nixos/lubelogger: init (#371458)

    githubId = 5409401;

    name = "Bradley Cooley";

  };

  bct = {

    email = "bct@diffeq.com";

    github = "bct";

    githubId = 548;

    name = "Brendan Taylor";

  };

  bcyran = {

    email = "bazyli@cyran.dev";

    github = "bcyran";

- [Szurubooru](https://github.com/rr-/szurubooru), an image board engine inspired by services such as Danbooru, dedicated for small and medium communities. Available as [services.szurubooru](#opt-services.szurubooru.enable).

- [LubeLogger](https://lubelogger.com/), a vehicle maintenance and fuel mileage tracker.

  Available as [services.lubelogger](#opt-services.lubelogger.enable).

- The [Neat IP Address Planner](https://spritelink.github.io/NIPAP/) (NIPAP) can now be enabled through [services.nipap.enable](#opt-services.nipap.enable).

- [tpm2-totp](https://github.com/tpm2-software/tpm2-totp) can now be used to show a TOTP during boot using Plymouth. Available as [boot.plymouth.tpm2-totp](#opt-boot.plymouth.tpm2-totp.enable).

  ./services/web-apps/libretranslate.nix

  ./services/web-apps/limesurvey.nix

  ./services/web-apps/linkwarden.nix

  ./services/web-apps/lubelogger.nix

  ./services/web-apps/mainsail.nix

  ./services/web-apps/mastodon.nix

  ./services/web-apps/matomo.nix

{

  config,

  lib,

  pkgs,

  ...

}:

let

  cfg = config.services.lubelogger;

in

{

  meta.maintainers = with lib.maintainers; [

    bct

    lyndeno

  ];

  options = {

    services.lubelogger = {

      enable = lib.mkEnableOption "LubeLogger, a self-hosted, open-source, web-based vehicle maintenance and fuel milage tracker";

      package = lib.mkPackageOption pkgs "lubelogger" { };

      dataDir = lib.mkOption {

        description = "Path to LubeLogger config and metadata inside of `/var/lib/`.";

        default = "lubelogger";

        type = lib.types.str;

      };

      port = lib.mkOption {

        description = "The TCP port LubeLogger will listen on.";

        default = 5000;

        type = lib.types.port;

      };

      user = lib.mkOption {

        description = "User account under which LubeLogger runs.";

        default = "lubelogger";

        type = lib.types.str;

      };

      group = lib.mkOption {

        description = "Group under which LubeLogger runs.";

        default = "lubelogger";

        type = lib.types.str;

      };

      openFirewall = lib.mkOption {

        description = "Open ports in the firewall for the LubeLogger web interface.";

        default = false;

        type = lib.types.bool;

      };

      settings = lib.mkOption {

        type = with lib.types; attrsOf str;

        default = { };

        example = {

          LUBELOGGER_ALLOWED_FILE_EXTENSIONS = "";

          LUBELOGGER_LOGO_URL = "";

        };

        description = ''

          Additional configuration for LubeLogger, see <https://docs.lubelogger.com/Environment%20Variables> for supported values.

        '';

      };

      environmentFile = lib.mkOption {

        type = lib.types.nullOr lib.types.path;

        default = null;

        example = "/run/secrets/lubelogger";

        description = ''

          Path to a file containing extra LubeLogger config options in the systemd `EnvironmentFile` format.

          Refer to the [documentation] for supported options.

          [documentation]: https://docs.lubelogger.com/Advanced/Environment%20Variables

          This can be used to pass secrets to LubeLogger without putting them in the Nix store.

          For example, to set an SMTP password, point `environmentFile` at a file containing:

          ```

          MailConfig__Password=<pass>

          ```

        '';

      };

    };

  };

  config = lib.mkIf cfg.enable {

    systemd.services.lubelogger = {

      description = "LubeLogger";

      after = [ "network.target" ];

      wantedBy = [ "multi-user.target" ];

      environment = {

        Kestrel__Endpoints__Http__Url = "http://localhost:${toString cfg.port}";

      }

      // cfg.settings;

      serviceConfig = {

        Type = "simple";

        User = cfg.user;

        Group = cfg.group;

        StateDirectory = cfg.dataDir;

        WorkingDirectory = "/var/lib/${cfg.dataDir}";

        ExecStart = lib.getExe cfg.package;

        EnvironmentFile = lib.mkIf (cfg.environmentFile != null) cfg.environmentFile;

        Restart = "on-failure";

        CapabilityBoundingSet = [ "" ];

        DeviceAllow = [ "" ];

        PrivateDevices = true;

        PrivateTmp = true;

        ProtectHome = true;

        RestrictAddressFamilies = [

          "AF_UNIX"

          "AF_INET"

          "AF_INET6"

        ];

        RestrictNamespaces = true;

      };

    };

    users.users = lib.mkIf (cfg.user == "lubelogger") {

      lubelogger = {

        isSystemUser = true;

        group = cfg.group;

        home = "/var/lib/${cfg.dataDir}";

      };

    };

    users.groups = lib.mkIf (cfg.group == "lubelogger") { lubelogger = { }; };

    networking.firewall = lib.mkIf cfg.openFirewall { allowedTCPPorts = [ cfg.port ]; };

  };

}