commit
00b47419c6
@ -0,0 +1,82 @@ |
||||
{ config, pkgs, lib, ... }: |
||||
|
||||
with lib; |
||||
|
||||
let |
||||
cfg = config.services.plikd; |
||||
|
||||
format = pkgs.formats.toml {}; |
||||
plikdCfg = format.generate "plikd.cfg" cfg.settings; |
||||
in |
||||
{ |
||||
options = { |
||||
services.plikd = { |
||||
enable = mkEnableOption "the plikd server"; |
||||
|
||||
openFirewall = mkOption { |
||||
type = types.bool; |
||||
default = false; |
||||
description = "Open ports in the firewall for the plikd."; |
||||
}; |
||||
|
||||
settings = mkOption { |
||||
type = format.type; |
||||
default = {}; |
||||
description = '' |
||||
Configuration for plikd, see <link xlink:href="https://github.com/root-gg/plik/blob/master/server/plikd.cfg"/> |
||||
for supported values. |
||||
''; |
||||
}; |
||||
}; |
||||
}; |
||||
|
||||
config = mkIf cfg.enable { |
||||
services.plikd.settings = mapAttrs (name: mkDefault) { |
||||
ListenPort = 8080; |
||||
ListenAddress = "localhost"; |
||||
DataBackend = "file"; |
||||
DataBackendConfig = { |
||||
Directory = "/var/lib/plikd"; |
||||
}; |
||||
MetadataBackendConfig = { |
||||
Driver = "sqlite3"; |
||||
ConnectionString = "/var/lib/plikd/plik.db"; |
||||
}; |
||||
}; |
||||
|
||||
systemd.services.plikd = { |
||||
description = "Plikd file sharing server"; |
||||
after = [ "network.target" ]; |
||||
wantedBy = [ "multi-user.target" ]; |
||||
serviceConfig = { |
||||
Type = "simple"; |
||||
ExecStart = "${pkgs.plikd}/bin/plikd --config ${plikdCfg}"; |
||||
Restart = "on-failure"; |
||||
StateDirectory = "plikd"; |
||||
LogsDirectory = "plikd"; |
||||
DynamicUser = true; |
||||
|
||||
# Basic hardening |
||||
NoNewPrivileges = "yes"; |
||||
PrivateTmp = "yes"; |
||||
PrivateDevices = "yes"; |
||||
DevicePolicy = "closed"; |
||||
ProtectSystem = "strict"; |
||||
ProtectHome = "read-only"; |
||||
ProtectControlGroups = "yes"; |
||||
ProtectKernelModules = "yes"; |
||||
ProtectKernelTunables = "yes"; |
||||
RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6 AF_NETLINK"; |
||||
RestrictNamespaces = "yes"; |
||||
RestrictRealtime = "yes"; |
||||
RestrictSUIDSGID = "yes"; |
||||
MemoryDenyWriteExecute = "yes"; |
||||
LockPersonality = "yes"; |
||||
}; |
||||
}; |
||||
|
||||
networking.firewall = mkIf cfg.openFirewall { |
||||
allowedTCPPorts = [ cfg.settings.ListenPort ]; |
||||
}; |
||||
}; |
||||
} |
@ -0,0 +1,27 @@ |
||||
import ./make-test-python.nix ({ lib, ... }: { |
||||
name = "plikd"; |
||||
meta = with lib.maintainers; { |
||||
maintainers = [ freezeboy ]; |
||||
}; |
||||
|
||||
machine = { pkgs, ... }: let |
||||
in { |
||||
services.plikd.enable = true; |
||||
environment.systemPackages = [ pkgs.plik ]; |
||||
}; |
||||
|
||||
testScript = '' |
||||
# Service basic test |
||||
machine.wait_for_unit("plikd") |
||||
|
||||
# Network test |
||||
machine.wait_for_open_port("8080") |
||||
machine.succeed("curl --fail -v http://localhost:8080") |
||||
|
||||
# Application test |
||||
machine.execute("echo test > /tmp/data.txt") |
||||
machine.succeed("plik --server http://localhost:8080 /tmp/data.txt | grep curl") |
||||
|
||||
machine.succeed("diff data.txt /tmp/data.txt") |
||||
''; |
||||
}) |
@ -0,0 +1,25 @@ |
||||
{ lib, fetchurl, makeWrapper, runCommand, callPackage }: |
||||
|
||||
let |
||||
version = "1.3.1"; |
||||
|
||||
programs = callPackage ./programs.nix {}; |
||||
|
||||
webapp = fetchurl { |
||||
url = "https://github.com/root-gg/plik/releases/download/${version}/plik-${version}-linux-amd64.tar.gz"; |
||||
sha256 = "KN6cp29KKdGamYnfL3jYltx0EDx6syDPfV0jShOk7Zw="; |
||||
}; |
||||
|
||||
in { |
||||
|
||||
inherit (programs) plik plikd-unwrapped; |
||||
|
||||
plikd = runCommand "plikd-${version}" { nativeBuildInputs = [ makeWrapper ]; } '' |
||||
mkdir -p $out/libexec/plikd/{bin,webapp} $out/bin |
||||
tar xf ${webapp} plik-${version}-linux-amd64/webapp/dist/ |
||||
mv plik-*/webapp/dist $out/libexec/plikd/webapp |
||||
cp ${programs.plikd-unwrapped}/bin/plikd $out/libexec/plikd/bin/plikd |
||||
makeWrapper $out/libexec/plikd/bin/plikd $out/bin/plikd \ |
||||
--run "cd $out/libexec/plikd/bin" |
||||
''; |
||||
} |
@ -0,0 +1,42 @@ |
||||
{ lib, buildGoModule, fetchFromGitHub, fetchurl, makeWrapper, runCommand }: |
||||
|
||||
let |
||||
version = "1.3.1"; |
||||
|
||||
src = fetchFromGitHub { |
||||
owner = "root-gg"; |
||||
repo = "plik"; |
||||
rev = version; |
||||
sha256 = "C/1Uwjsqd9n3WSXlnlq9K3EJHkLOSavS9cPqF2UqmGo="; |
||||
}; |
||||
|
||||
vendorSha256 = "klmWXC3tkoOcQHhiQZjR2C5jqaRJqMQOLtVxZ0cFq/Y="; |
||||
|
||||
meta = with lib; { |
||||
homepage = "https://plik.root.gg/"; |
||||
description = "Scalable & friendly temporary file upload system"; |
||||
maintainers = with maintainers; [ freezeboy ]; |
||||
license = licenses.mit; |
||||
}; |
||||
in { |
||||
|
||||
plik = buildGoModule { |
||||
pname = "plik"; |
||||
inherit version meta src vendorSha256; |
||||
|
||||
subPackages = [ "client" ]; |
||||
postInstall = '' |
||||
mv $out/bin/client $out/bin/plik |
||||
''; |
||||
}; |
||||
|
||||
plikd-unwrapped = buildGoModule { |
||||
pname = "plikd-unwrapped"; |
||||
inherit version src vendorSha256; |
||||
|
||||
subPackages = [ "server" ]; |
||||
postFixup = '' |
||||
mv $out/bin/server $out/bin/plikd |
||||
''; |
||||
}; |
||||
} |
Loading…
Reference in new issue