Created
May 31, 2017 13:59
-
-
Save disassembler/f3e958c4feb9e8732b273efcf30c5ab6 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| with import <nixpkgs> {}; # bring all of Nixpkgs into scope | |
| antBuild { | |
| name = "passopolis-unstable-2016-05-07"; | |
| src = fetchgit { | |
| url = "https://github.com/WeAreWizards/passopolis-server"; | |
| sha256 = "0ywmymbjcfsxv1p1j0l0lw9cb7f79h23ic1c4b5w5nb0k9f4zvfq"; | |
| rev = "b827b3a6176e050deb729009676fad7e86e5393a"; | |
| leaveDotGit = true; | |
| }; | |
| buildInputs = [ git python ]; | |
| antTargets = [ "jar" ]; | |
| meta = { | |
| homepage = "https://github.com/WeAreWizards/passopolis-server"; | |
| description = "A well-designed, well-functioning and secure secret manager."; | |
| license = stdenv.lib.licenses.gpl3; | |
| }; | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { config, lib, pkgs, ... }: | |
| with lib; | |
| let | |
| cfg = config.services.passopolis; | |
| in { | |
| ###### interface | |
| options = { | |
| services.passopolis = { | |
| enable = mkEnableOption "Passopolis"; | |
| user = mkOption { | |
| type = types.str; | |
| default = "passopolis"; | |
| description = "User account under which passopolis runs."; | |
| }; | |
| statePath = mkOption { | |
| type = types.str; | |
| default = "/var/passopolis"; | |
| description = "The state directory"; | |
| }; | |
| databaseHost = mkOption { | |
| type = types.str; | |
| default = "127.0.0.1"; | |
| description = "Database hostname"; | |
| }; | |
| databaseName = mkOption { | |
| type = types.str; | |
| default = "passopolis"; | |
| description = "Database name"; | |
| }; | |
| enablePostgreSQLDatabase = mkOption { | |
| type = types.bool; | |
| default = true; | |
| description = '' | |
| Whether to enable a local postgresql service as database for passopolis | |
| ''; | |
| }; | |
| }; | |
| }; | |
| ###### implementation | |
| config = mkIf cfg.enable { | |
| users.extraUsers.passopolis = { | |
| name = cfg.user; | |
| description = "Passopolis service user"; | |
| }; | |
| services.postgresql.enable = mkDefault true; | |
| environment.systemPackages = [ | |
| import ./pkg.nix | |
| ]; | |
| systemd.services.passopolis = { | |
| description = "Passopolis service"; | |
| after = [ "network.target" "postgresql.service" ]; | |
| wantedBy = [ "multi-user.target" ]; | |
| path = with pkgs; optional cfg.enablePostgreSQLDatabase [ | |
| config.services.postgresql.package | |
| ]; | |
| preStart = '' | |
| mkdir -p ${cfg.statePath} | |
| chown ${cfg.user} ${cfg.statePath} | |
| ${lib.optionalString cfg.enablePostgreSQLDatabase '' | |
| if ! test -e "${cfg.statePath}/db-created"; then | |
| psql postgres -c "CREATE ROLE ${cfg.user} WITH LOGIN NOCREATEDB NOCREATEROLE NOCREATEUSER" | |
| ${config.services.postgresql.package}/bin/createdb --owner ${cfg.user} ${cfg.databaseName} || true | |
| touch "${cfg.statePath}/db-created" | |
| fi | |
| ''} | |
| ''; | |
| serviceConfig = { | |
| PermissionsStartOnly = true; # preStart must be run as root | |
| Type = "simple"; | |
| ExecStart = "${pkgs.jre}/bin/java -DgenerateSecretsForTest=true -Ddatabase_url=jdbc:postgresql://${cfg.databaseHost}:5432/${cfg.databaseName} -ea -jar ${pkgs.passopolis}/share/java/mitrocore.jar"; | |
| User = cfg.user; | |
| }; | |
| }; | |
| }; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment