Loading nixos/modules/module-list.nix +1 −0 Original line number Diff line number Diff line Loading @@ -382,6 +382,7 @@ ./services/databases/pgmanage.nix ./services/databases/postgresql.nix ./services/databases/redis.nix ./services/databases/surrealdb.nix ./services/databases/victoriametrics.nix ./services/desktops/accountsservice.nix ./services/desktops/bamf.nix Loading nixos/modules/services/databases/surrealdb.nix 0 → 100644 +79 −0 Original line number Diff line number Diff line { config, lib, pkgs, ... }: with lib; let cfg = config.services.surrealdb; in { options = { services.surrealdb = { enable = mkEnableOption (lib.mdDoc "A scalable, distributed, collaborative, document-graph database, for the realtime web "); dbPath = mkOption { type = types.str; description = lib.mdDoc '' The path that surrealdb will write data to. Use null for in-memory. Can be one of "memory", "file://:path", "tikv://:addr". ''; default = "file:///var/lib/surrealdb/"; example = "memory"; }; host = mkOption { type = types.str; description = lib.mdDoc '' The host that surrealdb will connect to. ''; default = "127.0.0.1"; example = "127.0.0.1"; }; port = mkOption { type = types.port; description = lib.mdDoc '' The port that surrealdb will connect to. ''; default = 8000; example = 8000; }; }; }; config = mkIf cfg.enable { # Used to connect to the running service environment.systemPackages = [ pkgs.surrealdb ] ; systemd.services.surrealdb = { description = "A scalable, distributed, collaborative, document-graph database, for the realtime web "; wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; serviceConfig = { ExecStart = "${pkgs.surrealdb}/bin/surreal start --bind ${cfg.host}:${toString cfg.port} ${optionalString (cfg.dbPath != null) "-- ${cfg.dbPath}"}"; DynamicUser = true; Restart = "on-failure"; StateDirectory = "surrealdb"; CapabilityBoundingSet = ""; NoNewPrivileges = true; PrivateTmp = true; ProtectHome = true; ProtectClock = true; ProtectProc = "noaccess"; ProcSubset = "pid"; ProtectKernelLogs = true; ProtectKernelModules = true; ProtectKernelTunables = true; ProtectControlGroups = true; ProtectHostname = true; RestrictSUIDSGID = true; RestrictRealtime = true; RestrictNamespaces = true; LockPersonality = true; RemoveIPC = true; SystemCallFilter = [ "@system-service" "~@privileged" ]; }; }; }; } pkgs/servers/nosql/surrealdb/default.nix +2 −0 Original line number Diff line number Diff line Loading @@ -31,6 +31,8 @@ rustPlatform.buildRustPackage rec { nativeBuildInputs = [ pkg-config # needed on top of LIBCLANG_PATH to compile rquickjs llvmPackages.clang ]; buildInputs = [ openssl ] Loading Loading
nixos/modules/module-list.nix +1 −0 Original line number Diff line number Diff line Loading @@ -382,6 +382,7 @@ ./services/databases/pgmanage.nix ./services/databases/postgresql.nix ./services/databases/redis.nix ./services/databases/surrealdb.nix ./services/databases/victoriametrics.nix ./services/desktops/accountsservice.nix ./services/desktops/bamf.nix Loading
nixos/modules/services/databases/surrealdb.nix 0 → 100644 +79 −0 Original line number Diff line number Diff line { config, lib, pkgs, ... }: with lib; let cfg = config.services.surrealdb; in { options = { services.surrealdb = { enable = mkEnableOption (lib.mdDoc "A scalable, distributed, collaborative, document-graph database, for the realtime web "); dbPath = mkOption { type = types.str; description = lib.mdDoc '' The path that surrealdb will write data to. Use null for in-memory. Can be one of "memory", "file://:path", "tikv://:addr". ''; default = "file:///var/lib/surrealdb/"; example = "memory"; }; host = mkOption { type = types.str; description = lib.mdDoc '' The host that surrealdb will connect to. ''; default = "127.0.0.1"; example = "127.0.0.1"; }; port = mkOption { type = types.port; description = lib.mdDoc '' The port that surrealdb will connect to. ''; default = 8000; example = 8000; }; }; }; config = mkIf cfg.enable { # Used to connect to the running service environment.systemPackages = [ pkgs.surrealdb ] ; systemd.services.surrealdb = { description = "A scalable, distributed, collaborative, document-graph database, for the realtime web "; wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; serviceConfig = { ExecStart = "${pkgs.surrealdb}/bin/surreal start --bind ${cfg.host}:${toString cfg.port} ${optionalString (cfg.dbPath != null) "-- ${cfg.dbPath}"}"; DynamicUser = true; Restart = "on-failure"; StateDirectory = "surrealdb"; CapabilityBoundingSet = ""; NoNewPrivileges = true; PrivateTmp = true; ProtectHome = true; ProtectClock = true; ProtectProc = "noaccess"; ProcSubset = "pid"; ProtectKernelLogs = true; ProtectKernelModules = true; ProtectKernelTunables = true; ProtectControlGroups = true; ProtectHostname = true; RestrictSUIDSGID = true; RestrictRealtime = true; RestrictNamespaces = true; LockPersonality = true; RemoveIPC = true; SystemCallFilter = [ "@system-service" "~@privileged" ]; }; }; }; }
pkgs/servers/nosql/surrealdb/default.nix +2 −0 Original line number Diff line number Diff line Loading @@ -31,6 +31,8 @@ rustPlatform.buildRustPackage rec { nativeBuildInputs = [ pkg-config # needed on top of LIBCLANG_PATH to compile rquickjs llvmPackages.clang ]; buildInputs = [ openssl ] Loading
