Luke Granger-Brown
57725ef3ec
git-subtree-dir: third_party/nixpkgs git-subtree-split: 76612b17c0ce71689921ca12d9ffdc9c23ce40b2
107 lines
2.7 KiB
Nix
107 lines
2.7 KiB
Nix
{
|
|
config,
|
|
pkgs,
|
|
lib,
|
|
...
|
|
}:
|
|
|
|
let
|
|
cfg = config.services.chromadb;
|
|
inherit (lib)
|
|
mkEnableOption
|
|
mkOption
|
|
mkIf
|
|
types
|
|
literalExpression
|
|
;
|
|
in
|
|
{
|
|
|
|
meta.maintainers = with lib.maintainers; [ drupol ];
|
|
|
|
options = {
|
|
services.chromadb = {
|
|
enable = mkEnableOption "ChromaDB, an open-source AI application database.";
|
|
|
|
package = mkOption {
|
|
type = types.package;
|
|
example = literalExpression "pkgs.python3Packages.chromadb";
|
|
default = pkgs.python3Packages.chromadb;
|
|
defaultText = "pkgs.python3Packages.chromadb";
|
|
description = "ChromaDB package to use.";
|
|
};
|
|
|
|
host = mkOption {
|
|
type = types.str;
|
|
default = "127.0.0.1";
|
|
description = ''
|
|
Defines the IP address by which ChromaDB will be accessible.
|
|
'';
|
|
};
|
|
|
|
port = mkOption {
|
|
type = types.port;
|
|
default = 8000;
|
|
description = ''
|
|
Defined the port number to listen.
|
|
'';
|
|
};
|
|
|
|
logFile = mkOption {
|
|
type = types.path;
|
|
default = "/var/log/chromadb/chromadb.log";
|
|
description = ''
|
|
Specifies the location of file for logging output.
|
|
'';
|
|
};
|
|
|
|
dbpath = mkOption {
|
|
type = types.str;
|
|
default = "/var/lib/chromadb";
|
|
description = "Location where ChromaDB stores its files";
|
|
};
|
|
|
|
openFirewall = mkOption {
|
|
type = types.bool;
|
|
default = false;
|
|
description = ''
|
|
Whether to automatically open the specified TCP port in the firewall.
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
systemd.services.chromadb = {
|
|
description = "ChromaDB";
|
|
after = [ "network.target" ];
|
|
wantedBy = [ "multi-user.target" ];
|
|
serviceConfig = {
|
|
Type = "simple";
|
|
StateDirectory = "chromadb";
|
|
WorkingDirectory = "/var/lib/chromadb";
|
|
LogsDirectory = "chromadb";
|
|
ExecStart = "${lib.getExe cfg.package} run --path ${cfg.dbpath} --host ${cfg.host} --port ${toString cfg.port} --log-path ${cfg.logFile}";
|
|
Restart = "on-failure";
|
|
ProtectHome = true;
|
|
ProtectSystem = "strict";
|
|
PrivateTmp = true;
|
|
PrivateDevices = true;
|
|
ProtectHostname = true;
|
|
ProtectClock = true;
|
|
ProtectKernelTunables = true;
|
|
ProtectKernelModules = true;
|
|
ProtectKernelLogs = true;
|
|
ProtectControlGroups = true;
|
|
NoNewPrivileges = true;
|
|
RestrictRealtime = true;
|
|
RestrictSUIDSGID = true;
|
|
RemoveIPC = true;
|
|
PrivateMounts = true;
|
|
DynamicUser = true;
|
|
};
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = lib.optionals cfg.openFirewall [ cfg.port ];
|
|
};
|
|
}
|