From ab5dcc7068bfaca3a7a2eaa8ad824a86c2595681 Mon Sep 17 00:00:00 2001 From: Elis Hirwing Date: Sun, 27 Jan 2019 21:31:11 +0100 Subject: [PATCH] nixos/sks: Add option to configure database settings This can be used for options to tweak the behavior around the database. --- nixos/modules/services/security/sks.nix | 28 +++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/nixos/modules/services/security/sks.nix b/nixos/modules/services/security/sks.nix index 9f0261038d5b..8136a5c763a9 100644 --- a/nixos/modules/services/security/sks.nix +++ b/nixos/modules/services/security/sks.nix @@ -5,6 +5,9 @@ with lib; let cfg = config.services.sks; sksPkg = cfg.package; + dbConfig = pkgs.writeText "DB_CONFIG" '' + ${cfg.extraDbConfig} + ''; in { meta.maintainers = with maintainers; [ primeos calbrecht jcumming ]; @@ -39,6 +42,20 @@ in { ''; }; + extraDbConfig = mkOption { + type = types.str; + default = ""; + description = '' + Set contents of the files "KDB/DB_CONFIG" and "PTree/DB_CONFIG" within + the ''${dataDir} directory. This is used to configure options for the + database for the sks key server. + + Documentation of available options are available in the file named + "sampleConfig/DB_CONFIG" in the following repository: + https://bitbucket.org/skskeyserver/sks-keyserver/src + ''; + }; + hkpAddress = mkOption { default = [ "127.0.0.1" "::1" ]; type = types.listOf types.str; @@ -99,6 +116,17 @@ in { ${lib.optionalString (cfg.webroot != null) "ln -sfT \"${cfg.webroot}\" web"} mkdir -p dump + # Check that both database configs are symlinks before overwriting them + if [ -e KDB/DB_CONFIG ] && [ ! -L KBD/DB_CONFIG ]; then + echo "KDB/DB_CONFIG exists but is not a symlink." >&2 + exit 1 + fi + if [ -e PTree/DB_CONFIG ] && [ ! -L PTree/DB_CONFIG ]; then + echo "PTree/DB_CONFIG exists but is not a symlink." >&2 + exit 1 + fi + ln -sf ${dbConfig} KDB/DB_CONFIG + ln -sf ${dbConfig} PTree/DB_CONFIG ${sksPkg}/bin/sks build dump/*.gpg -n 10 -cache 100 || true #*/ ${sksPkg}/bin/sks cleandb || true ${sksPkg}/bin/sks pbuild -cache 20 -ptree_cache 70 || true