nixos/commafeed: init module
This commit is contained in:
parent
60a9a79776
commit
3a0fa1e7aa
@ -125,6 +125,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
|
||||
|
||||
- [go-camo](https://github.com/cactus/go-camo), a secure image proxy server. Available as [services.go-camo](#opt-services.go-camo.enable).
|
||||
|
||||
- [CommaFeed](https://github.com/Athou/commafeed), a Google Reader inspired self-hosted RSS reader. Available as [services.commafeed](#opt-services.commafeed.enable).
|
||||
|
||||
- [Monado](https://monado.freedesktop.org/), an open source XR runtime. Available as [services.monado](#opt-services.monado.enable).
|
||||
|
||||
- [Pretix](https://pretix.eu/about/en/), an open source ticketing software for events. Available as [services.pretix]($opt-services-pretix.enable).
|
||||
|
@ -1312,6 +1312,7 @@
|
||||
./services/web-apps/chatgpt-retrieval-plugin.nix
|
||||
./services/web-apps/cloudlog.nix
|
||||
./services/web-apps/code-server.nix
|
||||
./services/web-apps/commafeed.nix
|
||||
./services/web-apps/convos.nix
|
||||
./services/web-apps/davis.nix
|
||||
./services/web-apps/dex.nix
|
||||
|
114
nixos/modules/services/web-apps/commafeed.nix
Normal file
114
nixos/modules/services/web-apps/commafeed.nix
Normal file
@ -0,0 +1,114 @@
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.services.commafeed;
|
||||
in
|
||||
{
|
||||
options.services.commafeed = {
|
||||
enable = lib.mkEnableOption "CommaFeed";
|
||||
|
||||
package = lib.mkPackageOption pkgs "commafeed" { };
|
||||
|
||||
user = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = "User under which CommaFeed runs.";
|
||||
default = "commafeed";
|
||||
};
|
||||
|
||||
group = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = "Group under which CommaFeed runs.";
|
||||
default = "commafeed";
|
||||
};
|
||||
|
||||
stateDir = lib.mkOption {
|
||||
type = lib.types.path;
|
||||
description = "Directory holding all state for CommaFeed to run.";
|
||||
default = "/var/lib/commafeed";
|
||||
};
|
||||
|
||||
environment = lib.mkOption {
|
||||
type = lib.types.attrsOf (
|
||||
lib.types.oneOf [
|
||||
lib.types.bool
|
||||
lib.types.int
|
||||
lib.types.str
|
||||
]
|
||||
);
|
||||
description = ''
|
||||
Extra environment variables passed to CommaFeed, refer to
|
||||
<https://github.com/Athou/commafeed/blob/master/commafeed-server/config.yml.example>
|
||||
for supported values. The default user is `admin` and the default password is `admin`.
|
||||
Correct configuration for H2 database is already provided.
|
||||
'';
|
||||
default = { };
|
||||
example = {
|
||||
CF_SERVER_APPLICATIONCONNECTORS_0_TYPE = "http";
|
||||
CF_SERVER_APPLICATIONCONNECTORS_0_PORT = 9090;
|
||||
};
|
||||
};
|
||||
|
||||
environmentFile = lib.mkOption {
|
||||
type = lib.types.nullOr lib.types.path;
|
||||
description = ''
|
||||
Environment file as defined in {manpage}`systemd.exec(5)`.
|
||||
'';
|
||||
default = null;
|
||||
example = "/var/lib/commafeed/commafeed.env";
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
systemd.services.commafeed = {
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
environment = lib.mapAttrs (
|
||||
_: v: if lib.isBool v then lib.boolToString v else toString v
|
||||
) cfg.environment;
|
||||
serviceConfig = {
|
||||
ExecStart = "${lib.getExe cfg.package} server ${cfg.package}/share/config.yml";
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
StateDirectory = baseNameOf cfg.stateDir;
|
||||
WorkingDirectory = cfg.stateDir;
|
||||
# Hardening
|
||||
CapabilityBoundingSet = [ "" ];
|
||||
DevicePolicy = "closed";
|
||||
DynamicUser = true;
|
||||
LockPersonality = true;
|
||||
NoNewPrivileges = true;
|
||||
PrivateDevices = true;
|
||||
PrivateUsers = true;
|
||||
ProcSubset = "pid";
|
||||
ProtectClock = true;
|
||||
ProtectControlGroups = true;
|
||||
ProtectHome = true;
|
||||
ProtectHostname = true;
|
||||
ProtectKernelLogs = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectKernelTunables = true;
|
||||
ProtectProc = "invisible";
|
||||
ProtectSystem = true;
|
||||
RestrictAddressFamilies = [
|
||||
"AF_INET"
|
||||
"AF_INET6"
|
||||
];
|
||||
RestrictNamespaces = true;
|
||||
RestrictRealtime = true;
|
||||
RestrictSUIDSGID = true;
|
||||
SystemCallArchitectures = "native";
|
||||
SystemCallFilter = [
|
||||
"@system-service"
|
||||
"~@privileged"
|
||||
];
|
||||
UMask = "0077";
|
||||
} // lib.optionalAttrs (cfg.environmentFile != null) { EnvironmentFile = cfg.environmentFile; };
|
||||
};
|
||||
};
|
||||
|
||||
meta.maintainers = [ lib.maintainers.raroh73 ];
|
||||
}
|
@ -203,6 +203,7 @@ in {
|
||||
code-server = handleTest ./code-server.nix {};
|
||||
coder = handleTest ./coder.nix {};
|
||||
collectd = handleTest ./collectd.nix {};
|
||||
commafeed = handleTest ./commafeed.nix {};
|
||||
connman = handleTest ./connman.nix {};
|
||||
consul = handleTest ./consul.nix {};
|
||||
consul-template = handleTest ./consul-template.nix {};
|
||||
|
21
nixos/tests/commafeed.nix
Normal file
21
nixos/tests/commafeed.nix
Normal file
@ -0,0 +1,21 @@
|
||||
import ./make-test-python.nix (
|
||||
{ lib, ... }:
|
||||
{
|
||||
name = "commafeed";
|
||||
|
||||
nodes.server = {
|
||||
services.commafeed = {
|
||||
enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
testScript = ''
|
||||
server.start()
|
||||
server.wait_for_unit("commafeed.service")
|
||||
server.wait_for_open_port(8082)
|
||||
server.succeed("curl --fail --silent http://localhost:8082")
|
||||
'';
|
||||
|
||||
meta.maintainers = [ lib.maintainers.raroh73 ];
|
||||
}
|
||||
)
|
@ -5,6 +5,7 @@
|
||||
jre,
|
||||
maven,
|
||||
makeWrapper,
|
||||
nixosTests,
|
||||
writeText,
|
||||
}:
|
||||
let
|
||||
@ -89,6 +90,8 @@ maven.buildMavenPackage {
|
||||
'url: jdbc:h2:./database/db;DEFRAG_ALWAYS=TRUE'
|
||||
'';
|
||||
|
||||
passthru.tests = nixosTests.commafeed;
|
||||
|
||||
meta = {
|
||||
description = "Google Reader inspired self-hosted RSS reader";
|
||||
homepage = "https://github.com/Athou/commafeed";
|
||||
|
Loading…
Reference in New Issue
Block a user