2021-11-03 14:28:09 +01:00
|
|
|
{ config, pkgs, lib, ... }:
|
|
|
|
|
|
|
|
with lib;
|
|
|
|
|
|
|
|
let
|
|
|
|
cfg = config.services.lxd-image-server;
|
|
|
|
format = pkgs.formats.toml {};
|
|
|
|
|
|
|
|
location = "/var/www/simplestreams";
|
|
|
|
in
|
|
|
|
{
|
|
|
|
options = {
|
|
|
|
services.lxd-image-server = {
|
|
|
|
enable = mkEnableOption "lxd-image-server";
|
|
|
|
|
|
|
|
group = mkOption {
|
|
|
|
type = types.str;
|
|
|
|
description = "Group assigned to the user and the webroot directory.";
|
|
|
|
default = "nginx";
|
|
|
|
example = "www-data";
|
|
|
|
};
|
|
|
|
|
|
|
|
settings = mkOption {
|
|
|
|
type = format.type;
|
|
|
|
description = ''
|
|
|
|
Configuration for lxd-image-server.
|
|
|
|
|
|
|
|
Example see <link xlink:href="https://github.com/Avature/lxd-image-server/blob/master/config.toml"/>.
|
|
|
|
'';
|
|
|
|
default = {};
|
|
|
|
};
|
|
|
|
|
|
|
|
nginx = {
|
|
|
|
enable = mkEnableOption "nginx";
|
|
|
|
domain = mkOption {
|
|
|
|
type = types.str;
|
|
|
|
description = "Domain to use for nginx virtual host.";
|
|
|
|
example = "images.example.org";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
config = mkMerge [
|
|
|
|
(mkIf (cfg.enable) {
|
|
|
|
users.users.lxd-image-server = {
|
|
|
|
isSystemUser = true;
|
|
|
|
group = cfg.group;
|
|
|
|
};
|
|
|
|
users.groups.${cfg.group} = {};
|
|
|
|
|
|
|
|
environment.etc."lxd-image-server/config.toml".source = format.generate "config.toml" cfg.settings;
|
|
|
|
|
|
|
|
services.logrotate.paths.lxd-image-server = {
|
|
|
|
path = "/var/log/lxd-image-server/lxd-image-server.log";
|
|
|
|
frequency = "daily";
|
|
|
|
keep = 21;
|
|
|
|
extraConfig = ''
|
2021-12-01 08:38:31 +01:00
|
|
|
create 755 lxd-image-server ${cfg.group}
|
2021-11-03 14:28:09 +01:00
|
|
|
missingok
|
|
|
|
compress
|
|
|
|
delaycompress
|
|
|
|
copytruncate
|
|
|
|
notifempty
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
systemd.tmpfiles.rules = [
|
|
|
|
"d /var/www/simplestreams 0755 lxd-image-server ${cfg.group}"
|
|
|
|
];
|
|
|
|
|
|
|
|
systemd.services.lxd-image-server = {
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
|
|
|
after = [ "network.target" ];
|
|
|
|
|
|
|
|
description = "LXD Image Server";
|
|
|
|
|
|
|
|
script = ''
|
|
|
|
${pkgs.lxd-image-server}/bin/lxd-image-server init
|
|
|
|
${pkgs.lxd-image-server}/bin/lxd-image-server watch
|
|
|
|
'';
|
|
|
|
|
|
|
|
serviceConfig = {
|
|
|
|
User = "lxd-image-server";
|
|
|
|
Group = cfg.group;
|
|
|
|
DynamicUser = true;
|
|
|
|
LogsDirectory = "lxd-image-server";
|
|
|
|
RuntimeDirectory = "lxd-image-server";
|
|
|
|
ExecReload = "${pkgs.lxd-image-server}/bin/lxd-image-server reload";
|
|
|
|
ReadWritePaths = [ location ];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
})
|
|
|
|
# this is seperate so it can be enabled on mirrored hosts
|
|
|
|
(mkIf (cfg.nginx.enable) {
|
|
|
|
# https://github.com/Avature/lxd-image-server/blob/master/resources/nginx/includes/lxd-image-server.pkg.conf
|
|
|
|
services.nginx.virtualHosts = {
|
|
|
|
"${cfg.nginx.domain}" = {
|
|
|
|
forceSSL = true;
|
|
|
|
enableACME = mkDefault true;
|
|
|
|
|
|
|
|
root = location;
|
|
|
|
|
|
|
|
locations = {
|
|
|
|
"/streams/v1/" = {
|
|
|
|
index = "index.json";
|
|
|
|
};
|
|
|
|
|
|
|
|
# Serve json files with content type header application/json
|
|
|
|
"~ \.json$" = {
|
|
|
|
extraConfig = ''
|
|
|
|
add_header Content-Type application/json;
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
"~ \.tar.xz$" = {
|
|
|
|
extraConfig = ''
|
|
|
|
add_header Content-Type application/octet-stream;
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
"~ \.tar.gz$" = {
|
|
|
|
extraConfig = ''
|
|
|
|
add_header Content-Type application/octet-stream;
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
# Deny access to document root and the images folder
|
|
|
|
"~ ^/(images/)?$" = {
|
|
|
|
return = "403";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
})
|
|
|
|
];
|
|
|
|
}
|