mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-09-29 15:43:00 +00:00
Merge pull request #320060 from PatrickDaG/homebox
homebox: init at 0.13.0; nixos/homebox: init
This commit is contained in:
commit
69701a3807
@ -51,6 +51,8 @@
|
||||
|
||||
- [Immersed VR](https://immersed.com/), a closed-source coworking platform. Available as [programs.immersed-vr](#opt-programs.immersed-vr.enable).
|
||||
|
||||
- [HomeBox](https://github.com/hay-kot/homebox/): the inventory and organization system built for the Home User. Available as [services.homebox](#opt-services.homebox.enable).
|
||||
|
||||
- [Renovate](https://github.com/renovatebot/renovate), a dependency updating tool for various git forges and language ecosystems. Available as [services.renovate](#opt-services.renovate.enable).
|
||||
|
||||
- [Music Assistant](https://music-assistant.io/), a music library manager for your offline and online music sources which can easily stream your favourite music to a wide range of supported players. Available as [services.music-assistant](#opt-services.music-assistant.enable).
|
||||
|
@ -1418,6 +1418,7 @@
|
||||
./services/web-apps/healthchecks.nix
|
||||
./services/web-apps/hedgedoc.nix
|
||||
./services/web-apps/hledger-web.nix
|
||||
./services/web-apps/homebox.nix
|
||||
./services/web-apps/honk.nix
|
||||
./services/web-apps/icingaweb2/icingaweb2.nix
|
||||
./services/web-apps/icingaweb2/module-monitoring.nix
|
||||
|
98
nixos/modules/services/web-apps/homebox.nix
Normal file
98
nixos/modules/services/web-apps/homebox.nix
Normal file
@ -0,0 +1,98 @@
|
||||
{
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.services.homebox;
|
||||
inherit (lib)
|
||||
mkEnableOption
|
||||
mkPackageOption
|
||||
mkDefault
|
||||
types
|
||||
mkIf
|
||||
;
|
||||
in
|
||||
{
|
||||
options.services.homebox = {
|
||||
enable = mkEnableOption "homebox";
|
||||
package = mkPackageOption pkgs "homebox" { };
|
||||
settings = lib.mkOption {
|
||||
type = types.attrsOf types.str;
|
||||
defaultText = ''
|
||||
HBOX_STORAGE_DATA = "/var/lib/homebox/data";
|
||||
HBOX_STORAGE_SQLITE_URL = "/var/lib/homebox/data/homebox.db?_pragma=busy_timeout=999&_pragma=journal_mode=WAL&_fk=1";
|
||||
HBOX_OPTIONS_ALLOW_REGISTRATION = "false";
|
||||
HBOX_MODE = "production";
|
||||
'';
|
||||
description = ''
|
||||
The homebox configuration as Environment variables. For definitions and available options see the upstream
|
||||
[documentation](https://hay-kot.github.io/homebox/quick-start/#env-variables-configuration).
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
users.users.homebox = {
|
||||
isSystemUser = true;
|
||||
group = "homebox";
|
||||
};
|
||||
users.groups.homebox = { };
|
||||
services.homebox.settings = {
|
||||
HBOX_STORAGE_DATA = mkDefault "/var/lib/homebox/data";
|
||||
HBOX_STORAGE_SQLITE_URL = mkDefault "/var/lib/homebox/data/homebox.db?_pragma=busy_timeout=999&_pragma=journal_mode=WAL&_fk=1";
|
||||
HBOX_OPTIONS_ALLOW_REGISTRATION = mkDefault "false";
|
||||
HBOX_MODE = mkDefault "production";
|
||||
};
|
||||
systemd.services.homebox = {
|
||||
after = [ "network.target" ];
|
||||
environment = cfg.settings;
|
||||
serviceConfig = {
|
||||
User = "homebox";
|
||||
Group = "homebox";
|
||||
ExecStart = lib.getExe cfg.package;
|
||||
StateDirectory = "homebox";
|
||||
WorkingDirectory = "/var/lib/homebox";
|
||||
LimitNOFILE = "1048576";
|
||||
PrivateTmp = true;
|
||||
PrivateDevices = true;
|
||||
StateDirectoryMode = "0700";
|
||||
Restart = "always";
|
||||
|
||||
# Hardening
|
||||
CapabilityBoundingSet = "";
|
||||
LockPersonality = true;
|
||||
MemoryDenyWriteExecute = true;
|
||||
PrivateUsers = true;
|
||||
ProtectClock = true;
|
||||
ProtectControlGroups = true;
|
||||
ProtectHome = true;
|
||||
ProtectHostname = true;
|
||||
ProtectKernelLogs = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectKernelTunables = true;
|
||||
ProtectProc = "invisible";
|
||||
ProcSubset = "pid";
|
||||
