mirror of
https://github.com/ordinary-dev/nixos-config.git
synced 2024-09-20 03:40:29 +05:00
Add microboard service
This commit is contained in:
parent
b239d0000f
commit
8130f4a68c
|
@ -5,11 +5,6 @@
|
|||
nixpkgs = {
|
||||
url = "github:NixOS/nixpkgs/nixos-23.05";
|
||||
};
|
||||
|
||||
microboard = {
|
||||
url = "github:ordinary-dev/microboard";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
};
|
||||
|
||||
outputs = inputs @ { self, nixpkgs, ... }:
|
||||
|
|
|
@ -1,4 +1,36 @@
|
|||
{ config, microboard, ... }:
|
||||
{ config, ... }:
|
||||
let
|
||||
dataDir = "/var/lib/microboard";
|
||||
in
|
||||
{
|
||||
microboard.enable = false;
|
||||
systemd.services.microboard = {
|
||||
description = "Microboard engine";
|
||||
wantedBy = ["multi-user.target"];
|
||||
|
||||
environment = {
|
||||
MB_LOGLEVEL = "warning";
|
||||
MB_UPLOADDIR = "${ dataDir }/uploads";
|
||||
MB_PREVIEWDIR = "${ dataDir }/previews";
|
||||
MB_DBHOST = "/run/postgresql";
|
||||
MB_DBUSER = "microboard";
|
||||
MB_DBNAME = "microboard";
|
||||
};
|
||||
|
||||
serviceConfig = {
|
||||
User = "microboard";
|
||||
Group = "microboard";
|
||||
ExecStart = "${ dataDir }/microboard";
|
||||
Restart = "on-failure";
|
||||
Type = "exec";
|
||||
WorkingDirectory = dataDir;
|
||||
|
||||
# Security Hardening
|
||||
LockPersonality = true;
|
||||
NoNewPrivileges = true;
|
||||
ProtectSystem = "strict";
|
||||
ReadWritePaths = [ dataDir ];
|
||||
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
|
||||
RestrictSUIDSGID = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue