nixos/homebox: update module (#436651)

- The systemd initrd will now respect `x-systemd.wants` and `x-systemd.requires` for reliably unlocking multi-disk bcachefs volumes.

- [`homebox` 0.20.0](https://github.com/sysadminsmedia/homebox/releases/tag/v0.20.0) changed how assets are stored and hashed. It is recommended to back up your database before this update.

- [`homebox` 0.20.0](https://github.com/sysadminsmedia/homebox/releases/tag/v0.20.0) changed how assets are stored and hashed. It is recommended to back up your database before this update. In particular, `--storage-data` was replaced with `--storage-conn-string` and `--storage-prefix-path`. If your configuration set `HBOX_STORAGE_DATA` manually, you must migrate it to `HBOX_STORAGE_CONN_STRING` and `HBOX_STORAGE_PREFIX_PATH`.

- GIMP now defaults to version 3. Use `gimp2` for the old version.

    githubId = 4572854;

    name = "Shawn Warren";

  };

  swarsel = {

    name = "Leon Schwarzäugl";

    email = "leon@swarsel.win";

    github = "Swarsel";

    githubId = 32304731;

    keys = [

      {

        fingerprint = "4BE7 9252 6228 9B47 6DBB  C17B 76FD 3810 215A E097";

      }

    ];

  };

  swdunlop = {

    email = "swdunlop@gmail.com";

    github = "swdunlop";

    mkEnableOption

    mkPackageOption

    mkDefault

    mkOption

    types

    mkIf

    ;

  defaultUser = "homebox";

  defaultGroup = "homebox";

in

{

  options.services.homebox = {

    enable = mkEnableOption "homebox";

    package = mkPackageOption pkgs "homebox" { };

    settings = lib.mkOption {

      type = types.attrsOf types.str;

    user = mkOption {

      type = types.str;

      default = defaultUser;

      description = "User account under which Homebox runs.";

    };

    group = mkOption {

      type = types.str;

      default = defaultGroup;

      description = "Group under which Homebox runs.";

    };

    settings = mkOption {

      type = types.submodule { freeformType = types.attrsOf (types.nullOr types.str); };

      defaultText = lib.literalExpression ''

        {

          HBOX_STORAGE_DATA = "/var/lib/homebox/data";

          HBOX_STORAGE_CONN_STRING = "file:///var/lib/homebox";

          HBOX_STORAGE_PREFIX_PATH = "data";

          HBOX_DATABASE_DRIVER = "sqlite3";

          HBOX_DATABASE_SQLITE_PATH = "/var/lib/homebox/data/homebox.db?_pragma=busy_timeout=999&_pragma=journal_mode=WAL&_fk=1";

          HBOX_OPTIONS_ALLOW_REGISTRATION = "false";

        }

      '';

      description = ''

        The homebox configuration as Environment variables. For definitions and available options see the upstream

        The homebox configuration as environment variables. For definitions and available options see the upstream

        [documentation](https://homebox.software/en/configure/#configure-homebox).

      '';

    };

    database = {

      createLocally = lib.mkOption {

      createLocally = mkOption {

        type = lib.types.bool;

        default = false;

        description = ''

  };

  config = mkIf cfg.enable {

    users.users.homebox = {

    assertions = [

      {

        assertion = !(cfg.settings ? HBOX_STORAGE_DATA);

        message = ''

          `services.homebox.settings.HBOX_STORAGE_DATA` has been deprecated.

          Please use `services.homebox.settings.HBOX_STORAGE_CONN_STRING` and `services.homebox.settings.HBOX_STORAGE_PREFIX_PATH` instead.

        '';

      }

    ];

    users = {

      users = mkIf (cfg.user == defaultUser) {

        ${defaultUser} = {

          description = "homebox service user";

          inherit (cfg) group;

          isSystemUser = true;

      group = "homebox";

        };

    users.groups.homebox = { };

      };

      groups = mkIf (cfg.group == defaultGroup) { ${defaultGroup} = { }; };

    };

    services.homebox.settings = lib.mkMerge [

      (lib.mapAttrs (_: mkDefault) {

        HBOX_STORAGE_DATA = "/var/lib/homebox/data";

        HBOX_STORAGE_CONN_STRING = "file:///var/lib/homebox";

        HBOX_STORAGE_PREFIX_PATH = "data";

        HBOX_DATABASE_DRIVER = "sqlite3";

        HBOX_DATABASE_SQLITE_PATH = "/var/lib/homebox/data/homebox.db?_pragma=busy_timeout=999&_pragma=journal_mode=WAL&_fk=1";

        HBOX_OPTIONS_ALLOW_REGISTRATION = "false";

        HBOX_MODE = "production";

      })

      (lib.mkIf cfg.database.createLocally {

      (mkIf cfg.database.createLocally {

        HBOX_DATABASE_DRIVER = "postgres";

        HBOX_DATABASE_HOST = "/run/postgresql";

        HBOX_DATABASE_USERNAME = "homebox";

        HBOX_DATABASE_PORT = toString config.services.postgresql.settings.port;

      })

    ];

    services.postgresql = lib.mkIf cfg.database.createLocally {

    services.postgresql = mkIf cfg.database.createLocally {

      enable = true;

      ensureDatabases = [ "homebox" ];

      ensureUsers = [

    systemd.services.homebox = {

      requires = lib.optional cfg.database.createLocally "postgresql.target";

      after = lib.optional cfg.database.createLocally "postgresql.target";

      environment = cfg.settings;

      environment = lib.filterAttrs (_: v: v != null) cfg.settings;

      serviceConfig = {

        User = "homebox";

        Group = "homebox";

        User = cfg.user;

        Group = cfg.group;

        ExecStart = lib.getExe cfg.package;

        StateDirectory = "homebox";

        WorkingDirectory = "/var/lib/homebox";

        LimitNOFILE = "1048576";

        PrivateTmp = true;

        PrivateDevices = true;

        StateDirectoryMode = "0700";

        Restart = "always";

        StateDirectory = "homebox";

        # Hardening

        CapabilityBoundingSet = "";

      wantedBy = [ "multi-user.target" ];

    };

  };

  meta.maintainers = with lib.maintainers; [ patrickdag ];

  meta.maintainers = with lib.maintainers; [

    patrickdag

    swarsel

  ];

}