@ -5,10 +5,10 @@ with lib;
let
cfg = config . services . plausible ;
# FIXME consider using LoadCredential as soon as it actually works.
envSecrets = ''
export ADMIN_USER_PWD = " $ ( < ${ cfg . adminUser . passwordFile } ) "
export SECRET_KEY_BASE = " $ ( < ${ cfg . server . secretKeybaseFile } ) "
export RELEASE_TMP = /var/lib/plausible/tmp
$ { optionalString ( cfg . mail . smtp . passwordFile != null ) ''
export SMTP_USER_PWD = " $ ( < ${ cfg . mail . smtp . passwordFile } ) "
'' }
@ -51,9 +51,7 @@ in {
default = " h t t p : / / l o c a l h o s t : 8 1 2 3 / d e f a u l t " ;
type = types . str ;
description = ''
The URL to be used to connect to <package> postgres < /package > . The format
is described in < link xlink:href= " h t t p s : / / h e x d o c s . p m / e c t o / E c t o . R e p o . h t m l # m o d u l e - u r l s " >
the elixir docs < /link > .
The URL to be used to connect to <package> clickhouse < /package > .
'' ;
} ;
} ;
@ -110,7 +108,7 @@ in {
mail = {
email = mkOption {
default = " he l l o @ p l a u s i b l e . l o c a l " ;
default = " h e l l o @ p l a u s i b l e . l o c a l " ;
type = types . str ;
description = ''
The email id to use for as <emphasis> from < /emphasis > address of all communications
@ -146,7 +144,7 @@ in {
The path to the file with the password in case SMTP auth is enabled .
'' ;
} ;
enableSSL = mkEnableOption " " ;
enableSSL = mkEnableOption " S S L w h e n c o n n e c t i n g t o t h e S M T P s e r v e r ";
retries = mkOption {
type = types . ints . unsigned ;
default = 2 ;
@ -162,7 +160,7 @@ in {
assertions = [
{ assertion = cfg . adminUser . activate -> cfg . database . postgres . setup ;
message = ''
Unable to automatically activate the admin-user if no local DB-managed for
Unable to automatically activate the admin-user if no locally DB-managed for
postgres ( ` services . plausible . database . postgres . setup' ) is enabled !
'' ;
}
@ -181,10 +179,13 @@ in {
plausible = {
inherit ( pkgs . plausible . meta ) description ;
documentation = [ " h t t p s : / / p l a u s i b l e . i o / d o c s / s e l f - h o s t i n g " ] ;
wantedBy = [ " m u l t i - u s e r . t a r g e t " ]
++ optional cfg . database . clickhouse . setup " c l i c k h o u s e . s e r v i c e "
++ optional cfg . database . postgres . setup " p o s t g r e s q l . s e r v i c e " ;
wantedBy = [ " m u l t i - u s e r . t a r g e t " ] ;
after = optional cfg . database . postgres . setup " p l a u s i b l e - p o s t g r e s . s e r v i c e " ;
requires = optional cfg . database . clickhouse . setup " c l i c k h o u s e . s e r v i c e "
++ optionals cfg . database . postgres . setup [
" p o s t g r e s q l . s e r v i c e "
" p l a u s i b l e - p o s t g r e s . s e r v i c e "
] ;
environment = {
# NixOS specific option to avoid that it's trying to write into its store-path.
@ -196,6 +197,8 @@ in {
PORT = toString cfg . server . port ;
DISABLE_REGISTRATION = boolToString cfg . server . disableRegistration ;
RELEASE_TMP = " / v a r / l i b / p l a u s i b l e / t m p " ;
ADMIN_USER_NAME = cfg . adminUser . name ;
ADMIN_USER_EMAIL = cfg . adminUser . email ;
@ -210,8 +213,11 @@ in {
SMTP_HOST_PORT = toString cfg . mail . smtp . hostPort ;
SMTP_RETRIES = toString cfg . mail . smtp . retries ;
SMTP_HOST_SSL_ENABLED = boolToString cfg . mail . smtp . enableSSL ;
$ { if cfg . mail . smtp . user != null then " S M T P _ U S E R _ N A M E " else null } = cfg . mail . smtp . user ;
} ;
SELFHOST = " t r u e " ;
} // ( optionalAttrs ( cfg . mail . smtp . user != null ) {
SMTP_USER_NAME = cfg . mail . smtp . user ;
} ) ;
path = [ pkgs . plausible ]
++ optional cfg . database . postgres . setup config . services . postgresql . package ;
@ -239,26 +245,23 @@ in {
} ;
}
( mkIf cfg . database . postgres . setup {
# Unfortunately `plausible' requires super-user permissions in postgresql, so this
# has to be done imperatively here.
# `plausible' requires the `citext'-extension.
plausible-postgres = {
after = [ " p o s t g r e s q l . s e r v i c e " ] ;
bindsTo = [ " p o s t g r e s q l . s e r v i c e " ] ;
requiredBy = [ " p l a u s i b l e . s e r v i c e " ] ;
partOf = [ " p l a u s i b l e . s e r v i c e " ] ;
serviceConfig . Type = " o n e s h o t " ;
unitConfig . ConditionPathExists = " ! / v a r / l i b / p l a u s i b l e / . d b - s e t u p " ;
script = ''
if [ ! - e /var/lib/plausible/.db-setup ] ; then
mkdir - p /var/lib/plausible /
PSQL ( ) {
/run/wrappers/bin/sudo - Hu postgres $ { config . services . postgresql . package } /bin/psql - - port = 5432 " $ @ "
}
PSQL - tAc " C R E A T E E X T E N S I O N I F N O T E X I S T S c i t e x t ; "
PSQL - tAc " C R E A T E R O L E p l a u s i b l e W I T H L O G I N ; "
PSQL - tAc " C R E A T E D A T A B A S E p l a u s i b l e W I T H O W N E R p l a u s i b l e ; "
PSQL - tAc " A L T E R U S E R p l a u s i b l e W I T H S U P E R U S E R ; "
touch /var/lib/plausible/.db-setup
fi
mkdir - p /var/lib/plausible /
PSQL ( ) {
/run/wrappers/bin/sudo - Hu postgres $ { config . services . postgresql . package } /bin/psql - - port = 5432 " $ @ "
}
PSQL - tAc " C R E A T E R O L E p l a u s i b l e W I T H L O G I N ; "
PSQL - tAc " C R E A T E D A T A B A S E p l a u s i b l e W I T H O W N E R p l a u s i b l e ; "
PSQL - d plausible - tAc " C R E A T E E X T E N S I O N I F N O T E X I S T S c i t e x t ; "
touch /var/lib/plausible/.db-setup
'' ;
} ;
} )