mirror/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-09-29 07:32:58 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

nixos/services.neo4j: remove with lib; (#338049)

Browse Source
This commit is contained in:
Felix Bühler 2024-09-01 20:52:52 +02:00 committed by GitHub
commit 06aee405da
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 113 additions and 116 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

229
nixos/modules/services/databases/neo4j.nix
View File

@ -1,34 +1,31 @@
{ config, options, lib, pkgs, ... }: { config, options, lib, pkgs, ... }:
with lib;
let let
cfg = config.services.neo4j; cfg = config.services.neo4j;
opt = options.services.neo4j; opt = options.services.neo4j;
certDirOpt = options.services.neo4j.directories.certificates; certDirOpt = options.services.neo4j.directories.certificates;
isDefaultPathOption = opt: isOption opt && opt.type == types.path && opt.highestPrio >= 1500; isDefaultPathOption = opt: lib.isOption opt && opt.type == lib.types.path && opt.highestPrio >= 1500;
sslPolicies = mapAttrsToList ( sslPolicies = lib.mapAttrsToList (
name: conf: '' name: conf: ''
dbms.ssl.policy.${name}.allow_key_generation=${boolToString conf.allowKeyGeneration} dbms.ssl.policy.${name}.allow_key_generation=${lib.boolToString conf.allowKeyGeneration}
dbms.ssl.policy.${name}.base_directory=${conf.baseDirectory} dbms.ssl.policy.${name}.base_directory=${conf.baseDirectory}
${optionalString (conf.ciphers != null) '' ${lib.optionalString (conf.ciphers != null) ''
dbms.ssl.policy.${name}.ciphers=${concatStringsSep "," conf.ciphers} dbms.ssl.policy.${name}.ciphers=${lib.concatStringsSep "," conf.ciphers}
''} ''}
dbms.ssl.policy.${name}.client_auth=${conf.clientAuth} dbms.ssl.policy.${name}.client_auth=${conf.clientAuth}
${if length (splitString "/" conf.privateKey) > 1 then ${if lib.length (lib.splitString "/" conf.privateKey) > 1 then
"dbms.ssl.policy.${name}.private_key=${conf.privateKey}" "dbms.ssl.policy.${name}.private_key=${conf.privateKey}"
else else
"dbms.ssl.policy.${name}.private_key=${conf.baseDirectory}/${conf.privateKey}" "dbms.ssl.policy.${name}.private_key=${conf.baseDirectory}/${conf.privateKey}"
} }
${if length (splitString "/" conf.privateKey) > 1 then ${if lib.length (lib.splitString "/" conf.privateKey) > 1 then
"dbms.ssl.policy.${name}.public_certificate=${conf.publicCertificate}" "dbms.ssl.policy.${name}.public_certificate=${conf.publicCertificate}"
else else
"dbms.ssl.policy.${name}.public_certificate=${conf.baseDirectory}/${conf.publicCertificate}" "dbms.ssl.policy.${name}.public_certificate=${conf.baseDirectory}/${conf.publicCertificate}"
} }
dbms.ssl.policy.${name}.revoked_dir=${conf.revokedDir} dbms.ssl.policy.${name}.revoked_dir=${conf.revokedDir}
dbms.ssl.policy.${name}.tls_versions=${concatStringsSep "," conf.tlsVersions} dbms.ssl.policy.${name}.tls_versions=${lib.concatStringsSep "," conf.tlsVersions}
dbms.ssl.policy.${name}.trust_all=${boolToString conf.trustAll} dbms.ssl.policy.${name}.trust_all=${lib.boolToString conf.trustAll}
dbms.ssl.policy.${name}.trusted_dir=${conf.trustedDir} dbms.ssl.policy.${name}.trusted_dir=${conf.trustedDir}
'' ''
) cfg.ssl.policies; ) cfg.ssl.policies;
@ -36,8 +33,8 @@ let
serverConfig = pkgs.writeText "neo4j.conf" '' serverConfig = pkgs.writeText "neo4j.conf" ''
