palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Wiki Activity
nixos-config/modules/services/lektor.nix

181 lines
4.7 KiB
Nix
Raw Blame History

{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.lektor;
in {
options.services.lektor = {
enable = mkEnableOption "enable services.lektor";
user = mkOption {
default = "lektor";
type = with types; str;
description = ''
name of the lektor service
'';
};
home = mkOption {
default = "/home/${cfg.user}";
type = with types; str;
description = ''
home of the service
'';
};
repository = mkOption {
type = with types; str;
description = ''
Repository to get the lektor project from.
'';
example = "git@github.com:lektor/lektor-website.git";
};
bind = mkOption {
default = "0.0.0.0";
type = with types; str;
description = ''
Host to bind the lektor service to.
'';
};
serviceName = mkOption {
default = "lektor";
type = with types; str;
description = ''
name of the system service (without the .service suffix)
'';
};
port = mkOption {
default = 5000;
type = with types; int;
description = ''
Port to bind the lektor service to.
'';
};
additionalScript = mkOption {
default = null;
type = with types; nullOr path;
description = ''
A script you can us as a hook before the lektor server start
(for example to creat your css or javascript files)
'';
example = pkgs.writeShellScript "build" ''
${pkgs.nix}/bin/nix-shell --run build";
'';
};
#sshMatchBlocks = mkOption {
# default = [];
# type = with types; listOf attrs;
# description = ''
# a matchBlock from home-manager.users.<name>.programs.ssh.matchBlocks;
# '';
#};
host = mkOption {
type = with types; str;
description = ''
ssh host to pull from and push to
'';
};
sshKey = mkOption {
type = with types; str;
description = ''
todo : avoid this, or make sure the home folder is crypted
Warning the key will be copied into the home folder of the user
ssh key to use
'';
};
};
config = mkIf cfg.enable {
# create User
users.users."${cfg.user}" = {
home = cfg.home;
createHome = true;
isSystemUser = true;
};
# create systemd service to start service
systemd.services."${cfg.serviceName}" = {
enable = true;
wantedBy = [ "multi-user.target" ];
environment.NIX_PATH = config.environment.variables.NIX_PATH;
serviceConfig = {
User = cfg.user;
# todo : this is not working properly
TimeoutStartSec =
"infinity"; # it might take some time will this thing is up
ExecStartPre = let
sshKeyTarget = "/run/keys.lektor/id_rsa";
sshConfig = pkgs.writeText "sshconfig" ''
Host ${cfg.host}
IdentityFile ${sshKeyTarget}
Host *
ForwardAgent no
Compression no
ServerAliveInterval 0
HashKnownHosts no
UserKnownHostsFile ~/.ssh/known_hosts
ControlMaster no
ControlPath ~/.ssh/master-%r@%n:%p
ControlPersist no
'';
sshKeyScript = pkgs.writers.writeDash "keyfile-gen" # sh
''
set -x
# setup ~/.ssh
mkdir -p ${cfg.home}/.ssh
chown ${cfg.user} ${cfg.home}/.ssh
chmod 700 ${cfg.home}/.ssh
cp ${sshConfig} ${cfg.home}/.ssh/config
chown ${cfg.user} ${cfg.home}/.ssh/config
chmod 500 ${cfg.home}/.ssh/config
mkdir -p ${dirOf sshKeyTarget}
chmod 700 ${dirOf sshKeyTarget}
chown ${cfg.user} ${dirOf sshKeyTarget}
cp ${toString cfg.sshKey} ${sshKeyTarget}
chown ${cfg.user} ${sshKeyTarget}
chmod 500 ${sshKeyTarget}
'';
cloneScript = pkgs.writers.writeDash "clone" # sh
''
set -x
if [[ `ls ~/${cfg.user} | wc -l` == 0 ]]
then
rm ~/${cfg.user}
fi
${pkgs.git}/bin/git clone ${cfg.repository} ~/${cfg.user}
'';
in [ "+${sshKeyScript}" "-${cloneScript}" ];
};
# todo : add restart ruling
script = # sh
''
cd ~/${cfg.user} && \
${pkgs.git}/bin/git pull && \
${
optionalString (cfg.additionalScript != null)
"${cfg.additionalScript} &&"
} \
${pkgs.python36Packages.lektor}/bin/lektor server \
--host ${cfg.bind} \
--port ${toString cfg.port}
'';
};
};
}
Reference in a new issue View git blame Copy permalink