colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
bbc690a0df
nixpkgs/nixos/modules/services/web-apps/alps.nix
Jade Lovelace 6c5ab28fce nixos: fix a bunch of services missing dep on network-online.target 
This was done by generating a truly hilarious configuration:

rg 'services\.[^.]+\.enable\t' opts-tags | cut -f1 > allonconfig.nix

The following were not tested due to other evaluation errors. They
should probably be manually audited.
services.amule
services.castopod
services.ceph
services.chatgpt-retrieval-plugin
services.clamsmtp
services.clight
services.dante
services.dex
services.discourse
services.dwm-status
services.engelsystem
services.foundationdb
services.frigate
services.frp
services.grocy
services.guacamole-client
services.hedgedoc
services.home-assistant
services.honk
services.imaginary
services.jitsi-meet
services.kerberos_server
services.limesurvey
services.mastodon
services.mediawiki
services.mobilizon
services.moodle
services.mosquitto
services.nextcloud
services.nullmailer
services.patroni
services.pfix-srsd
services.pgpkeyserver-lite
services.postfixadmin
services.roundcube
services.schleuder
services.self-deploy
services.slskd
services.spacecookie
services.statsd
services.step-ca
services.sympa
services.tsmBackup
services.vdirsyncer
services.vikunja
services.yandex-disk
services.zabbixWeb
2024-01-19 00:11:34 -08:00

134 lines
3.3 KiB
Nix
Raw Blame History

{ lib, pkgs, config, ... }:
with lib;
let
cfg = config.services.alps;
in {
options.services.alps = {
enable = mkEnableOption (lib.mdDoc "alps");
port = mkOption {
type = types.port;
default = 1323;
description = lib.mdDoc ''
TCP port the service should listen on.
'';
};
bindIP = mkOption {
default = "[::]";
type = types.str;
description = lib.mdDoc ''
The IP the service should listen on.
'';
};
theme = mkOption {
type = types.enum [ "alps" "sourcehut" ];
default = "sourcehut";
description = lib.mdDoc ''
The frontend's theme to use.
'';
};
imaps = {
port = mkOption {
type = types.port;
default = 993;
description = lib.mdDoc ''
The IMAPS server port.
'';
};
host = mkOption {
type = types.str;
default = "[::1]";
example = "mail.example.org";
description = lib.mdDoc ''
The IMAPS server address.
'';
};
};
smtps = {
port = mkOption {
type = types.port;
default = 465;
description = lib.mdDoc ''
The SMTPS server port.
'';
};
host = mkOption {
type = types.str;
default = cfg.imaps.host;
defaultText = "services.alps.imaps.host";
example = "mail.example.org";
description = lib.mdDoc ''
The SMTPS server address.
'';
};
};
package = mkOption {
internal = true;
type = types.package;
default = pkgs.alps;
};
args = mkOption {
internal = true;
type = types.listOf types.str;
default = [
"-addr" "${cfg.bindIP}:${toString cfg.port}"
"-theme" "${cfg.theme}"
"imaps://${cfg.imaps.host}:${toString cfg.imaps.port}"
"smtps://${cfg.smtps.host}:${toString cfg.smtps.port}"
];
};
};
config = mkIf cfg.enable {
systemd.services.alps = {
description = "alps is a simple and extensible webmail.";
documentation = [ "https://git.sr.ht/~migadu/alps" ];
wantedBy = [ "multi-user.target" ];
wants = [ "network-online.target" ];
after = [ "network.target" "network-online.target" ];
serviceConfig = {
ExecStart = "${cfg.package}/bin/alps ${escapeShellArgs cfg.args}";
AmbientCapabilities = "";
CapabilityBoundingSet = "";
DynamicUser = true;
LockPersonality = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateIPC = true;
PrivateTmp = true;
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProtectSystem = "strict";
RemoveIPC = true;
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SocketBindAllow = cfg.port;
SocketBindDeny = "any";
SystemCallArchitectures = "native";
SystemCallFilter = [ "@system-service" "~@privileged @obsolete" ];
};
};
};
}
Reference in New Issue View Git Blame Copy Permalink