# General # General
server.default_listen_address=${cfg.defaultListenAddress} server.default_listen_address=${cfg.defaultListenAddress}
server.databases.default_to_read_only=${boolToString cfg.readOnly} server.databases.default_to_read_only=${lib.boolToString cfg.readOnly}
${optionalString (cfg.workerCount > 0) '' ${lib.optionalString (cfg.workerCount > 0) ''
dbms.threads.worker_count=${toString cfg.workerCount} dbms.threads.worker_count=${toString cfg.workerCount}
''} ''}
@ -45,7 +42,7 @@ let
# dbms.directories.certificates=${cfg.directories.certificates} # dbms.directories.certificates=${cfg.directories.certificates}
server.directories.plugins=${cfg.directories.plugins} server.directories.plugins=${cfg.directories.plugins}
server.directories.lib=${cfg.package}/share/neo4j/lib server.directories.lib=${cfg.package}/share/neo4j/lib
${optionalString (cfg.constrainLoadCsv) '' ${lib.optionalString (cfg.constrainLoadCsv) ''
server.directories.import=${cfg.directories.imports} server.directories.import=${cfg.directories.imports}
''} ''}
@ -55,25 +52,25 @@ let
server.directories.run=${cfg.directories.home}/run server.directories.run=${cfg.directories.home}/run
# HTTP Connector # HTTP Connector
${optionalString (cfg.http.enable) '' ${lib.optionalString (cfg.http.enable) ''
server.http.enabled=${boolToString cfg.http.enable} server.http.enabled=${lib.boolToString cfg.http.enable}
server.http.listen_address=${cfg.http.listenAddress} server.http.listen_address=${cfg.http.listenAddress}
server.http.advertised_address=${cfg.http.listenAddress} server.http.advertised_address=${cfg.http.listenAddress}
''} ''}
# HTTPS Connector # HTTPS Connector
server.https.enabled=${boolToString cfg.https.enable} server.https.enabled=${lib.boolToString cfg.https.enable}
server.https.listen_address=${cfg.https.listenAddress} server.https.listen_address=${cfg.https.listenAddress}
server.https.advertised_address=${cfg.https.listenAddress} server.https.advertised_address=${cfg.https.listenAddress}
# BOLT Connector # BOLT Connector
server.bolt.enabled=${boolToString cfg.bolt.enable} server.bolt.enabled=${lib.boolToString cfg.bolt.enable}
server.bolt.listen_address=${cfg.bolt.listenAddress} server.bolt.listen_address=${cfg.bolt.listenAddress}
server.bolt.advertised_address=${cfg.bolt.listenAddress} server.bolt.advertised_address=${cfg.bolt.listenAddress}
server.bolt.tls_level=${cfg.bolt.tlsLevel} server.bolt.tls_level=${cfg.bolt.tlsLevel}
# SSL Policies # SSL Policies
${concatStringsSep "\n" sslPolicies} ${lib.concatStringsSep "\n" sslPolicies}
# Default retention policy from neo4j.conf # Default retention policy from neo4j.conf
db.tx_log.rotation.retention_policy=1 days db.tx_log.rotation.retention_policy=1 days
@ -101,33 +98,33 @@ let
in { in {
imports = [ imports = [
(mkRenamedOptionModule [ "services" "neo4j" "host" ] [ "services" "neo4j" "defaultListenAddress" ]) (lib.mkRenamedOptionModule [ "services" "neo4j" "host" ] [ "services" "neo4j" "defaultListenAddress" ])
(mkRenamedOptionModule [ "services" "neo4j" "listenAddress" ] [ "services" "neo4j" "defaultListenAddress" ]) (lib.mkRenamedOptionModule [ "services" "neo4j" "listenAddress" ] [ "services" "neo4j" "defaultListenAddress" ])
(mkRenamedOptionModule [ "services" "neo4j" "enableBolt" ] [ "services" "neo4j" "bolt" "enable" ]) (lib.mkRenamedOptionModule [ "services" "neo4j" "enableBolt" ] [ "services" "neo4j" "bolt" "enable" ])
