alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity

prosody-filer service: init

Browse source 
Add user and group, as files stored are persistent and to be accessed by nginx or other web server.
This commit is contained in:
Nikolay Amiantov 2022-01-08 13:36:29 +03:00
parent b0dacda1a2
commit 8956803ade
4 changed files with 98 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
View file

@ -135,6 +135,13 @@
<link linkend="opt-services.baget.enable">services.baget</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://github.com/ThomasLeister/prosody-filer">prosody-filer</link>,
a server for handling XMPP HTTP Upload requests. Available at
<link linkend="opt-services.prosody-filer.enable">services.prosody-filer</link>.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-22.05-incompatibilities">

2
nixos/doc/manual/release-notes/rl-2205.section.md
View file

@ -41,6 +41,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- [BaGet](https://loic-sharma.github.io/BaGet/), a lightweight NuGet and symbol server. Available at [services.baget](#opt-services.baget.enable).
- [prosody-filer](https://github.com/ThomasLeister/prosody-filer), a server for handling XMPP HTTP Upload requests. Available at [services.prosody-filer](#opt-services.prosody-filer.enable).
## Backward Incompatibilities {#sec-release-22.05-incompatibilities}
- `pkgs.ghc` now refers to `pkgs.targetPackages.haskellPackages.ghc`.

1
nixos/modules/module-list.nix
View file

@ -1031,6 +1031,7 @@
./services/web-apps/plausible.nix
./services/web-apps/pgpkeyserver-lite.nix
./services/web-apps/powerdns-admin.nix
./services/web-apps/prosody-filer.nix
./services/web-apps/matomo.nix
./services/web-apps/openwebrx.nix
./services/web-apps/restya-board.nix

88
nixos/modules/services/web-apps/prosody-filer.nix Normal file
View file

@ -0,0 +1,88 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.prosody-filer;
settingsFormat = pkgs.formats.toml { };
configFile = settingsFormat.generate "prosody-filer.toml" cfg.settings;
in {
options = {
services.prosody-filer = {
enable = mkEnableOption "Prosody Filer XMPP upload file server";
settings = mkOption {
description = ''
Configuration for Prosody Filer.
Refer to <link xlink:href="https://github.com/ThomasLeister/prosody-filer#configure-prosody-filer"/> for details on supported values.
'';
type = settingsFormat.type;
example = literalExample ''
{
secret = "mysecret";
storeDir = "/srv/http/nginx/prosody-upload";
}
'';
defaultText = literalExpression ''
{
listenport = mkDefault "127.0.0.1:5050";
uploadSubDir = mkDefault "upload/";
}
'';
};
};
};
config = mkIf cfg.enable {
services.prosody-filer.settings = {
listenport = mkDefault "127.0.0.1:5050";
uploadSubDir = mkDefault "upload/";
};
users.users.prosody-filer = {
group = "prosody-filer";
isSystemUser = true;
};
users.groups.prosody-filer = { };
systemd.services.prosody-filer = {
description = "Prosody file upload server";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
User = "prosody-filer";
Group = "prosody-filer";
ExecStart = "${pkgs.prosody-filer}/bin/prosody-filer -config ${configFile}";
Restart = "on-failure";
CapabilityBoundingSet = "";
NoNewPrivileges = true;
PrivateDevices = true;
PrivateTmp = true;
PrivateMounts = true;
ProtectHome = true;
ProtectClock = true;
ProtectProc = "noaccess";
ProcSubset = "pid";
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectControlGroups = true;
ProtectHostname = true;
RestrictSUIDSGID = true;
RestrictRealtime = true;
RestrictNamespaces = true;
LockPersonality = true;
RemoveIPC = true;
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
SystemCallFilter = [ "@system-service" "~@privileged" "~@resources" ];
};
};
};
}