blob: ab55e22bf2146223f75a0920eddbc25a7f07f179 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.ferretdb;
in
{
meta.maintainers = with lib.maintainers; [ julienmalka camillemndn ];
options = {
services.ferretdb = {
enable = mkEnableOption "FerretDB, an Open Source MongoDB alternative";
package = mkOption {
type = types.package;
example = literalExpression "pkgs.ferretdb";
default = pkgs.ferretdb;
defaultText = "pkgs.ferretdb";
description = "FerretDB package to use.";
};
settings = lib.mkOption {
type =
lib.types.submodule { freeformType = with lib.types; attrsOf str; };
example = {
FERRETDB_LOG_LEVEL = "warn";
FERRETDB_MODE = "normal";
};
description = ''
Additional configuration for FerretDB, see
<https://docs.ferretdb.io/configuration/flags/>
for supported values.
'';
};
};
};
config = mkIf cfg.enable
{
services.ferretdb.settings = {
FERRETDB_HANDLER = lib.mkDefault "sqlite";
FERRETDB_SQLITE_URL = lib.mkDefault "file:/var/lib/ferretdb/";
};
systemd.services.ferretdb = {
description = "FerretDB";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
environment = cfg.settings;
serviceConfig = {
Type = "simple";
StateDirectory = "ferretdb";
WorkingDirectory = "/var/lib/ferretdb";
ExecStart = "${cfg.package}/bin/ferretdb";
Restart = "on-failure";
ProtectHome = true;
ProtectSystem = "strict";
PrivateTmp = true;
PrivateDevices = true;
ProtectHostname = true;
ProtectClock = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectKernelLogs = true;
ProtectControlGroups = true;
NoNewPrivileges = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RemoveIPC = true;
PrivateMounts = true;
DynamicUser = true;
};
};
};
}
|