(mkRenamedOptionModule [ "services" "neo4j" "enableHttps" ] [ "services" "neo4j" "https" "enable" ]) (lib.mkRenamedOptionModule [ "services" "neo4j" "enableHttps" ] [ "services" "neo4j" "https" "enable" ])
(mkRenamedOptionModule [ "services" "neo4j" "certDir" ] [ "services" "neo4j" "directories" "certificates" ]) (lib.mkRenamedOptionModule [ "services" "neo4j" "certDir" ] [ "services" "neo4j" "directories" "certificates" ])
(mkRenamedOptionModule [ "services" "neo4j" "dataDir" ] [ "services" "neo4j" "directories" "home" ]) (lib.mkRenamedOptionModule [ "services" "neo4j" "dataDir" ] [ "services" "neo4j" "directories" "home" ])
(mkRemovedOptionModule [ "services" "neo4j" "port" ] "Use services.neo4j.http.listenAddress instead.") (lib.mkRemovedOptionModule [ "services" "neo4j" "port" ] "Use services.neo4j.http.listenAddress instead.")
(mkRemovedOptionModule [ "services" "neo4j" "boltPort" ] "Use services.neo4j.bolt.listenAddress instead.") (lib.mkRemovedOptionModule [ "services" "neo4j" "boltPort" ] "Use services.neo4j.bolt.listenAddress instead.")
(mkRemovedOptionModule [ "services" "neo4j" "httpsPort" ] "Use services.neo4j.https.listenAddress instead.") (lib.mkRemovedOptionModule [ "services" "neo4j" "httpsPort" ] "Use services.neo4j.https.listenAddress instead.")
(mkRemovedOptionModule [ "services" "neo4j" "shell" "enabled" ] "shell.enabled was removed upstream") (lib.mkRemovedOptionModule [ "services" "neo4j" "shell" "enabled" ] "shell.enabled was removed upstream")
(mkRemovedOptionModule [ "services" "neo4j" "udc" "enabled" ] "udc.enabled was removed upstream") (lib.mkRemovedOptionModule [ "services" "neo4j" "udc" "enabled" ] "udc.enabled was removed upstream")
]; ];
###### interface ###### interface
options.services.neo4j = { options.services.neo4j = {
enable = mkOption { enable = lib.mkOption {
type = types.bool; type = lib.types.bool;
default = false; default = false;
description = '' description = ''
Whether to enable Neo4j Community Edition. Whether to enable Neo4j Community Edition.
''; '';
}; };
constrainLoadCsv = mkOption { constrainLoadCsv = lib.mkOption {
type = types.bool; type = lib.types.bool;
default = true; default = true;
description = '' description = ''
Sets the root directory for file URLs used with the Cypher Sets the root directory for file URLs used with the Cypher
@ -141,8 +138,8 @@ in {
''; '';
}; };
defaultListenAddress = mkOption { defaultListenAddress = lib.mkOption {
type = types.str; type = lib.types.str;
default = "127.0.0.1"; default = "127.0.0.1";
description = '' description = ''
Default network interface to listen for incoming connections. To Default network interface to listen for incoming connections. To
@ -155,8 +152,8 @@ in {
''; '';
}; };
extraServerConfig = mkOption { extraServerConfig = lib.mkOption {
type = types.lines; type = lib.types.lines;
default = ""; default = "";
description = '' description = ''
Extra configuration for Neo4j Community server. Refer to the Extra configuration for Neo4j Community server. Refer to the
@ -165,18 +162,18 @@ in {
''; '';
}; };
package = mkPackageOption pkgs "neo4j" { }; package = lib.mkPackageOption pkgs "neo4j" { };
readOnly = mkOption { readOnly = lib.mkOption {
type = types.bool; type = lib.types.bool;
default = false; default = false;
description = '' description = ''
Only allow read operations from this Neo4j instance. Only allow read operations from this Neo4j instance.
