nixos/lxd-image-server: init
Co-authored-by: Aaron Andersen <aaron@fosslib.net>
This commit is contained in:
parent
0cecb3303a
commit
e7fd175e97
|
@ -772,6 +772,7 @@
|
||||||
./services/networking/libreswan.nix
|
./services/networking/libreswan.nix
|
||||||
./services/networking/lldpd.nix
|
./services/networking/lldpd.nix
|
||||||
./services/networking/logmein-hamachi.nix
|
./services/networking/logmein-hamachi.nix
|
||||||
|
./services/networking/lxd-image-server.nix
|
||||||
./services/networking/mailpile.nix
|
./services/networking/mailpile.nix
|
||||||
./services/networking/magic-wormhole-mailbox-server.nix
|
./services/networking/magic-wormhole-mailbox-server.nix
|
||||||
./services/networking/matterbridge.nix
|
./services/networking/matterbridge.nix
|
||||||
|
|
138
nixos/modules/services/networking/lxd-image-server.nix
Normal file
138
nixos/modules/services/networking/lxd-image-server.nix
Normal file
|
@ -0,0 +1,138 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.services.lxd-image-server;
|
||||||
|
format = pkgs.formats.toml {};
|
||||||
|
|
||||||
|
location = "/var/www/simplestreams";
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options = {
|
||||||
|
services.lxd-image-server = {
|
||||||
|
enable = mkEnableOption "lxd-image-server";
|
||||||
|
|
||||||
|
group = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
description = "Group assigned to the user and the webroot directory.";
|
||||||
|
default = "nginx";
|
||||||
|
example = "www-data";
|
||||||
|
};
|
||||||
|
|
||||||
|
settings = mkOption {
|
||||||
|
type = format.type;
|
||||||
|
description = ''
|
||||||
|
Configuration for lxd-image-server.
|
||||||
|
|
||||||
|
Example see <link xlink:href="https://github.com/Avature/lxd-image-server/blob/master/config.toml"/>.
|
||||||
|
'';
|
||||||
|
default = {};
|
||||||
|
};
|
||||||
|
|
||||||
|
nginx = {
|
||||||
|
enable = mkEnableOption "nginx";
|
||||||
|
domain = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
description = "Domain to use for nginx virtual host.";
|
||||||
|
example = "images.example.org";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkMerge [
|
||||||
|
(mkIf (cfg.enable) {
|
||||||
|
users.users.lxd-image-server = {
|
||||||
|
isSystemUser = true;
|
||||||
|
group = cfg.group;
|
||||||
|
};
|
||||||
|
users.groups.${cfg.group} = {};
|
||||||
|
|
||||||
|
environment.etc."lxd-image-server/config.toml".source = format.generate "config.toml" cfg.settings;
|
||||||
|
|
||||||
|
services.logrotate.paths.lxd-image-server = {
|
||||||
|
path = "/var/log/lxd-image-server/lxd-image-server.log";
|
||||||
|
frequency = "daily";
|
||||||
|
keep = 21;
|
||||||
|
user = "lxd-image-server";
|
||||||
|
group = cfg.group;
|
||||||
|
extraConfig = ''
|
||||||
|
missingok
|
||||||
|
compress
|
||||||
|
delaycompress
|
||||||
|
copytruncate
|
||||||
|
notifempty
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d /var/www/simplestreams 0755 lxd-image-server ${cfg.group}"
|
||||||
|
];
|
||||||
|
|
||||||
|
systemd.services.lxd-image-server = {
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
after = [ "network.target" ];
|
||||||
|
|
||||||
|
description = "LXD Image Server";
|
||||||
|
|
||||||
|
script = ''
|
||||||
|
${pkgs.lxd-image-server}/bin/lxd-image-server init
|
||||||
|
${pkgs.lxd-image-server}/bin/lxd-image-server watch
|
||||||
|
'';
|
||||||
|
|
||||||
|
serviceConfig = {
|
||||||
|
User = "lxd-image-server";
|
||||||
|
Group = cfg.group;
|
||||||
|
DynamicUser = true;
|
||||||
|
LogsDirectory = "lxd-image-server";
|
||||||
|
RuntimeDirectory = "lxd-image-server";
|
||||||
|
ExecReload = "${pkgs.lxd-image-server}/bin/lxd-image-server reload";
|
||||||
|
ReadWritePaths = [ location ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
})
|
||||||
|
# this is seperate so it can be enabled on mirrored hosts
|
||||||
|
(mkIf (cfg.nginx.enable) {
|
||||||
|
# https://github.com/Avature/lxd-image-server/blob/master/resources/nginx/includes/lxd-image-server.pkg.conf
|
||||||
|
services.nginx.virtualHosts = {
|
||||||
|
"${cfg.nginx.domain}" = {
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = mkDefault true;
|
||||||
|
|
||||||
|
root = location;
|
||||||
|
|
||||||
|
locations = {
|
||||||
|
"/streams/v1/" = {
|
||||||
|
index = "index.json";
|
||||||
|
};
|
||||||
|
|
||||||
|
# Serve json files with content type header application/json
|
||||||
|
"~ \.json$" = {
|
||||||
|
extraConfig = ''
|
||||||
|
add_header Content-Type application/json;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
"~ \.tar.xz$" = {
|
||||||
|
extraConfig = ''
|
||||||
|
add_header Content-Type application/octet-stream;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
"~ \.tar.gz$" = {
|
||||||
|
extraConfig = ''
|
||||||
|
add_header Content-Type application/octet-stream;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
# Deny access to document root and the images folder
|
||||||
|
"~ ^/(images/)?$" = {
|
||||||
|
return = "403";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
})
|
||||||
|
];
|
||||||
|
}
|
Loading…
Reference in a new issue