TheAnachronism/docspell
1
0
Fork 0
mirror of https://github.com/TheAnachronism/docspell.git synced 2025-06-21 18:08:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Extend nix flake setup

Browse Source
This commit is contained in:
eikek
2024-03-09 01:28:44 +01:00
parent 4167b64e31
commit 2e18274803
15 changed files with 824 additions and 491 deletions
Download Patch File Download Diff File Expand all files Collapse all files

329
nix/modules/joex.nix
View File

File diff suppressed because it is too large Load Diff

155
nix/modules/server.nix
View File

@ -1,11 +1,17 @@
overlay: { config, lib, pkgs, ... }:
with lib;
let
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.services.docspell-restserver;
# Extract the config without the extraConfig attribute. It will be merged later
declared_config = attrsets.filterAttrs (n: v: n != "extraConfig") cfg;
user = if cfg.runAs == null then "docspell" else cfg.runAs;
user =
if cfg.runAs == null
then "docspell"
else cfg.runAs;
configFile = pkgs.writeText "docspell-server.conf" ''
{"docspell": {"server":
${builtins.toJSON (lib.recursiveUpdate declared_config cfg.extraConfig)}
@ -44,7 +50,7 @@ let
source-name = "integration";
allowed-ips = {
enabled = false;
ips = [ "127.0.0.1" ];
ips = ["127.0.0.1"];
};
http-basic = {
enabled = false;
@ -78,9 +84,9 @@ let
user = "pguser";
password = "";
};
pg-config = { };
pg-config = {};
pg-query-parser = "websearch_to_tsquery";
pg-rank-normalization = [ 4 ];
pg-rank-normalization = [4];
};
};
auth = {
@ -126,19 +132,17 @@ let
};
files = {
chunk-size = 524288;
valid-mime-types = [ ];
valid-mime-types = [];
};
addons = {
enabled = false;
allow-impure = true;
allowed-urls = [ "*" ];
denied-urls = [ ];
allowed-urls = ["*"];
denied-urls = [];
};
};
};
in
{
in {
## interface
options = {
services.docspell-restserver = {
@ -156,12 +160,11 @@ in
};
jvmArgs = mkOption {
type = types.listOf types.str;
default = [ ];
example = [ "-J-Xmx1G" ];
default = [];
example = ["-J-Xmx1G"];
description = "The options passed to the executable for setting jvm arguments.";
};
app-name = mkOption {
type = types.str;
default = defaults.app-name;
@ -232,7 +235,7 @@ in
};
bind = mkOption {
type = types.submodule ({
type = types.submodule {
options = {
address = mkOption {
type = types.str;
@ -245,13 +248,13 @@ in
description = "The port to bind the REST server";
};
};
});
};
default = defaults.bind;
description = "Address and port bind the rest server.";
};
server-options = mkOption {
type = types.submodule ({
type = types.submodule {
options = {
enable-http-2 = mkOption {
type = types.bool;
@ -269,13 +272,13 @@ in
description = "Timeout when waiting for the response.";
};
};
});
};
default = defaults.server-options;
description = "Tuning the http server";
};
logging = mkOption {
type = types.submodule ({
type = types.submodule {
options = {
minimum-level = mkOption {
type = types.str;
@ -293,13 +296,13 @@ in
description = "Set of logger and their levels";
};
};
});
};
default = defaults.logging;
description = "Settings for logging";
};
auth = mkOption {
type = types.submodule ({
type = types.submodule {
options = {
server-secret = mkOption {
type = types.str;
@ -320,7 +323,7 @@ in
'';
};
remember-me = mkOption {
type = types.submodule ({
type = types.submodule {
options = {
enabled = mkOption {
type = types.bool;
@ -333,18 +336,18 @@ in
description = "The time a remember-me token is valid.";
};
};
});
};
default = defaults.auth.remember-me;
description = "Settings for Remember-Me";
};
};
});
};
default = defaults.auth;
description = "Authentication";
};
download-all = mkOption {
type = types.submodule ({
type = types.submodule {
options = {
max-files = mkOption {
type = types.int;
@ -357,7 +360,7 @@ in
description = "The maximum (uncompressed) size of the zip file contents.";
};
};
});
};
default = defaults.download-all;
description = "";
};
@ -387,7 +390,7 @@ in
description = "How to retrieve the collective name.";
};
provider = mkOption {
type = (types.submodule {
type = types.submodule {
options = {
provider-id = mkOption {
type = types.str;
@ -436,18 +439,18 @@ in
description = "The expected algorithm used to sign the token.";
};
};
});
};
default = defaults.openid.provider;
description = "The config for an OpenID Connect provider.";
};
};
});
default = [ ];
default = [];
description = "A list of OIDC provider configurations.";
};
integration-endpoint = mkOption {
type = types.submodule ({
type = types.submodule {
options = {
enabled = mkOption {
type = types.bool;
@ -467,7 +470,7 @@ in
'';
};
allowed-ips = mkOption {
type = types.submodule ({
type = types.submodule {
options = {
enabled = mkOption {
type = types.bool;
@ -480,7 +483,7 @@ in
description = "The ips/ip patterns to allow";
};
};
});
};
default = defaults.integration-endpoint.allowed-ips;
description = ''
IPv4 addresses to allow access. An empty list, if enabled,
@ -491,7 +494,7 @@ in
'';
};
http-basic = mkOption {
type = types.submodule ({
type = types.submodule {
options = {
enabled = mkOption {
type = types.bool;
@ -514,14 +517,14 @@ in