''; '';
}; };
workerCount = mkOption { workerCount = lib.mkOption {
type = types.ints.between 0 44738; type = lib.types.ints.between 0 44738;
default = 0; default = 0;
description = '' description = ''
Number of Neo4j worker threads, where the default of Number of Neo4j worker threads, where the default of
@ -186,8 +183,8 @@ in {
}; };
bolt = { bolt = {
enable = mkOption { enable = lib.mkOption {
type = types.bool; type = lib.types.bool;
default = true; default = true;
description = '' description = ''
Enable the BOLT connector for Neo4j. Setting this option to Enable the BOLT connector for Neo4j. Setting this option to
@ -196,8 +193,8 @@ in {
''; '';
}; };
listenAddress = mkOption { listenAddress = lib.mkOption {
type = types.str; type = lib.types.str;
default = ":7687"; default = ":7687";
description = '' description = ''
Neo4j listen address for BOLT traffic. The listen address is Neo4j listen address for BOLT traffic. The listen address is
@ -205,8 +202,8 @@ in {
''; '';
}; };
sslPolicy = mkOption { sslPolicy = lib.mkOption {
type = types.str; type = lib.types.str;
default = "legacy"; default = "legacy";
description = '' description = ''
Neo4j SSL policy for BOLT traffic. Neo4j SSL policy for BOLT traffic.
@ -223,8 +220,8 @@ in {
''; '';
}; };
tlsLevel = mkOption { tlsLevel = lib.mkOption {
type = types.enum [ "REQUIRED" "OPTIONAL" "DISABLED" ]; type = lib.types.enum [ "REQUIRED" "OPTIONAL" "DISABLED" ];
default = "OPTIONAL"; default = "OPTIONAL";
description = '' description = ''
SSL/TSL requirement level for BOLT traffic. SSL/TSL requirement level for BOLT traffic.
@ -233,10 +230,10 @@ in {
}; };
directories = { directories = {
certificates = mkOption { certificates = lib.mkOption {
type = types.path; type = lib.types.path;
default = "${cfg.directories.home}/certificates"; default = "${cfg.directories.home}/certificates";
defaultText = literalExpression ''"''${config.${opt.directories.home}}/certificates"''; defaultText = lib.literalExpression ''"''${config.${opt.directories.home}}/certificates"'';
description = '' description = ''
Directory for storing certificates to be used by Neo4j for Directory for storing certificates to be used by Neo4j for
TLS connections. TLS connections.
@ -256,10 +253,10 @@ in {
''; '';
}; };
data = mkOption { data = lib.mkOption {
type = types.path; type = lib.types.path;
default = "${cfg.directories.home}/data"; default = "${cfg.directories.home}/data";
defaultText = literalExpression ''"''${config.${opt.directories.home}}/data"''; defaultText = lib.literalExpression ''"''${config.${opt.directories.home}}/data"'';
description = '' description = ''
Path of the data directory. You must not configure more than one Path of the data directory. You must not configure more than one
Neo4j installation to use the same data directory. Neo4j installation to use the same data directory.
