qbit/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/services.taskserver: remove with lib;

Browse Source
This commit is contained in:
Felix Buehler 2024-08-30 00:46:50 +02:00
parent 1f34eeb672
commit d37789ce5d
1 changed files with 69 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

141
nixos/modules/services/misc/taskserver/default.nix
View File

@ -1,14 +1,11 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.taskserver;
taskd = "${pkgs.taskserver}/bin/taskd";
mkManualPkiOption = desc: mkOption {
type = types.nullOr types.path;
mkManualPkiOption = desc: lib.mkOption {
type = lib.types.nullOr lib.types.path;
default = null;
description = ''
${desc}
@ -46,8 +43,8 @@ let
:::
'';
mkExpireOption = desc: mkOption {
type = types.nullOr types.int;
mkExpireOption = desc: lib.mkOption {
type = lib.types.nullOr lib.types.int;
default = null;
example = 365;
apply = val: if val == null then -1 else val;
@ -58,8 +55,8 @@ let
};
autoPkiOptions = {
bits = mkOption {
type = types.int;
bits = lib.mkOption {
type = lib.types.int;
default = 4096;
example = 2048;
description = mkAutoDesc "The bit size for generated keys.";
@ -75,20 +72,20 @@ let
needToCreateCA = let
notFound = path: let
dotted = concatStringsSep "." path;
dotted = lib.concatStringsSep "." path;
in throw "Can't find option definitions for path `${dotted}'.";
findPkiDefinitions = path: attrs: let
mkSublist = key: val: let
newPath = path ++ singleton key;
in if isOption val
then attrByPath newPath (notFound newPath) cfg.pki.manual
newPath = path ++ lib.singleton key;
in if lib.isOption val
then lib.attrByPath newPath (notFound newPath) cfg.pki.manual
else findPkiDefinitions newPath val;
in flatten (mapAttrsToList mkSublist attrs);
in all (x: x == null) (findPkiDefinitions [] manualPkiOptions);
in lib.flatten (lib.mapAttrsToList mkSublist attrs);
in lib.all (x: x == null) (findPkiDefinitions [] manualPkiOptions);
orgOptions = { ... }: {
options.users = mkOption {
type = types.uniq (types.listOf types.str);
options.users = lib.mkOption {
type = lib.types.uniq (lib.types.listOf lib.types.str);
default = [];
example = [ "alice" "bob" ];
description = ''
@ -96,8 +93,8 @@ let
'';
};
options.groups = mkOption {
type = types.listOf types.str;
options.groups = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [];
example = [ "workers" "slackers" ];
description = ''
@ -137,8 +134,8 @@ let
in {
options = {
services.taskserver = {
enable = mkOption {
type = types.bool;
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = let
url = "https://nixos.org/manual/nixos/stable/index.html#module-services-taskserver";
@ -150,26 +147,26 @@ in {
'';
};
user = mkOption {
type = types.str;
user = lib.mkOption {
type = lib.types.str;
default = "taskd";
description = "User for Taskserver.";
};
group = mkOption {
type = types.str;
group = lib.mkOption {
type = lib.types.str;
default = "taskd";
description = "Group for Taskserver.";
};
dataDir = mkOption {
type = types.path;
dataDir = lib.mkOption {
type = lib.types.path;
default = "/var/lib/taskserver";
description = "Data directory for Taskserver.";
};
ciphers = mkOption {
type = types.nullOr (types.separatedString ":");
ciphers = lib.mkOption {
type = lib.types.nullOr (lib.types.separatedString ":");
default = null;
example = "NORMAL:-VERS-SSL3.0";
description = let
@ -180,8 +177,8 @@ in {
'';
};
organisations = mkOption {
type = types.attrsOf (types.submodule orgOptions);
organisations = lib.mkOption {
type = lib.types.attrsOf (lib.types.submodule orgOptions);
default = {};
example.myShinyOrganisation.users = [ "alice" "bob" ];
example.myShinyOrganisation.groups = [ "staff" "outsiders" ];
@ -193,24 +190,24 @@ in {
'';
};
confirmation = mkOption {
type = types.bool;
confirmation = lib.mkOption {
type = lib.types.bool;
default = true;
description = ''
Determines whether certain commands are confirmed.
'';
};
debug = mkOption {
type = types.bool;
debug = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Logs debugging information.
'';
};
extensions = mkOption {
type = types.nullOr types.path;
extensions = lib.mkOption {
type = lib.types.nullOr lib.types.path;
default = null;
description = ''
Fully qualified path of the Taskserver extension scripts.
@ -218,32 +215,32 @@ in {
'';
};
ipLog = mkOption {
type = types.bool;
ipLog = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Logs the IP addresses of incoming requests.
'';
};
queueSize = mkOption {
type = types.int;
queueSize = lib.mkOption {
type = lib.types.int;
default = 10;
description = ''
