lumin/nixos-config
1
0
Fork 0
mirror of https://github.com/ordinary-dev/nixos-config.git synced 2024-09-19 19:30:28 +05:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add microboard service

Browse source
This commit is contained in:
Ivan R. 2023-08-22 10:08:59 +05:00
parent b239d0000f
commit 8130f4a68c
No known key found for this signature in database
GPG key ID: 56C7BAAE859B302C
2 changed files with 34 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
flake.nix
View file

@ -5,11 +5,6 @@
nixpkgs = {
url = "github:NixOS/nixpkgs/nixos-23.05";
};
microboard = {
url = "github:ordinary-dev/microboard";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = inputs @ { self, nixpkgs, ... }:

36
nixos/programs/microboard.nix
View file

@ -1,4 +1,36 @@
{ config, microboard, ... }:
{ config, ... }:
let
dataDir = "/var/lib/microboard";
in
{
microboard.enable = false;
systemd.services.microboard = {
description = "Microboard engine";
wantedBy = ["multi-user.target"];
environment = {
MB_LOGLEVEL = "warning";
MB_UPLOADDIR = "${ dataDir }/uploads";
MB_PREVIEWDIR = "${ dataDir }/previews";
MB_DBHOST = "/run/postgresql";
MB_DBUSER = "microboard";
MB_DBNAME = "microboard";
};
serviceConfig = {
User = "microboard";
Group = "microboard";
ExecStart = "${ dataDir }/microboard";
Restart = "on-failure";
Type = "exec";
WorkingDirectory = dataDir;
# Security Hardening
LockPersonality = true;
NoNewPrivileges = true;
ProtectSystem = "strict";
ReadWritePaths = [ dataDir ];
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
RestrictSUIDSGID = true;
};
};
}