@ -270,8 +267,8 @@ in {
''; '';
}; };
home = mkOption { home = lib.mkOption {
type = types.path; type = lib.types.path;
default = "/var/lib/neo4j"; default = "/var/lib/neo4j";
description = '' description = ''
Path of the Neo4j home directory. Other default directories are Path of the Neo4j home directory. Other default directories are
@ -281,10 +278,10 @@ in {
''; '';
}; };
imports = mkOption { imports = lib.mkOption {
type = types.path; type = lib.types.path;
default = "${cfg.directories.home}/import"; default = "${cfg.directories.home}/import";
defaultText = literalExpression ''"''${config.${opt.directories.home}}/import"''; defaultText = lib.literalExpression ''"''${config.${opt.directories.home}}/import"'';
description = '' description = ''
The root directory for file URLs used with the Cypher The root directory for file URLs used with the Cypher
`LOAD CSV` clause. Only meaningful when `LOAD CSV` clause. Only meaningful when
@ -297,10 +294,10 @@ in {
''; '';
}; };
plugins = mkOption { plugins = lib.mkOption {
type = types.path; type = lib.types.path;
default = "${cfg.directories.home}/plugins"; default = "${cfg.directories.home}/plugins";
defaultText = literalExpression ''"''${config.${opt.directories.home}}/plugins"''; defaultText = lib.literalExpression ''"''${config.${opt.directories.home}}/plugins"'';
description = '' description = ''
Path of the database plugin directory. Compiled Java JAR files that Path of the database plugin directory. Compiled Java JAR files that
contain database procedures will be loaded if they are placed in contain database procedures will be loaded if they are placed in
@ -314,8 +311,8 @@ in {
}; };
http = { http = {
enable = mkOption { enable = lib.mkOption {
type = types.bool; type = lib.types.bool;
default = true; default = true;
description = '' description = ''
Enable the HTTP connector for Neo4j. Setting this option to Enable the HTTP connector for Neo4j. Setting this option to
@ -324,8 +321,8 @@ in {
''; '';
}; };
listenAddress = mkOption { listenAddress = lib.mkOption {
type = types.str; type = lib.types.str;
default = ":7474"; default = ":7474";
description = '' description = ''
Neo4j listen address for HTTP traffic. The listen address is Neo4j listen address for HTTP traffic. The listen address is
@ -335,8 +332,8 @@ in {
}; };
https = { https = {
enable = mkOption { enable = lib.mkOption {
type = types.bool; type = lib.types.bool;
default = true; default = true;
description = '' description = ''
Enable the HTTPS connector for Neo4j. Setting this option to Enable the HTTPS connector for Neo4j. Setting this option to
@ -345,8 +342,8 @@ in {
''; '';
}; };
listenAddress = mkOption { listenAddress = lib.mkOption {
type = types.str; type = lib.types.str;
default = ":7473"; default = ":7473";
description = '' description = ''
Neo4j listen address for HTTPS traffic. The listen address is Neo4j listen address for HTTPS traffic. The listen address is
@ -354,8 +351,8 @@ in {
''; '';
}; };
sslPolicy = mkOption { sslPolicy = lib.mkOption {
type = types.str; type = lib.types.str;
default = "legacy"; default = "legacy";
description = '' description = ''
Neo4j SSL policy for HTTPS traffic. Neo4j SSL policy for HTTPS traffic.
@ -370,8 +367,8 @@ in {
}; };
shell = { shell = {
enable = mkOption { enable = lib.mkOption {
type = types.bool; type = lib.types.bool;
default = false; default = false;
description = '' description = ''
Enable a remote shell server which Neo4j Shell clients can log in to. Enable a remote shell server which Neo4j Shell clients can log in to.
@ -380,12 +377,12 @@ in {
}; };
}; };
ssl.policies = mkOption { ssl.policies = lib.mkOption {
type = with types; attrsOf (submodule ({ name, config, options, ... }: { type = with lib.types; attrsOf (submodule ({ name, config, options, ... }: {
options = { options = {
allowKeyGeneration = mkOption { allowKeyGeneration = lib.mkOption {
type = types.bool; type = lib.types.bool;
default = false; default = false;
description = '' description = ''
Allows the generation of a private key and associated self-signed Allows the generation of a private key and associated self-signed
@ -402,10 +399,10 @@ in {
''; '';
}; };
baseDirectory = mkOption { baseDirectory = lib.mkOption {
type = types.path; type = lib.types.path;
default = "${cfg.directories.certificates}/${name}"; default = "${cfg.directories.certificates}/${name}";
defaultText = literalExpression ''"''${config.${opt.directories.certificates}}/''${name}"''; defaultText = lib.literalExpression ''"''${config.${opt.directories.certificates}}/''${name}"'';
description = '' description = ''
The mandatory base directory for cryptographic objects of this The mandatory base directory for cryptographic objects of this
policy. This path is only automatically generated when this policy. This path is only automatically generated when this
@ -420,8 +417,8 @@ in {
''; '';
}; };
ciphers = mkOption { ciphers = lib.mkOption {
type = types.nullOr (types.listOf types.str); type = lib.types.nullOr (lib.types.listOf lib.types.str);
default = null; default = null;
description = '' description = ''
Restrict the allowed ciphers of this policy to those defined Restrict the allowed ciphers of this policy to those defined
@ -429,16 +426,16 @@ in {
''; '';
}; };
clientAuth = mkOption { clientAuth = lib.mkOption {
type = types.enum [ "NONE" "OPTIONAL" "REQUIRE" ]; type = lib.types.enum [ "NONE" "OPTIONAL" "REQUIRE" ];
default = "REQUIRE"; default = "REQUIRE";
description = '' description = ''
The client authentication stance for this policy. The client authentication stance for this policy.