description = "The password to check.";
};
};
});
};
default = defaults.integration-endpoint.http-basic;
description = ''
Requests are expected to use http basic auth when uploading files.
'';
};
http-header = mkOption {
type = types.submodule ({
type = types.submodule {
options = {
enabled = mkOption {
type = types.bool;
@ -539,7 +542,7 @@ in
description = "The value of the header to check.";
};
};
});
};
default = defaults.integration-endpoint.http-header;
description = ''
Requests are expected to supply some specific header when
@ -547,7 +550,7 @@ in
'';
};
};
});
};
default = defaults.integration-endpoint;
description = ''
This endpoint allows to upload files to any collective. The
@ -566,7 +569,7 @@ in
};
admin-endpoint = mkOption {
type = types.submodule ({
type = types.submodule {
options = {
secret = mkOption {
type = types.str;
@ -574,13 +577,13 @@ in
description = "The secret used to call admin endpoints.";
};
};
});
};
default = defaults.admin-endpoint;
description = "An endpoint for administration tasks.";
};
full-text-search = mkOption {
type = types.submodule ({
type = types.submodule {
options = {
enabled = mkOption {
type = types.bool;
@ -597,7 +600,7 @@ in
description = "The backend to use, either solr or postgresql";
};
solr = mkOption {
type = types.submodule ({
type = types.submodule {
options = {
url = mkOption {
type = types.str;
@ -629,13 +632,13 @@ in
description = "The default combiner for tokens. One of {AND, OR}.";
};
};
});
};
default = defaults.full-text-search.solr;
description = "Configuration for the SOLR backend.";
};
postgresql = mkOption {
type = types.submodule ({
type = types.submodule {
options = {
use-default-connection = mkOption {
type = types.bool;
@ -643,7 +646,7 @@ in
description = "Whether to use the primary db connection.";
};
jdbc = mkOption {
type = types.submodule ({
type = types.submodule {
options = {
url = mkOption {
type = types.str;
@ -663,7 +666,7 @@ in
description = "The password to connect to the database.";
};
};
});
};
default = defaults.full-text-search.postgresql.jdbc;
description = "Database connection settings";
};
@ -683,18 +686,18 @@ in
description = "";
};
};
});
};
default = defaults.full-text-search.postgresql;
description = "PostgreSQL for fulltext search";
};
};
});
};
default = defaults.full-text-search;
description = "Configuration for full-text search.";
};
backend = mkOption {
type = types.submodule ({
type = types.submodule {
options = {
mail-debug = mkOption {
type = types.bool;
@ -707,7 +710,7 @@ in
'';
};
jdbc = mkOption {
type = types.submodule ({
type = types.submodule {
options = {
url = mkOption {
type = types.str;
@ -734,12 +737,12 @@ in
description = "The password to connect to the database.";
};
};
});
};
default = defaults.backend.jdbc;
description = "Database connection settings";
};
signup = mkOption {
type = types.submodule ({
type = types.submodule {
options = {
mode = mkOption {
type = types.str;
@ -772,12 +775,12 @@ in
'';
};
};
});
};
default = defaults.backend.signup;
description = "Registration settings";
};
files = mkOption {
type = types.submodule ({
type = types.submodule {
options = {
chunk-size = mkOption {
type = types.int;
@ -804,12 +807,12 @@ in
'';
};
};
});
};
default = defaults.backend.files;
description = "Settings for how files are stored.";
};
addons = mkOption {
type = types.submodule ({
type = types.submodule {
options = {
enabled = mkOption {
type = types.bool;
@ -832,19 +835,19 @@ in
description = "Url patterns to deny to install";
};
};
});
};
default = defaults.backend.addons;
description = "Addon config";
};
};
});
};
default = defaults.backend;
description = "Configuration for the backend";
};
extraConfig = mkOption {
type = types.attrs;
description = "Extra configuration for docspell server. Overwrites values in case of a conflict.";
default = { };
default = {};
example = ''
{
files = {
@ -863,8 +866,6 @@ in
## implementation
config = mkIf config.services.docspell-restserver.enable {
nixpkgs.overlays = [ overlay ];
users.users."${user}" = mkIf (cfg.runAs == null) {
name = user;
isSystemUser = true;
@ -873,24 +874,20 @@ in
description = "Docspell user";
group = user;
};
users.groups."${user}" = mkIf (cfg.runAs == null) { };
users.groups."${user}" = mkIf (cfg.runAs == null) {};
systemd.services.docspell-restserver =
let
args = builtins.concatStringsSep " " cfg.jvmArgs;
cmd = "${pkgs.docspell-server}/bin/docspell-restserver ${args} -- ${configFile}";
in
{
description = "Docspell Rest Server";
after = [ "networking.target" ];
wantedBy = [ "multi-user.target" ];
path = [ pkgs.gawk ];
preStart = ''
systemd.services.docspell-restserver = let
args = builtins.concatStringsSep " " cfg.jvmArgs;
cmd = "${pkgs.docspell-server}/bin/docspell-restserver ${args} -- ${configFile}";
in {
description = "Docspell Rest Server";
after = ["networking.target"];
wantedBy = ["multi-user.target"];
path = [pkgs.gawk];
preStart = ''
'';
script =
"${pkgs.su}/bin/su -s ${pkgs.bash}/bin/sh ${user} -c \"${cmd}\"";
};
script = "${pkgs.su}/bin/su -s ${pkgs.bash}/bin/sh ${user} -c \"${cmd}\"";
};
};
}