Stuce/sTodo
1
0
Fork 0
Code Issues Pull requests Projects Releases 3 Packages Wiki Activity Actions
sTodo/flake.nix
stuce-bot e51fac7b6a updated for r3
2025-06-26 12:23:00 +02:00

124 lines
3.6 KiB
Nix
Raw Blame History

{
description = "A flake to install sTodo";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
};
outputs = {
self,
nixpkgs,
}: let
tarball = fetchTarball {
url = "https://git.stuce.ch/stuce/sTodo/releases/download/r3/release2.tar.gz";
sha256 = "1h72drqsk690d5i53czpzgs4761wydk49cvz6fq0hgc3q3z214ha";
};
in {
packages.x86_64-linux.sTodo = with nixpkgs.legacyPackages.x86_64-linux;
stdenv.mkDerivation {
pname = "sTodo";
version = "1.0.0";
src = tarball;
buildInputs = [zlib gmp libffi];
nativeBuildInputs = [openssl];
installPhase = ''
mkdir -p $out/bin
cp $src/sTodo $out/bin
'';
mainProgram = "sTodo";
};
nixosModules.sTodo = {
config,
lib,
pkgs,
...
}: let
cfg = config.services.sTodo;
sessionKey = "/etc/sTodo/client_session_key.aes";
in {
options.services.sTodo = {
# options.programs.sTodo = {
enable = lib.mkEnableOption "sTodo";
package = lib.mkOption {
type = lib.types.package;
default = self.packages.x86_64-linux.sTodo;
};
appRoot = lib.mkOption {
type = lib.types.str;
default = "http://localhost:6901";
description = "Link used to access the webapp";
};
clientSessionKey = lib.mkOption {
type = lib.types.str;
default = "/etc/sTodo/client_session_key.aes";
description = "Location of the client session key";
};
port = lib.mkOption {
type = lib.types.int;
default = 6901;
description = "Default port of the app";
};
};
# Systemd Service
config = lib.mkIf cfg.enable {
environment.etc."sTodo/static" = {
source = "${tarball}/static";
};
environment.systemPackages = [pkgs.openssl];
users.groups."sTodo".name = "sTodo";
users.users."sTodo" = {
name = "sTodo";
isSystemUser = true;
group = "sTodo";
};
systemd.services.sTodo.preStart = ''
[ -f ${sessionKey} ] || {
"${pkgs.openssl}/bin/openssl" rand 256 > ${sessionKey}
}
'';
systemd.services.sTodo = {
description = "Launch a sTodo app to have a online todolist";
after = ["network.target"];
wantedBy = ["multi-user.target"];
serviceConfig = {
ExecStart = "${cfg.package}/bin/sTodo";
Restart = "always";
User = "sTodo";
Group = "sTodo";
StateDirectory = "sTodo";
StateDirectoryMode = "0700";
AmbientCapabilities = "";
CapabilityBoundingSet = "";
DeviceAllow = "";
LockPersonality = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = "read-only";
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "noaccess";
ProtectSystem = "strict";
};
environment = {
YESOD_PORT = "${toString cfg.port}";
YESOD_APPROOT = "${cfg.appRoot}";
YESOD_SQLITE_DATABASE = "/var/lib/sTodo/sTodo.sqlite3";
YESOD_STATIC_DIR = "/etc/sTodo/static";
YESOD_SESSION_KEY = sessionKey;
};
};
};
};
};
}
Reference in a new issue View git blame Copy permalink