''; '';
}; };
privateKey = mkOption { privateKey = lib.mkOption {
type = types.str; type = lib.types.str;
default = "private.key"; default = "private.key";
description = '' description = ''
The name of private PKCS #8 key file for this policy to be found The name of private PKCS #8 key file for this policy to be found
@ -447,8 +444,8 @@ in {
''; '';
}; };
publicCertificate = mkOption { publicCertificate = lib.mkOption {
type = types.str; type = lib.types.str;
default = "public.crt"; default = "public.crt";
description = '' description = ''
The name of public X.509 certificate (chain) file in PEM format The name of public X.509 certificate (chain) file in PEM format
@ -462,10 +459,10 @@ in {
''; '';
}; };
revokedDir = mkOption { revokedDir = lib.mkOption {
type = types.path; type = lib.types.path;
default = "${config.baseDirectory}/revoked"; default = "${config.baseDirectory}/revoked";
defaultText = literalExpression ''"''${config.${options.baseDirectory}}/revoked"''; defaultText = lib.literalExpression ''"''${config.${options.baseDirectory}}/revoked"'';
description = '' description = ''
Path to directory of CRLs (Certificate Revocation Lists) in Path to directory of CRLs (Certificate Revocation Lists) in
PEM format. Must be an absolute path. The existence of this PEM format. Must be an absolute path. The existence of this
@ -478,8 +475,8 @@ in {
''; '';
}; };
tlsVersions = mkOption { tlsVersions = lib.mkOption {
type = types.listOf types.str; type = lib.types.listOf lib.types.str;
default = [ "TLSv1.2" ]; default = [ "TLSv1.2" ];
description = '' description = ''
Restrict the TLS protocol versions of this policy to those Restrict the TLS protocol versions of this policy to those
@ -487,8 +484,8 @@ in {
''; '';
}; };
trustAll = mkOption { trustAll = lib.mkOption {
type = types.bool; type = lib.types.bool;
default = false; default = false;
description = '' description = ''
Makes this policy trust all remote parties. Enabling this is not Makes this policy trust all remote parties. Enabling this is not
@ -498,10 +495,10 @@ in {
''; '';
}; };
trustedDir = mkOption { trustedDir = lib.mkOption {
type = types.path; type = lib.types.path;
default = "${config.baseDirectory}/trusted"; default = "${config.baseDirectory}/trusted";
defaultText = literalExpression ''"''${config.${options.baseDirectory}}/trusted"''; defaultText = lib.literalExpression ''"''${config.${options.baseDirectory}}/trusted"'';
description = '' description = ''
Path to directory of X.509 certificates in PEM format for Path to directory of X.509 certificates in PEM format for
trusted parties. Must be an absolute path. The existence of this trusted parties. Must be an absolute path. The existence of this
@ -518,8 +515,8 @@ in {
''; '';
}; };
directoriesToCreate = mkOption { directoriesToCreate = lib.mkOption {
type = types.listOf types.path; type = lib.types.listOf lib.types.path;
internal = true; internal = true;
readOnly = true; readOnly = true;
description = '' description = ''
@ -532,9 +529,9 @@ in {
}; };
config.directoriesToCreate = optionals config.directoriesToCreate = lib.optionals
