ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2025-01-04 01:42:53 +03:00
Code Issues Projects Releases Wiki Activity

nixos/xandikos: init

Browse Source
This commit is contained in:
0x4A6F 2019-12-14 01:18:44 +01:00
parent 78aec9cfcb
commit c9ca370e32
No known key found for this signature in database
GPG Key ID: 8DEDBA5BE07080E1
2 changed files with 149 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
nixos/modules/module-list.nix
View File

@ -735,6 +735,7 @@
./services/networking/wicd.nix
./services/networking/wireguard.nix
./services/networking/wpa_supplicant.nix
./services/networking/xandikos.nix
./services/networking/xinetd.nix
./services/networking/xl2tpd.nix
./services/networking/xrdp.nix

148
nixos/modules/services/networking/xandikos.nix Normal file
View File

@ -0,0 +1,148 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.xandikos;
in
{
options = {
services.xandikos = {
enable = mkEnableOption "Xandikos CalDAV and CardDAV server";
package = mkOption {
type = types.package;
default = pkgs.xandikos;
defaultText = "pkgs.xandikos";
description = "The Xandikos package to use.";
};
address = mkOption {
type = types.str;
default = "localhost";
description = ''
The IP address on which Xandikos will listen.
By default listens on localhost.
'';
};
port = mkOption {
type = types.port;
default = 8080;
description = "The port of the Xandikos web application";
};
routePrefix = mkOption {
type = types.str;
default = "/";
description = ''
Path to Xandikos.
Useful when Xandikos is behind a reverse proxy.
'';
};
extraOptions = mkOption {
default = [];
type = types.listOf types.str;
example = literalExample ''
[ "--autocreate"
"--defaults"
"--current-user-principal user"
"--dump-dav-xml"
]
'';
description = ''
Extra command line arguments to pass to xandikos.
'';
};
nginx = mkOption {
default = {};
description = ''
Configuration for nginx reverse proxy.
'';
type = types.submodule {
options = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Configure the nginx reverse proxy settings.
'';
};
hostName = mkOption {
type = types.str;
description = ''
The hostname use to setup the virtualhost configuration
'';
};
};
};
};
};
};
config = mkIf cfg.enable (
mkMerge [
{
meta.maintainers = [ lib.maintainers."0x4A6F" ];
systemd.services.xandikos = {
description = "A Simple Calendar and Contact Server";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = "xandikos";
Group = "xandikos";
DynamicUser = "yes";
RuntimeDirectory = "xandikos";
StateDirectory = "xandikos";
StateDirectoryMode = "0700";
PrivateDevices = true;
# Sandboxing
CapabilityBoundingSet = "CAP_NET_RAW CAP_NET_ADMIN";
ProtectSystem = "strict";
ProtectHome = true;
PrivateTmp = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX AF_PACKET AF_NETLINK";
RestrictNamespaces = true;
LockPersonality = true;
MemoryDenyWriteExecute = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
ExecStart = ''
${cfg.package}/bin/xandikos \
--directory /var/lib/xandikos \
--listen_address ${cfg.address} \
--port ${toString cfg.port} \
--route-prefix ${cfg.routePrefix} \
${lib.concatStringsSep " " cfg.extraOptions}
'';
};
};
}
(
mkIf cfg.nginx.enable {
services.nginx = {
enable = true;
virtualHosts."${cfg.nginx.hostName}" = {
locations."/" = {
proxyPass = "http://${cfg.address}:${toString cfg.port}/";
};
};
};
}
)
]
);
}