nixos/wakapi: init module

This commit is contained in:
isabel 2024-08-19 17:16:01 +01:00
parent c5ea55f515
commit f3c2be2a80
No known key found for this signature in database
GPG Key ID: 7F2F6BD6997FCDF7
3 changed files with 167 additions and 0 deletions

View File

@ -90,6 +90,8 @@
- [chromadb](https://www.trychroma.com/), an open-source AI application
database. Batteries included. Available as [services.chromadb](options.html#opt-services.chromadb.enable).
- [Wakapi](https://wakapi.dev/), a time tracking software for programmers. Available as [services.wakapi](#opt-services.wakapi.enable).
## Backward Incompatibilities {#sec-release-24.11-incompatibilities}
- `transmission` package has been aliased with a `trace` warning to `transmission_3`. Since [Transmission 4 has been released last year](https://github.com/transmission/transmission/releases/tag/4.0.0), and Transmission 3 will eventually go away, it was decided perform this warning alias to make people aware of the new version. The `services.transmission.package` defaults to `transmission_3` as well because the upgrade can cause data loss in certain specific usage patterns (examples: [#5153](https://github.com/transmission/transmission/issues/5153), [#6796](https://github.com/transmission/transmission/issues/6796)). Please make sure to back up to your data directory per your usage:

View File

@ -1490,6 +1490,7 @@
./services/web-apps/trilium.nix
./services/web-apps/tt-rss.nix
./services/web-apps/vikunja.nix
./services/web-apps/wakapi.nix
./services/web-apps/weblate.nix
./services/web-apps/whitebophir.nix
./services/web-apps/wiki-js.nix

View File

@ -0,0 +1,164 @@
{
lib,
pkgs,
config,
...
}:
let
cfg = config.services.wakapi;
settingsFormat = pkgs.formats.yaml { };
settingsFile = settingsFormat.generate "wakapi-settings" cfg.settings;
inherit (lib)
getExe
mkOption
mkEnableOption
mkPackageOption
types
mkIf
optional
mkMerge
singleton
;
in
{
options.services.wakapi = {
enable = mkEnableOption "Wakapi";
package = mkPackageOption pkgs "wakapi" { };
settings = mkOption {
inherit (settingsFormat) type;
default = { };
description = ''
Settings for Wakapi.
See [config.default.yml](https://github.com/muety/wakapi/blob/master/config.default.yml) for a list of all possible options.
'';
};
passwordSalt = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
The password salt to use for Wakapi.
'';
};
passwordSaltFile = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
The path to a file containing the password salt to use for Wakapi.
'';
};
smtpPassword = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
The password used for the smtp mailed to used by Wakapi.
'';
};
smtpPasswordFile = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
The path to a file containing the password for the smtp mailer used by Wakapi.
'';
};
};
config = mkIf cfg.enable {
systemd.services.wakapi = {
description = "Wakapi (self-hosted WakaTime-compatible backend)";
wants = [
"network-online.target"
] ++ optional (cfg.settings.db.dialect == "postgres") "postgresql.service";
after = [
"network-online.target"
] ++ optional (cfg.settings.db.dialect == "postgres") "postgresql.service";
wantedBy = [ "multi-user.target" ];
script = ''
exec ${getExe cfg.package} -config ${settingsFile}
'';
serviceConfig = {
Environment = mkMerge [
(mkIf (cfg.passwordSalt != null) "WAKAPI_PASSWORD_SALT=${cfg.passwordSalt}")
(mkIf (cfg.smtpPassword != null) "WAKAPI_MAIL_SMTP_PASS=${cfg.smtpPassword}")
];
EnvironmentFile = [
(optional (cfg.passwordSaltFile != null) cfg.passwordSaltFile)
(optional (cfg.smtpPasswordFile != null) cfg.smtpPasswordFile)
];
User = config.users.users.wakapi.name;
Group = config.users.users.wakapi.group;
DynamicUser = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProtectSystem = "strict";
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
"AF_UNIX"
];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
StateDirectoryMode = "0700";
Restart = "always";
};
};
services.wakapi.settings = {
env = lib.mkDefault "production";
};
assertions = [
{
assertion = cfg.passwordSalt != null || cfg.passwordSaltFile != null;
message = "Either `services.wakapi.passwordSalt` or `services.wakapi.passwordSaltFile` must be set.";
}
{
assertion = cfg.passwordSalt != null -> cfg.passwordSaltFile != null;
message = "Both `services.wakapi.passwordSalt` `services.wakapi.passwordSaltFile` should not be set at the same time.";
}
{
assertion = cfg.smtpPassword != null -> cfg.smtpPasswordFile != null;
message = "Both `services.wakapi.smtpPassword` `services.wakapi.smtpPasswordFile` should not be set at the same time.";
}
];
users = {
users.wakapi = {
group = "wakapi";
createHome = false;
isSystemUser = true;
};
groups.wakapi = { };
};
services.postgresql = mkIf (cfg.settings.db.dialect == "postgres") {
enable = true;
ensureDatabases = singleton cfg.settings.db.name;
ensureUsers = singleton {
name = cfg.settings.db.user;
ensureDBOwnership = true;
};
authentication = ''
host ${cfg.settings.db.name} ${cfg.settings.db.user} 127.0.0.1/32 trust
'';
};
};
meta.maintainers = with lib.maintainers; [ isabelroses ];
}