TheAnachronism/docspell
1
0
Fork 0
mirror of https://github.com/TheAnachronism/docspell.git synced 2025-03-28 01:35:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2699 from ivanbrennan/nix-secure-config

Browse Source 
Nix module: secure config file
This commit is contained in:
eikek 2024-07-08 09:59:52 +02:00 committed by GitHub
commit 294b04e590
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 46 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
nix/modules/joex.nix
View File

@ -12,11 +12,6 @@ with lib; let
if cfg.runAs == null if cfg.runAs == null
then "docspell" then "docspell"
else cfg.runAs; else cfg.runAs;
configFile = pkgs.writeText "docspell-joex.conf" ''
{"docspell": { "joex":
${builtins.toJSON (lib.recursiveUpdate declared_config cfg.extraConfig)}
}}
'';
defaults = { defaults = {
app-id = "joex1"; app-id = "joex1";
base-url = "http://localhost:7878"; base-url = "http://localhost:7878";
@ -330,6 +325,15 @@ in {
example = ["-J-Xmx1G"]; example = ["-J-Xmx1G"];
description = "The options passed to the executable for setting jvm arguments."; description = "The options passed to the executable for setting jvm arguments.";
}; };
configFile = mkOption {
type = types.nullOr types.path;
default = null;
example = literalExpression ''"''${config.sops.secrets.docspell_joex_config.path}"'';
description = ''
Path to an existing configuration file.
If null, a configuration file will be generated at /etc/docspell-joex.conf
'';
};
app-id = mkOption { app-id = mkOption {
type = types.str; type = types.str;
@ -1763,6 +1767,17 @@ in {
}; };
users.groups."${user}" = mkIf (cfg.runAs == null) {}; users.groups."${user}" = mkIf (cfg.runAs == null) {};
environment.etc."docspell-joex.conf" = mkIf (cfg.configFile == null) {
text = ''
{"docspell": {"joex":
${builtins.toJSON (lib.recursiveUpdate declared_config cfg.extraConfig)}
}}
'';
user = user;
group = user;
mode = "0400";
};
# Setting up a unoconv listener to improve conversion performance # Setting up a unoconv listener to improve conversion performance
systemd.services.unoconv = let systemd.services.unoconv = let
cmd = "${pkgs.unoconv}/bin/unoconv --listener -v"; cmd = "${pkgs.unoconv}/bin/unoconv --listener -v";
@ -1778,6 +1793,9 @@ in {
systemd.services.docspell-joex = let systemd.services.docspell-joex = let
args = builtins.concatStringsSep " " cfg.jvmArgs; args = builtins.concatStringsSep " " cfg.jvmArgs;
configFile = if cfg.configFile == null
then "/etc/docspell-joex.conf"
else "${cfg.configFile}";
cmd = "${lib.getExe' cfg.package "docspell-joex"} ${args} -- ${configFile}"; cmd = "${lib.getExe' cfg.package "docspell-joex"} ${args} -- ${configFile}";
waitTarget = waitTarget =
if cfg.waitForTarget != null if cfg.waitForTarget != null

28
nix/modules/server.nix
View File

@ -12,11 +12,6 @@ with lib; let
if cfg.runAs == null if cfg.runAs == null
then "docspell" then "docspell"
else cfg.runAs; else cfg.runAs;
configFile = pkgs.writeText "docspell-restserver.conf" ''
{"docspell": {"server":
${builtins.toJSON (lib.recursiveUpdate declared_config cfg.extraConfig)}
}}
'';
defaults = { defaults = {
app-name = "Docspell"; app-name = "Docspell";
app-id = "rest1"; app-id = "rest1";
@ -167,6 +162,15 @@ in {
example = ["-J-Xmx1G"]; example = ["-J-Xmx1G"];
description = "The options passed to the executable for setting jvm arguments."; description = "The options passed to the executable for setting jvm arguments.";
}; };
configFile = mkOption {
type = types.nullOr types.path;
default = null;
example = literalExpression ''"''${config.sops.secrets.docspell_restserver_config.path}"'';
description = ''
Path to an existing configuration file.
If null, a configuration file will be generated at /etc/docspell-restserver.conf
'';
};
app-name = mkOption { app-name = mkOption {
type = types.str; type = types.str;
@ -897,8 +901,22 @@ in {
}; };
users.groups."${user}" = mkIf (cfg.runAs == null) {}; users.groups."${user}" = mkIf (cfg.runAs == null) {};
environment.etc."docspell-restserver.conf" = mkIf (cfg.configFile == null) {
text = ''
{"docspell": {"server":
${builtins.toJSON (lib.recursiveUpdate declared_config cfg.extraConfig)}
}}
'';
user = user;
group = user;
mode = "0400";
};
systemd.services.docspell-restserver = let systemd.services.docspell-restserver = let
args = builtins.concatStringsSep " " cfg.jvmArgs; args = builtins.concatStringsSep " " cfg.jvmArgs;
configFile = if cfg.configFile == null
then "/etc/docspell-restserver.conf"
else "${cfg.configFile}";
cmd = "${lib.getExe' cfg.package "docspell-restserver"} ${args} -- ${configFile}"; cmd = "${lib.getExe' cfg.package "docspell-restserver"} ${args} -- ${configFile}";
in { in {
description = "Docspell Rest Server"; description = "Docspell Rest Server";