depot/nixos/modules/services/web-apps/hledger-web.nix
Luke Granger-Brown 57725ef3ec Squashed 'third_party/nixpkgs/' content from commit 76612b17c0ce
git-subtree-dir: third_party/nixpkgs
git-subtree-split: 76612b17c0ce71689921ca12d9ffdc9c23ce40b2
2024-11-10 23:59:47 +00:00

131 lines
3.5 KiB
Nix

{ lib, pkgs, config, ... }:
with lib;
let
cfg = config.services.hledger-web;
in {
options.services.hledger-web = {
enable = mkEnableOption "hledger-web service";
serveApi = mkEnableOption "serving only the JSON web API, without the web UI";
host = mkOption {
type = types.str;
default = "127.0.0.1";
description = ''
Address to listen on.
'';
};
port = mkOption {
type = types.port;
default = 5000;
example = 80;
description = ''
Port to listen on.
'';
};
allow = mkOption {
type = types.enum [ "view" "add" "edit" "sandstorm" ];
default = "view";
description = ''
User's access level for changing data.
* view: view only permission.
* add: view and add permissions.
* edit: view, add, and edit permissions.
* sandstorm: permissions from the `X-Sandstorm-Permissions` request header.
'';
};
stateDir = mkOption {
type = types.path;
default = "/var/lib/hledger-web";
description = ''
Path the service has access to. If left as the default value this
directory will automatically be created before the hledger-web server
starts, otherwise the sysadmin is responsible for ensuring the
directory exists with appropriate ownership and permissions.
'';
};
journalFiles = mkOption {
type = types.listOf types.str;
default = [ ".hledger.journal" ];
description = ''
Paths to journal files relative to {option}`services.hledger-web.stateDir`.
'';
};
baseUrl = mkOption {
type = with types; nullOr str;
default = null;
example = "https://example.org";
description = ''
Base URL, when sharing over a network.
'';
};
extraOptions = mkOption {
type = types.listOf types.str;
default = [];
example = [ "--forecast" ];
description = ''
Extra command line arguments to pass to hledger-web.
'';
};
};
imports = [
(mkRemovedOptionModule [ "services" "hledger-web" "capabilities" ]
"This option has been replaced by new option `services.hledger-web.allow`.")
];
config = mkIf cfg.enable {
users.users.hledger = {
name = "hledger";
group = "hledger";
isSystemUser = true;
home = cfg.stateDir;
useDefaultShell = true;
};
users.groups.hledger = {};
systemd.services.hledger-web = let
serverArgs = with cfg; escapeShellArgs ([
"--serve"
"--host=${host}"
"--port=${toString port}"
"--allow=${allow}"
(optionalString (cfg.baseUrl != null) "--base-url=${cfg.baseUrl}")
(optionalString (cfg.serveApi) "--serve-api")
] ++ (map (f: "--file=${stateDir}/${f}") cfg.journalFiles)
++ extraOptions);
in {
description = "hledger-web - web-app for the hledger accounting tool.";
documentation = [ "https://hledger.org/hledger-web.html" ];
wantedBy = [ "multi-user.target" ];
after = [ "networking.target" ];
serviceConfig = mkMerge [
{
ExecStart = "${pkgs.hledger-web}/bin/hledger-web ${serverArgs}";
Restart = "always";
WorkingDirectory = cfg.stateDir;
User = "hledger";
Group = "hledger";
PrivateTmp = true;
}
(mkIf (cfg.stateDir == "/var/lib/hledger-web") {
StateDirectory = "hledger-web";
})
];
};
};
meta.maintainers = with lib.maintainers; [ marijanp erictapen ];
}