoc ''
	139	Configuration for `etebase-server`. Refer to
	140	<https://github.com/etesync/server/blob/master/etebase-server.ini.example>
	141	and <https://github.com/etesync/server/wiki>
	142	for details on supported values.
	143	'';
	144	example = {
	145	global = {
	146	debug = true;
	147	media_root = "/path/to/media";
	148	};
	149	allowed_hosts = {
	150	allowed_host2 = "localhost";
	151	};
	152	};
	153	};
	154
	155	user = mkOption {
	156	type = types.str;
	157	default = defaultUser;
	158	description = lib.mdDoc "User under which Etebase server runs.";
	159	};
	160	};
	161	};
	162
	163	config = mkIf cfg.enable {
	164
	165	environment.systemPackages = with pkgs; [
	166	(runCommand "etebase-server" {
	167	nativeBuildInputs = [ makeWrapper ];
	168	} ''
	169	makeWrapper ${pythonEnv}/bin/etebase-server \
	170	$out/bin/etebase-server \
	171	--chdir ${escapeShellArg cfg.dataDir} \
	172	--prefix ETEBASE_EASY_CONFIG_PATH : "${configIni}"
	173	'')
	174	];
	175
	176	systemd.tmpfiles.rules = [
	177	"d '${cfg.dataDir}' - ${cfg.user} ${config.users.users.${cfg.user}.group} - -"
	178	];
	179
	180	systemd.services.etebase-server = {
	181	description = "An Etebase (EteSync 2.0) server";
	182	after = [ "network.target" "systemd-tmpfiles-setup.service" ];
	183	wantedBy = [ "multi-user.target" ];
	184	path = [ pythonEnv ];
	185	serviceConfig = {
	186	User = cfg.user;
	187	Restart = "always";
	188	WorkingDirectory = cfg.dataDir;
	189	};
	190	environment = {
	191	ETEBASE_EASY_CONFIG_PATH = configIni;
	192	};
	193	preStart = ''
	194	# Auto-migrate on first run or if the package has changed
	195	versionFile="${cfg.dataDir}/src-version"
	196	if [[ $(cat "$versionFile" 2>/dev/null) != ${pkgs.etebase-server} ]]; then
	197	etebase-server migrate --no-input
	198	etebase-server collectstatic --no-input --clear
	199	echo ${pkgs.etebase-server} > "$versionFile"
	200	fi
	201	'';
	202	script =
	203	let
	204	networking = if cfg.unixSocket != null
	205	then "-u ${cfg.unixSocket}"
	206	else "-b 0.0.0.0 -p ${toString cfg.port}";
	207	in ''
	208	cd "${pythonEnv}/lib/etebase-server";
	209	daphne ${networking} \
	210	etebase_server.asgi:application
	211	'';
	212	};
	213
	214	users = optionalAttrs (cfg.user == defaultUser) {
	215	users.${defaultUser} = {
	216	isSystemUser = true;
	217	group = defaultUser;
	218	home = cfg.dataDir;
	219	};
	220
	221	groups.${defaultUser} = {};
	222	};
	223
	224	networking.firewall = mkIf cfg.openFirewall {
	225	allowedTCPPorts = [ cfg.port ];
	226	};
	227	};
	228	}