isabelroses.com / meowzone
forked from cool-handle.ebil.club/meowzone
beatufitull front end for ozone modration ,, wit catpucoin and ebergarden !
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

meowzone / nix / module.nix
at main 156 lines 4.0 kB view raw
cool habdle fix module
b7278195
1self: 2{ 3 config, 4 lib, 5 pkgs, 6 ... 7}: 8 9with lib; 10 11let 12 cfg = config.services.meowzone; 13in 14{ 15 options.services.meowzone = { 16 enable = mkEnableOption "meowzone. frontend for ozone"; 17 18 package = mkOption { 19 type = types.package; 20 default = self.packages.${pkgs.stdenv.hostPlatform.system}.meowzone; 21 defaultText = literalExpression "self.packages.\${pkgs.stdenv.hostPlatform.system}.meowzone"; 22 description = "The ozone package to use"; 23 }; 24 25 port = mkOption { 26 type = types.port; 27 default = 3000; 28 description = "Port to run the frontend on"; 29 }; 30 31 host = mkOption { 32 type = types.str; 33 default = "127.0.0.1"; 34 description = "Host to bind the frontend to"; 35 }; 36 37 serverDid = mkOption { 38 type = types.str; 39 description = "DID of the labeler server"; 40 example = "did:plc:example"; 41 }; 42 43 pdsUrl = mkOption { 44 type = types.str; 45 description = "URL of the labeler's PDS"; 46 example = "https://pds.example.com"; 47 }; 48 49 labelerUrl = mkOption { 50 type = types.str; 51 description = "Public URL of the labeler's backend"; 52 example = "https://ozone.example.com"; 53 }; 54 55 authentication = mkOption { 56 # either oauth or password 57 type = types.enum [ 58 "oauth" 59 "password" 60 ]; 61 default = "oauth"; 62 description = "Authentication method to use"; 63 }; 64 65 enableAdsDefault = mkOption { 66 type = types.bool; 67 default = true; 68 description = "Whether to enable ads by default for new sessions"; 69 }; 70 71 allowSelfLogin = mkOption { 72 type = types.bool; 73 default = false; 74 description = "Whether to allow the labeler account itself to log in to the frontend"; 75 }; 76 }; 77 78 config = mkIf cfg.enable { 79 systemd.services.meowzone = { 80 description = "meowzone frontend service"; 81 after = [ "network.target" ]; 82 wantedBy = [ "multi-user.target" ]; 83 84 environment = { 85 PUBLIC_LABELER_DID = cfg.serverDid; 86 PUBLIC_LABELER_URL = cfg.labelerUrl; 87 PUBLIC_PDS_URL = cfg.pdsUrl; 88 PUBLIC_AUTHENTICATION = cfg.authentication; 89 PUBLIC_ALLOW_SELF_LOGIN = if cfg.allowSelfLogin then "true" else "false"; 90 PUBLIC_ENABLE_ADS_DEFAULT = if cfg.enableAdsDefault then "true" else "false"; 91 92 PORT = toString cfg.port; 93 HOST = cfg.host; 94 NODE_ENV = "production"; 95 TZ = "Etc/UTC"; 96 }; 97 98 serviceConfig = { 99 ExecStart = getExe cfg.package; 100 Restart = "on-failure"; 101 RestartSec = 5; 102 User = "meowzone"; 103 Group = "meowzone"; 104 StandardOutput = "journal"; 105 StandardError = "journal"; 106 107 CapabilityBoundingSet = [ 108 "CAP_NET_BIND_SERVICE" 109 ]; 110 111 NoNewPrivileges = true; 112 ProtectSystem = "strict"; 113 ProtectHome = true; 114 ProtectHostname = true; 115 ProtectClock = true; 116 ProtectKernelTunables = true; 117 ProtectKernelModules = true; 118 ProtectKernelLogs = true; 119 ProtectControlGroups = true; 120 RestrictAddressFamilies = [ 121 "AF_UNIX" 122 "AF_INET" 123 "AF_INET6" 124 ]; 125 RestrictNamespaces = true; 126 LockPersonality = true; 127 RestrictRealtime = true; 128 RestrictSUIDSGID = true; 129 RemoveIPC = true; 130 PrivateMounts = true; 131 PrivateTmp = true; 132 PrivateUsers = true; 133 PrivateDevices = true; 134 MemoryDenyWriteExecute = false; # required for V8 JIT 135 SystemCallArchitectures = "native"; 136 SystemCallFilter = [ 137 "@system-service" 138 "~@privileged @resources" 139 ]; 140 SystemCallErrorNumber = "EPERM"; 141 UMask = "0077"; 142 ProcSubset = "pid"; 143 ProtectProc = "invisible"; 144 }; 145 }; 146 147 users = { 148 users.meowzone = mkIf cfg.enable { 149 isSystemUser = true; 150 group = "meowzone"; 151 description = "meowzone service user"; 152 }; 153 groups.meowzone = mkIf cfg.enable { }; 154 }; 155 }; 156}