sks and pgpkeyserver-lite modules: init (#27515)
* modules sks and pgpkeyserver-lite: runs the sks keyserver with optional nginx proxy for webgui. * Add calbrecht to maintainers * module sks: fix default hkpAddress value * module pgpkeyserver-lite: make hkpAddress a string type option and use (builtins.head services.sks.hkpAddress) as default value * module sks: remove leftover service dependencieswip/yesman
parent
d837d88f3b
commit
964799e556
@ -0,0 +1,82 @@ |
||||
{ config, lib, pkgs, ... }: |
||||
|
||||
with lib; |
||||
|
||||
let |
||||
|
||||
cfg = config.services.sks; |
||||
|
||||
sksPkg = cfg.package; |
||||
|
||||
in |
||||
|
||||
{ |
||||
|
||||
options = { |
||||
|
||||
services.sks = { |
||||
|
||||
enable = mkEnableOption "sks"; |
||||
|
||||
package = mkOption { |
||||
default = pkgs.sks; |
||||
defaultText = "pkgs.sks"; |
||||
type = types.package; |
||||
description = " |
||||
Which sks derivation to use. |
||||
"; |
||||
}; |
||||
|
||||
hkpAddress = mkOption { |
||||
default = [ "127.0.0.1" "::1" ]; |
||||
type = types.listOf types.str; |
||||
description = " |
||||
Wich ip addresses the sks-keyserver is listening on. |
||||
"; |
||||
}; |
||||
|
||||
hkpPort = mkOption { |
||||
default = 11371; |
||||
type = types.int; |
||||
description = " |
||||
Which port the sks-keyserver is listening on. |
||||
"; |
||||
}; |
||||
}; |
||||
}; |
||||
|
||||
config = mkIf cfg.enable { |
||||
|
||||
environment.systemPackages = [ sksPkg ]; |
||||
|
||||
users.users.sks = { |
||||
createHome = true; |
||||
home = "/var/db/sks"; |
||||
isSystemUser = true; |
||||
shell = "${pkgs.coreutils}/bin/true"; |
||||
}; |
||||
|
||||
systemd.services = let |
||||
hkpAddress = "'" + (builtins.concatStringsSep " " cfg.hkpAddress) + "'" ; |
||||
hkpPort = builtins.toString cfg.hkpPort; |
||||
home = config.users.users.sks.home; |
||||
user = config.users.users.sks.name; |
||||
in { |
||||
sks-keyserver = { |
||||
wantedBy = [ "multi-user.target" ]; |
||||
preStart = '' |
||||
mkdir -p ${home}/dump |
||||
${pkgs.sks}/bin/sks build ${home}/dump/*.gpg -n 10 -cache 100 || true #*/ |
||||
${pkgs.sks}/bin/sks cleandb || true |
||||
${pkgs.sks}/bin/sks pbuild -cache 20 -ptree_cache 70 || true |
||||
''; |
||||
serviceConfig = { |
||||
WorkingDirectory = home; |
||||
User = user; |
||||
Restart = "always"; |
||||
ExecStart = "${pkgs.sks}/bin/sks db -hkp_address ${hkpAddress} -hkp_port ${hkpPort}"; |
||||
}; |
||||
}; |
||||
}; |
||||
}; |
||||
} |
@ -0,0 +1,75 @@ |
||||
{ config, lib, pkgs, ... }: |
||||
|
||||
with lib; |
||||
|
||||
let |
||||
|
||||
cfg = config.services.pgpkeyserver-lite; |
||||
sksCfg = config.services.sks; |
||||
|
||||
webPkg = cfg.package; |
||||
|
||||
in |
||||
|
||||
{ |
||||
|
||||
options = { |
||||
|
||||
services.pgpkeyserver-lite = { |
||||
|
||||
enable = mkEnableOption "pgpkeyserver-lite on a nginx vHost proxying to a gpg keyserver"; |
||||
|
||||
package = mkOption { |
||||
default = pkgs.pgpkeyserver-lite; |
||||
defaultText = "pkgs.pgpkeyserver-lite"; |
||||
type = types.package; |
||||
description = " |
||||
Which webgui derivation to use. |
||||
"; |
||||
}; |
||||
|
||||
hostname = mkOption { |
||||
type = types.str; |
||||
description = " |
||||
Which hostname to set the vHost to that is proxying to sks. |
||||
"; |
||||
}; |
||||
|
||||
hkpAddress = mkOption { |
||||
default = builtins.head sksCfg.hkpAddress; |
||||
type = types.str; |
||||
description = " |
||||
Wich ip address the sks-keyserver is listening on. |
||||
"; |
||||
}; |
||||
|
||||
hkpPort = mkOption { |
||||
default = sksCfg.hkpPort; |
||||
type = types.int; |
||||
description = " |
||||
Which port the sks-keyserver is listening on. |
||||
"; |
||||
}; |
||||
}; |
||||
}; |
||||
|
||||
config = mkIf cfg.enable { |
||||
|
||||
services.nginx.enable = true; |
||||
|
||||
services.nginx.virtualHosts = let |
||||
hkpPort = builtins.toString cfg.hkpPort; |
||||
in { |
||||
"${cfg.hostname}" = { |
||||
root = webPkg; |
||||
locations = { |
||||
"/pks".extraConfig = '' |
||||
proxy_pass http://${cfg.hkpAddress}:${hkpPort}; |
||||
proxy_pass_header Server; |
||||
add_header Via "1.1 ${cfg.hostname}"; |
||||
''; |
||||
}; |
||||
}; |
||||
}; |
||||
}; |
||||
} |
@ -0,0 +1,25 @@ |
||||
{ stdenv, fetchFromGitHub, lib } : |
||||
|
||||
stdenv.mkDerivation rec { |
||||
name = "pgpkeyserver-lite-${version}"; |
||||
version = "2017-07-18"; |
||||
|
||||
src = fetchFromGitHub { |
||||
owner = "mattrude"; |
||||
repo = "pgpkeyserver-lite"; |
||||
rev = "a038cb7"; |
||||
sha256 = "12pn92pcpv38b2gmamppn9yzdn7x52pgxnzpal22gqsxwimhs2rx"; |
||||
}; |
||||
|
||||
installPhase = '' |
||||
mkdir -p $out |
||||
cp -R 404.html assets favicon.ico index.html robots.txt $out |
||||
''; |
||||
|
||||
meta = { |
||||
homepage = https://github.com/mattrude/pgpkeyserver-lite; |
||||
description = "A lightweight static front-end for a sks keyserver."; |
||||
license = lib.licenses.gpl3; |
||||
maintainers = [ lib.maintainers.calbrecht ]; |
||||
}; |
||||
} |
Loading…
Reference in new issue