{ config, pkgs, lib, ... }: with lib; let cfg = config.services.etebase-server; pythonEnv = pkgs.python3.withPackages (ps: with ps; [ etebase-server daphne ]); dbConfig = { sqlite3 = '' engine = django.db.backends.sqlite3 name = ${cfg.dataDir}/db.sqlite3 ''; }; defaultConfigIni = toString (pkgs.writeText "etebase-server.ini" '' [global] debug = false secret_file = ${if cfg.secretFile != null then cfg.secretFile else ""} media_root = ${cfg.dataDir}/media [allowed_hosts] allowed_host1 = ${cfg.host} [database] ${dbConfig."${cfg.database.type}"} ''); configIni = if cfg.customIni != null then cfg.customIni else defaultConfigIni; defaultUser = "etebase-server"; in { options = { services.etebase-server = { enable = mkOption { type = types.bool; default = false; example = true; description = '' Whether to enable the Etebase server. Once enabled you need to create an admin user using the shell command etebase-server createsuperuser. Then you can login and create accounts on your-etebase-server.com/admin ''; }; secretFile = mkOption { default = null; type = with types; nullOr str; description = '' The path to a file containing the secret used as django's SECRET_KEY. ''; }; dataDir = mkOption { type = types.str; default = "/var/lib/etebase-server"; description = "Directory to store the Etebase server data."; }; port = mkOption { type = with types; nullOr port; default = 8001; description = "Port to listen on."; }; openFirewall = mkOption { type = types.bool; default = false; description = '' Whether to open ports in the firewall for the server. ''; }; host = mkOption { type = types.str; default = "0.0.0.0"; example = "localhost"; description = '' Host to listen on. ''; }; unixSocket = mkOption { type = with types; nullOr str; default = null; description = "The path to the socket to bind to."; example = "/run/etebase-server/etebase-server.sock"; }; database = { type = mkOption { type = types.enum [ "sqlite3" ]; default = "sqlite3"; description = '' Database engine to use. Currently only sqlite3 is supported. Other options can be configured using extraConfig. ''; }; }; customIni = mkOption { type = with types; nullOr str; default = null; description = '' Custom etebase-server.ini. See etebase-src/etebase-server.ini.example for available options. Setting this option overrides the default config which is generated from the options secretFile, host and database. ''; example = literalExample '' [global] debug = false secret_file = /path/to/secret media_root = /path/to/media [allowed_hosts] allowed_host1 = example.com [database] engine = django.db.backends.sqlite3 name = db.sqlite3 ''; }; user = mkOption { type = types.str; default = defaultUser; description = "User under which Etebase server runs."; }; }; }; config = mkIf cfg.enable { environment.systemPackages = with pkgs; [ (runCommand "etebase-server" { buildInputs = [ makeWrapper ]; } '' makeWrapper ${pythonEnv}/bin/etebase-server \ $out/bin/etebase-server \ --run "cd ${cfg.dataDir}" \ --prefix ETEBASE_EASY_CONFIG_PATH : "${configIni}" '') ]; systemd.tmpfiles.rules = [ "d '${cfg.dataDir}' - ${cfg.user} ${config.users.users.${cfg.user}.group} - -" ]; systemd.services.etebase-server = { description = "An Etebase (EteSync 2.0) server"; after = [ "network.target" "systemd-tmpfiles-setup.service" ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { User = cfg.user; Restart = "always"; WorkingDirectory = cfg.dataDir; }; environment = { PYTHONPATH="${pythonEnv}/${pkgs.python3.sitePackages}"; ETEBASE_EASY_CONFIG_PATH="${configIni}"; }; preStart = '' # Auto-migrate on first run or if the package has changed versionFile="${cfg.dataDir}/src-version" if [[ $(cat "$versionFile" 2>/dev/null) != ${pkgs.etebase-server} ]]; then ${pythonEnv}/bin/etebase-server migrate echo ${pkgs.etebase-server} > "$versionFile" fi ''; script = let networking = if cfg.unixSocket != null then "-u ${cfg.unixSocket}" else "-b 0.0.0.0 -p ${toString cfg.port}"; in '' cd "${pythonEnv}/lib/etebase-server"; ${pythonEnv}/bin/daphne ${networking} \ etebase_server.asgi:application ''; }; users = optionalAttrs (cfg.user == defaultUser) { users.${defaultUser} = { group = defaultUser; home = cfg.dataDir; }; groups.${defaultUser} = {}; }; networking.firewall = mkIf cfg.openFirewall { allowedTCPPorts = [ cfg.port ]; }; }; }