readme.md at mistress · soopy.moe/knotserver-module

soopy.moe / knotserver-module
fork atom
a more proper nixos module for the tangled knotserver
fork atom
knotserver-module / readme.md
at mistress 62 lines 2.8 kB view raw view rendered
wrap content
Cassie Cheung fix: compat with latest @tangled.sh/core 8mo ago
3eb304f6
 1# knotserver-module
 2
 3this flake contains an modified alternative (maybe opinionated) nixos module to the one provided in the [official core flake](https://tangled.sh/@tangled.sh/core).
 4
 5this module enables some extra things not in the official module. at time of writing, those are:
 6
 7- securely define secrets like KNOT_SERVER_SECRET via an environment file (i.e. `.env`)
 8- proper support for `services.tangled-knotserver.server.internalListenAddr`
 9- proper(-ish) support for setting a `gitUser`
10  - not 100% perfect because appview still displays `git` as the clone user.
11- allow setting extra options via environment variables with a freeform option `services.tangled-knotserver.extraConfig`
12- does not add an unnecessary overlay to your system
13  - this also fixes a pitfall where the user's nixpkgs version doesn't match the flake's nixpkgs version (and thus the imported overlay's version in the module), and there were changes to the derivation argument.
14
15and some minor opinionated things like
16
17- better fhs compliance
18  - according to some fhs is mostly a meme, but i personally don't like the idea of having executables in /etc. putting a wrapped executable in /run is probably still not compliant, but i believe it makes more sense there than a directory with mostly configuration files.
19  - logging to `/var/log/knotserver` prevents other users from messing around with repoguard, possibly a dos by just creating `/tmp/repoguard.log`.
20  - these changes should not affect usage at all, just implementation details.
21
22## usage
23
24add this flake to your inputs, then import the module to your nixos config.
25
26whilst not required, it is recommended to add the core flake and let the module flake follow that input, since i don't have all day updating this repo.
27
28```nix
29{
30  inputs = {
31    # ...other stuff like nixpkgs
32    tangled.url = "git+https://tangled.sh/@tangled.sh/core";
33    knotserver-module = {
34      url = "git+https://tangled.sh/@soopy.moe/knotserver-module";
35      inputs.tangledCore.follows = "tangled";
36    };
37  };
38
39  outputs = {nixpkgs, knotserver-module, ...}: {
40    nixosConfigurations.saturday = nixpkgs.lib.nixosSystem {
41      modules = [
42        knotserver-module.nixosModules.default
43        ./configuration.nix
44      ];
45    };
46  };
47}
48```
49
50
51## stability
52
53this module is stable to use.
54
55we're also dogfooding this module [here](https://tangled.sh/did:plc:jmr637khkdb2fdxxvoyj672m/gensokyo/blob/main/systems/koumakan/services/scm/tangled-knot.nix).
56
57please don't go to tangled for support if you use the module, make an issue on this repo instead.
58i also idle in <irc://irc.libera.chat/#tangled> as `soopyc` if you prefer instant messaging.
59
60## license
61
62mit, because i literally extracted and modified the entire module from the [original flake](https://tangled.sh/@tangled.sh/core/blob/master/flake.nix).