Size of the connection backlog, see {manpage}`listen(2)`.
'';
};
requestLimit = mkOption {
type = types.int;
requestLimit = lib.mkOption {
type = lib.types.int;
default = 1048576;
description = ''
Size limit of incoming requests, in bytes.
'';
};
allowedClientIDs = mkOption {
type = with types; either str (listOf str);
allowedClientIDs = lib.mkOption {
type = with lib.types; either str (listOf str);
default = [];
example = [ "[Tt]ask [2-9]+" ];
description = ''
@ -256,8 +253,8 @@ in {
'';
};
disallowedClientIDs = mkOption {
type = with types; either str (listOf str);
disallowedClientIDs = lib.mkOption {
type = with lib.types; either str (listOf str);
default = [];
example = [ "[Tt]ask [2-9]+" ];
description = ''
@ -270,8 +267,8 @@ in {
'';
};
listenHost = mkOption {
type = types.str;
listenHost = lib.mkOption {
type = lib.types.str;
default = "localhost";
example = "::";
description = ''
@ -279,24 +276,24 @@ in {
'';
};
listenPort = mkOption {
type = types.int;
listenPort = lib.mkOption {
type = lib.types.int;
default = 53589;
description = ''
Port number of the Taskserver.
'';
};
openFirewall = mkOption {
type = types.bool;
openFirewall = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Whether to open the firewall for the specified Taskserver port.
'';
};
fqdn = mkOption {
type = types.str;
fqdn = lib.mkOption {
type = lib.types.str;
default = "localhost";
description = ''
The fully qualified domain name of this server, which is also used
@ -304,8 +301,8 @@ in {
'';
};
trust = mkOption {
type = types.enum [ "allow all" "strict" ];
trust = lib.mkOption {
type = lib.types.enum [ "allow all" "strict" ];
default = "strict";
description = ''
Determines how client certificates are validated.
@ -320,8 +317,8 @@ in {
pki.manual = manualPkiOptions;
pki.auto = autoPkiOptions;
config = mkOption {
type = types.attrs;
config = lib.mkOption {
type = lib.types.attrs;
example.client.cert = "/tmp/debugging.cert";
description = ''
Configuration options to pass to Taskserver.
@ -340,23 +337,23 @@ in {
'';
apply = let
mkKey = path: if path == ["server" "listen"] then "server"
else concatStringsSep "." path;
else lib.concatStringsSep "." path;
recurse = path: attrs: let
mapper = name: val: let
newPath = path ++ [ name ];
scalar = if val == true then "true"
else if val == false then "false"
else toString val;
in if isAttrs val then recurse newPath val
in if lib.isAttrs val then recurse newPath val
else [ "${mkKey newPath}=${scalar}" ];
in concatLists (mapAttrsToList mapper attrs);
in lib.concatLists (lib.mapAttrsToList mapper attrs);
in recurse [];
};
};
};
imports = [
(mkRemovedOptionModule ["services" "taskserver" "extraConfig"] ''
(lib.mkRemovedOptionModule ["services" "taskserver" "extraConfig"] ''
This option was removed in favor of `services.taskserver.config` with
different semantics (it's now a list of attributes instead of lines).
@ -366,11 +363,11 @@ in {
'')
];
config = mkMerge [
(mkIf cfg.enable {
config = lib.mkMerge [
(lib.mkIf cfg.enable {
environment.systemPackages = [ nixos-taskserver ];
users.users = optionalAttrs (cfg.user == "taskd") {
users.users = lib.optionalAttrs (cfg.user == "taskd") {
taskd = {
uid = config.ids.uids.taskd;
description = "Taskserver user";
@ -378,7 +375,7 @@ in {
};
};
users.groups = optionalAttrs (cfg.group == "taskd") {
users.groups = lib.optionalAttrs (cfg.group == "taskd") {
taskd.gid = config.ids.gids.taskd;
};
@ -413,7 +410,7 @@ in {
} else {
cert = "${cfg.pki.manual.server.cert}";
key = "${cfg.pki.manual.server.key}";
${mapNullable (_: "crl") cfg.pki.manual.server.crl} = "${cfg.pki.manual.server.crl}";
${lib.mapNullable (_: "crl") cfg.pki.manual.server.crl} = "${cfg.pki.manual.server.crl}";
});
ca.cert = if needToCreateCA then "${cfg.dataDir}/keys/ca.cert"
@ -464,8 +461,8 @@ in {
serviceConfig = {
ExecStart = let
mkCfgFlag = flag: escapeShellArg "--${flag}";
cfgFlags = concatMapStringsSep " " mkCfgFlag cfg.config;
mkCfgFlag = flag: lib.escapeShellArg "--${flag}";
cfgFlags = lib.concatMapStringsSep " " mkCfgFlag cfg.config;
in "@${taskd} taskd server ${cfgFlags}";
ExecReload = "${pkgs.coreutils}/bin/kill -USR1 $MAINPID";
Restart = "on-failure";
@ -477,7 +474,7 @@ in {
};
};
})
(mkIf (cfg.enable && needToCreateCA) {
(lib.mkIf (cfg.enable && needToCreateCA) {
systemd.services.taskserver-ca = {
wantedBy = [ "taskserver.service" ];
after = [ "taskserver-init.service" ];
@ -561,7 +558,7 @@ in {
'';
};
})
(mkIf (cfg.enable && cfg.openFirewall) {
(lib.mkIf (cfg.enable && cfg.openFirewall) {
networking.firewall.allowedTCPPorts = [ cfg.listenPort ];
})
];