diff options
| author | Elis Hirwing <elis@hirwing.se> | 2019-01-27 21:31:11 +0100 |
|---|---|---|
| committer | Elis Hirwing <elis@hirwing.se> | 2019-01-28 11:14:37 +0100 |
| commit | ab5dcc7068bfaca3a7a2eaa8ad824a86c2595681 (patch) | |
| tree | f5c93b8c74e2ef868a9f55c0715b79b457d24cde /nixos | |
| parent | e47fcaed5bb08cace8790614b65d53bb2989453e (diff) | |
| download | nixpkgs-ab5dcc7068bfaca3a7a2eaa8ad824a86c2595681.tar nixpkgs-ab5dcc7068bfaca3a7a2eaa8ad824a86c2595681.tar.gz nixpkgs-ab5dcc7068bfaca3a7a2eaa8ad824a86c2595681.tar.bz2 nixpkgs-ab5dcc7068bfaca3a7a2eaa8ad824a86c2595681.tar.lz nixpkgs-ab5dcc7068bfaca3a7a2eaa8ad824a86c2595681.tar.xz nixpkgs-ab5dcc7068bfaca3a7a2eaa8ad824a86c2595681.tar.zst nixpkgs-ab5dcc7068bfaca3a7a2eaa8ad824a86c2595681.zip | |
nixos/sks: Add option to configure database settings
This can be used for options to tweak the behavior around the database.
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/services/security/sks.nix | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/nixos/modules/services/security/sks.nix b/nixos/modules/services/security/sks.nix index 9f0261038d5..8136a5c763a 100644 --- a/nixos/modules/services/security/sks.nix +++ b/nixos/modules/services/security/sks.nix @@ -5,6 +5,9 @@ with lib; let cfg = config.services.sks; sksPkg = cfg.package; + dbConfig = pkgs.writeText "DB_CONFIG" '' + ${cfg.extraDbConfig} + ''; in { meta.maintainers = with maintainers; [ primeos calbrecht jcumming ]; @@ -39,6 +42,20 @@ in { ''; }; + extraDbConfig = mkOption { + type = types.str; + default = ""; + description = '' + Set contents of the files "KDB/DB_CONFIG" and "PTree/DB_CONFIG" within + the ''${dataDir} directory. This is used to configure options for the + database for the sks key server. + + Documentation of available options are available in the file named + "sampleConfig/DB_CONFIG" in the following repository: + https://bitbucket.org/skskeyserver/sks-keyserver/src + ''; + }; + hkpAddress = mkOption { default = [ "127.0.0.1" "::1" ]; type = types.listOf types.str; @@ -99,6 +116,17 @@ in { ${lib.optionalString (cfg.webroot != null) "ln -sfT \"${cfg.webroot}\" web"} mkdir -p dump + # Check that both database configs are symlinks before overwriting them + if [ -e KDB/DB_CONFIG ] && [ ! -L KBD/DB_CONFIG ]; then + echo "KDB/DB_CONFIG exists but is not a symlink." >&2 + exit 1 + fi + if [ -e PTree/DB_CONFIG ] && [ ! -L PTree/DB_CONFIG ]; then + echo "PTree/DB_CONFIG exists but is not a symlink." >&2 + exit 1 + fi + ln -sf ${dbConfig} KDB/DB_CONFIG + ln -sf ${dbConfig} PTree/DB_CONFIG ${sksPkg}/bin/sks build dump/*.gpg -n 10 -cache 100 || true #*/ ${sksPkg}/bin/sks cleandb || true ${sksPkg}/bin/sks pbuild -cache 20 -ptree_cache 70 || true |