cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
nixpkgs/nixos/modules/services/network-filesystems/rsyncd.nix
pennae ef176dcf7e nixos/*: automatically convert option descriptions 
conversions were done using https://github.com/pennae/nix-doc-munge
using (probably) rev f34e145 running

    nix-doc-munge nixos/**/*.nix
    nix-doc-munge --import nixos/**/*.nix

the tool ensures that only changes that could affect the generated
manual *but don't* are committed, other changes require manual review
and are discarded.
2022-08-31 16:32:53 +02:00

127 lines
3.2 KiB
Nix
Raw Blame History

{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.rsyncd;
settingsFormat = pkgs.formats.ini { };
configFile = settingsFormat.generate "rsyncd.conf" cfg.settings;
in {
options = {
services.rsyncd = {
enable = mkEnableOption (lib.mdDoc "the rsync daemon");
port = mkOption {
default = 873;
type = types.port;
description = lib.mdDoc "TCP port the daemon will listen on.";
};
settings = mkOption {
inherit (settingsFormat) type;
default = { };
example = {
global = {
uid = "nobody";
gid = "nobody";
"use chroot" = true;
"max connections" = 4;
};
ftp = {
path = "/var/ftp/./pub";
comment = "whole ftp area";
};
cvs = {
path = "/data/cvs";
comment = "CVS repository (requires authentication)";
"auth users" = [ "tridge" "susan" ];
"secrets file" = "/etc/rsyncd.secrets";
};
};
description = lib.mdDoc ''
Configuration for rsyncd. See
{manpage}`rsyncd.conf(5)`.
'';
};
socketActivated = mkOption {
default = false;
type = types.bool;
description =
lib.mdDoc "If enabled Rsync will be socket-activated rather than run persistently.";
};
};
};
imports = (map (option:
mkRemovedOptionModule [ "services" "rsyncd" option ]
"This option was removed in favor of `services.rsyncd.settings`.") [
"address"
"extraConfig"
"motd"
"user"
"group"
]);
config = mkIf cfg.enable {
services.rsyncd.settings.global.port = toString cfg.port;
systemd = let
serviceConfigSecurity = {
ProtectSystem = "full";
PrivateDevices = "on";
NoNewPrivileges = "on";
};
in {
services.rsync = {
enable = !cfg.socketActivated;
aliases = [ "rsyncd.service" ];
description = "fast remote file copy program daemon";
after = [ "network.target" ];
documentation = [ "man:rsync(1)" "man:rsyncd.conf(5)" ];
serviceConfig = serviceConfigSecurity // {
ExecStart =
"${pkgs.rsync}/bin/rsync --daemon --no-detach --config=${configFile}";
RestartSec = 1;
};
wantedBy = [ "multi-user.target" ];
};
services."rsync@" = {
description = "fast remote file copy program daemon";
after = [ "network.target" ];
serviceConfig = serviceConfigSecurity // {
ExecStart = "${pkgs.rsync}/bin/rsync --daemon --config=${configFile}";
StandardInput = "socket";
StandardOutput = "inherit";
StandardError = "journal";
};
};
sockets.rsync = {
enable = cfg.socketActivated;
description = "socket for fast remote file copy program daemon";
conflicts = [ "rsync.service" ];
listenStreams = [ (toString cfg.port) ];
socketConfig.Accept = true;
wantedBy = [ "sockets.target" ];
};
};
};
meta.maintainers = with lib.maintainers; [ ehmry ];
# TODO: socket activated rsyncd
}
Reference in a new issue View git blame Copy permalink