(certDirOpt.highestPrio >= 1500 && options.baseDirectory.highestPrio >= 1500) (certDirOpt.highestPrio >= 1500 && options.baseDirectory.highestPrio >= 1500)
(map (opt: opt.value) (filter isDefaultPathOption (attrValues options))); (map (opt: opt.value) (lib.filter isDefaultPathOption (lib.attrValues options)));
})); }));
default = {}; default = {};
@ -555,22 +552,22 @@ in {
config = config =
let let
# Assertion helpers # Assertion helpers
policyNameList = attrNames cfg.ssl.policies; policyNameList = lib.attrNames cfg.ssl.policies;
validPolicyNameList = [ "legacy" ] ++ policyNameList; validPolicyNameList = [ "legacy" ] ++ policyNameList;
validPolicyNameString = concatStringsSep ", " validPolicyNameList; validPolicyNameString = lib.concatStringsSep ", " validPolicyNameList;
# Capture various directories left at their default so they can be created. # Capture various directories left at their default so they can be created.
defaultDirectoriesToCreate = map (opt: opt.value) (filter isDefaultPathOption (attrValues options.services.neo4j.directories)); defaultDirectoriesToCreate = map (opt: opt.value) (lib.filter isDefaultPathOption (lib.attrValues options.services.neo4j.directories));
policyDirectoriesToCreate = concatMap (pol: pol.directoriesToCreate) (attrValues cfg.ssl.policies); policyDirectoriesToCreate = lib.concatMap (pol: pol.directoriesToCreate) (lib.attrValues cfg.ssl.policies);
in in
mkIf cfg.enable { lib.mkIf cfg.enable {
assertions = [ assertions = [
{ assertion = !elem "legacy" policyNameList; { assertion = !lib.elem "legacy" policyNameList;
message = "The policy 'legacy' is special to Neo4j, and its name is reserved."; } message = "The policy 'legacy' is special to Neo4j, and its name is reserved."; }
{ assertion = elem cfg.bolt.sslPolicy validPolicyNameList; { assertion = lib.elem cfg.bolt.sslPolicy validPolicyNameList;
message = "Invalid policy assigned: `services.neo4j.bolt.sslPolicy = \"${cfg.bolt.sslPolicy}\"`, defined policies are: ${validPolicyNameString}"; } message = "Invalid policy assigned: `services.neo4j.bolt.sslPolicy = \"${cfg.bolt.sslPolicy}\"`, defined policies are: ${validPolicyNameString}"; }
{ assertion = elem cfg.https.sslPolicy validPolicyNameList; { assertion = lib.elem cfg.https.sslPolicy validPolicyNameList;
message = "Invalid policy assigned: `services.neo4j.https.sslPolicy = \"${cfg.https.sslPolicy}\"`, defined policies are: ${validPolicyNameString}"; } message = "Invalid policy assigned: `services.neo4j.https.sslPolicy = \"${cfg.https.sslPolicy}\"`, defined policies are: ${validPolicyNameString}"; }
]; ];
@ -595,7 +592,7 @@ in {
mkdir -m 0700 -p ${cfg.directories.home}/{conf,logs} mkdir -m 0700 -p ${cfg.directories.home}/{conf,logs}
# Create other sub-directories and policy directories that have been left at their default. # Create other sub-directories and policy directories that have been left at their default.
${concatMapStringsSep "\n" ( ${lib.concatMapStringsSep "\n" (
dir: '' dir: ''
mkdir -m 0700 -p ${dir} mkdir -m 0700 -p ${dir}
'') (defaultDirectoriesToCreate ++ policyDirectoriesToCreate)} '') (defaultDirectoriesToCreate ++ policyDirectoriesToCreate)}