ProtectSystem = "strict";
|
||||
RestrictAddressFamilies = [
|
||||
"AF_INET"
|
||||
"AF_INET6"
|
||||
"AF_NETLINK"
|
||||
];
|
||||
RestrictNamespaces = true;
|
||||
RestrictRealtime = true;
|
||||
SystemCallArchitectures = "native";
|
||||
SystemCallFilter = [
|
||||
"@system-service"
|
||||
"@pkey"
|
||||
];
|
||||
RestrictSUIDSGID = true;
|
||||
PrivateMounts = true;
|
||||
UMask = "0077";
|
||||
};
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
};
|
||||
};
|
||||
meta.maintainers = with lib.maintainers; [ patrickdag ];
|
||||
}
|
@ -421,6 +421,7 @@ in {
|
||||
hddfancontrol = handleTest ./hddfancontrol.nix {};
|
||||
hedgedoc = handleTest ./hedgedoc.nix {};
|
||||
herbstluftwm = handleTest ./herbstluftwm.nix {};
|
||||
homebox = handleTest ./homebox.nix {};
|
||||
homepage-dashboard = handleTest ./homepage-dashboard.nix {};
|
||||
honk = runTest ./honk.nix;
|
||||
installed-tests = pkgs.recurseIntoAttrs (handleTest ./installed-tests {});
|
||||
|
26
nixos/tests/homebox.nix
Normal file
26
nixos/tests/homebox.nix
Normal file
@ -0,0 +1,26 @@
|
||||
import ./make-test-python.nix (
|
||||
{ pkgs, ... }:
|
||||
let
|
||||
port = "7745";
|
||||
in
|
||||
{
|
||||
name = "homebox";
|
||||
meta = with pkgs.lib.maintainers; {
|
||||
maintainers = [ patrickdag ];
|
||||
};
|
||||
nodes.machine = {
|
||||
services.homebox = {
|
||||
enable = true;
|
||||
settings.HBOX_WEB_PORT = port;
|
||||
};
|
||||
};
|
||||
testScript = ''
|
||||
machine.wait_for_unit("homebox.service")
|
||||
machine.wait_for_open_port(${port})
|
||||
|
||||
machine.succeed("curl --fail -X GET 'http://localhost:${port}/'")
|
||||
out = machine.succeed("curl --fail 'http://localhost:${port}/api/v1/status'")
|
||||
assert '"health":true' in out
|
||||
'';
|
||||
}
|
||||
)
|
83
pkgs/by-name/ho/homebox/package.nix
Normal file
83
pkgs/by-name/ho/homebox/package.nix
Normal file
@ -0,0 +1,83 @@
|
||||
{
|
||||
lib,
|
||||
buildGoModule,
|
||||
fetchFromGitHub,
|
||||
pnpm,
|
||||
nodejs,
|
||||
go,
|
||||
git,
|
||||
cacert,
|
||||
}:
|
||||
let
|
||||
pname = "homebox";
|
||||
version = "0.13.0";
|
||||
src = fetchFromGitHub {
|
||||
owner = "sysadminsmedia";
|
||||
repo = "homebox";
|
||||
rev = "v${version}";
|
||||
hash = "sha256-mhb4q0ja94TjvOzl28WVb3uzkR9MKlqifFJgUo6hfrA=";
|
||||
};
|
||||
in
|
||||
buildGoModule {
|
||||
inherit pname version src;
|
||||
|
||||
vendorHash = "sha256-QRmP6ichKjwDWEx13sEs1oetc4nojGyJnKafAATTNTA=";
|
||||
modRoot = "backend";
|
||||
# the goModules derivation inherits our buildInputs and buildPhases
|
||||
# Since we do pnpm thing in those it fails if we don't explicitely remove them
|
||||
overrideModAttrs = _: {
|
||||
nativeBuildInputs = [
|
||||
go
|
||||
git
|
||||
cacert
|
||||
];
|
||||
preBuild = "";
|
||||
};
|
||||
|
||||
pnpmDeps = pnpm.fetchDeps {
|
||||
inherit pname version;
|
||||
src = "${src}/frontend";
|
||||
hash = "sha256-MdTZJ/Ichpwc54r7jZjiFD12YOdRzHSuzRZ/PnDk2mY=";
|
||||
};
|
||||
pnpmRoot = "../frontend";
|
||||
|
||||
env.NUXT_TELEMETRY_DISABLED = 1;
|
||||
|
||||
preBuild = ''
|
||||
pushd ../frontend
|
||||
|
||||
pnpm build
|
||||
|
||||
popd
|
||||
|
||||
mkdir -p ./app/api/static/public
|
||||
cp -r ../frontend/.output/public/* ./app/api/static/public
|
||||
'';
|
||||
|
||||
nativeBuildInputs = [
|
||||
pnpm
|
||||
pnpm.configHook
|
||||
nodejs
|
||||
];
|
||||
|
||||
CGO_ENABLED = 0;
|
||||
GOOS = "linux";
|
||||
doCheck = false;
|
||||
|
||||
ldflags = [
|
||||
"-s"
|
||||
"-w"
|
||||
"-extldflags=-static"
|
||||
"-X main.version=${version}"
|
||||
"-X main.commit=${version}"
|
||||
];
|
||||
|
||||
meta = {
|
||||
mainProgram = "api";
|
||||
homepage = "https://hay-kot.github.io/homebox/";
|
||||
description = "Inventory and organization system built for the Home User";
|
||||
maintainers = with lib.maintainers; [ patrickdag ];
|
||||
license = lib.licenses.agpl3Only;
|
||||
platforms = lib.platforms.linux;
|
||||
};
|
||||
}
|
Loading…
Reference in New Issue
Block a user