diff options
| author | Maciej Krüger <mkg20001@gmail.com> | 2021-11-03 14:28:09 +0100 |
|---|---|---|
| committer | Maciej Krüger <mkg20001@gmail.com> | 2021-11-03 14:32:44 +0100 |
| commit | e7fd175e979f509f407e06214cf69321eec93f03 (patch) | |
| tree | df4bcb42222978aefc9609b5ffd06add46be9d2e /nixos/modules | |
| parent | 0cecb3303a960266b6ac301ce8876a62159f48f0 (diff) | |
| download | nixpkgs-e7fd175e979f509f407e06214cf69321eec93f03.tar nixpkgs-e7fd175e979f509f407e06214cf69321eec93f03.tar.gz nixpkgs-e7fd175e979f509f407e06214cf69321eec93f03.tar.bz2 nixpkgs-e7fd175e979f509f407e06214cf69321eec93f03.tar.lz nixpkgs-e7fd175e979f509f407e06214cf69321eec93f03.tar.xz nixpkgs-e7fd175e979f509f407e06214cf69321eec93f03.tar.zst nixpkgs-e7fd175e979f509f407e06214cf69321eec93f03.zip | |
nixos/lxd-image-server: init
Co-authored-by: Aaron Andersen <aaron@fosslib.net>
Diffstat (limited to 'nixos/modules')
| -rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/services/networking/lxd-image-server.nix | 138 |
2 files changed, 139 insertions, 0 deletions
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index eed0b802b95..dc152848fb4 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -772,6 +772,7 @@ ./services/networking/libreswan.nix ./services/networking/lldpd.nix ./services/networking/logmein-hamachi.nix + ./services/networking/lxd-image-server.nix ./services/networking/mailpile.nix ./services/networking/magic-wormhole-mailbox-server.nix ./services/networking/matterbridge.nix diff --git a/nixos/modules/services/networking/lxd-image-server.nix b/nixos/modules/services/networking/lxd-image-server.nix new file mode 100644 index 00000000000..5ec6cacffa4 --- /dev/null +++ b/nixos/modules/services/networking/lxd-image-server.nix @@ -0,0 +1,138 @@ +{ config, pkgs, lib, ... }: + +with lib; + +let + cfg = config.services.lxd-image-server; + format = pkgs.formats.toml {}; + + location = "/var/www/simplestreams"; +in +{ + options = { + services.lxd-image-server = { + enable = mkEnableOption "lxd-image-server"; + + group = mkOption { + type = types.str; + description = "Group assigned to the user and the webroot directory."; + default = "nginx"; + example = "www-data"; + }; + + settings = mkOption { + type = format.type; + description = '' + Configuration for lxd-image-server. + + Example see <link xlink:href="https://github.com/Avature/lxd-image-server/blob/master/config.toml"/>. + ''; + default = {}; + }; + + nginx = { + enable = mkEnableOption "nginx"; + domain = mkOption { + type = types.str; + description = "Domain to use for nginx virtual host."; + example = "images.example.org"; + }; + }; + }; + }; + + config = mkMerge [ + (mkIf (cfg.enable) { + users.users.lxd-image-server = { + isSystemUser = true; + group = cfg.group; + }; + users.groups.${cfg.group} = {}; + + environment.etc."lxd-image-server/config.toml".source = format.generate "config.toml" cfg.settings; + + services.logrotate.paths.lxd-image-server = { + path = "/var/log/lxd-image-server/lxd-image-server.log"; + frequency = "daily"; + keep = 21; + user = "lxd-image-server"; + group = cfg.group; + extraConfig = '' + missingok + compress + delaycompress + copytruncate + notifempty + ''; + }; + + systemd.tmpfiles.rules = [ + "d /var/www/simplestreams 0755 lxd-image-server ${cfg.group}" + ]; + + systemd.services.lxd-image-server = { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + + description = "LXD Image Server"; + + script = '' + ${pkgs.lxd-image-server}/bin/lxd-image-server init + ${pkgs.lxd-image-server}/bin/lxd-image-server watch + ''; + + serviceConfig = { + User = "lxd-image-server"; + Group = cfg.group; + DynamicUser = true; + LogsDirectory = "lxd-image-server"; + RuntimeDirectory = "lxd-image-server"; + ExecReload = "${pkgs.lxd-image-server}/bin/lxd-image-server reload"; + ReadWritePaths = [ location ]; + }; + }; + }) + # this is seperate so it can be enabled on mirrored hosts + (mkIf (cfg.nginx.enable) { + # https://github.com/Avature/lxd-image-server/blob/master/resources/nginx/includes/lxd-image-server.pkg.conf + services.nginx.virtualHosts = { + "${cfg.nginx.domain}" = { + forceSSL = true; + enableACME = mkDefault true; + + root = location; + + locations = { + "/streams/v1/" = { + index = "index.json"; + }; + + # Serve json files with content type header application/json + "~ \.json$" = { + extraConfig = '' + add_header Content-Type application/json; + ''; + }; + + "~ \.tar.xz$" = { + extraConfig = '' + add_header Content-Type application/octet-stream; + ''; + }; + + "~ \.tar.gz$" = { + extraConfig = '' + add_header Content-Type application/octet-stream; + ''; + }; + + # Deny access to document root and the images folder + "~ ^/(images/)?$" = { + return = "403"; + }; + }; + }; + }; + }) + ]; +} |