From cf52591a0a179e2296cc14f53b9611b43ab9f594 Mon Sep 17 00:00:00 2001 From: Jonas Heinrich Date: Sat, 22 Oct 2022 12:01:05 +0200 Subject: [PATCH] nixos/manticore: init module --- .../manual/release-notes/rl-2405.section.md | 2 + nixos/modules/module-list.nix | 1 + nixos/modules/services/search/manticore.nix | 131 ++++++++++++++++++ 3 files changed, 134 insertions(+) create mode 100644 nixos/modules/services/search/manticore.nix diff --git a/nixos/doc/manual/release-notes/rl-2405.section.md b/nixos/doc/manual/release-notes/rl-2405.section.md index 988632fc44349..3c156e528bbc9 100644 --- a/nixos/doc/manual/release-notes/rl-2405.section.md +++ b/nixos/doc/manual/release-notes/rl-2405.section.md @@ -104,6 +104,8 @@ Use `services.pipewire.extraConfig` or `services.pipewire.configPackages` for Pi - [dnsproxy](https://github.com/AdguardTeam/dnsproxy), a simple DNS proxy with DoH, DoT, DoQ and DNSCrypt support. Available as [services.dnsproxy](#opt-services.dnsproxy.enable). +- [manticoresearch](https://manticoresearch.com), easy to use open source fast database for search. Available as [services.manticore](#opt-services.manticore.enable). + - [rspamd-trainer](https://gitlab.com/onlime/rspamd-trainer), script triggered by a helper which reads mails from a specific mail inbox and feeds them into rspamd for spam/ham training. - [ollama](https://ollama.ai), server for running large language models locally. diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index a45507d5ee3cd..8d63c48ad03a5 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -1219,6 +1219,7 @@ ./services/search/elasticsearch-curator.nix ./services/search/elasticsearch.nix ./services/search/hound.nix + ./services/search/manticore.nix ./services/search/meilisearch.nix ./services/search/opensearch.nix ./services/search/qdrant.nix diff --git a/nixos/modules/services/search/manticore.nix b/nixos/modules/services/search/manticore.nix new file mode 100644 index 0000000000000..a8fcd9d0b3820 --- /dev/null +++ b/nixos/modules/services/search/manticore.nix @@ -0,0 +1,131 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + cfg = config.services.manticore; + format = pkgs.formats.json { }; + + toSphinx = { + mkKeyValue ? mkKeyValueDefault {} "=", + listsAsDuplicateKeys ? true + }: attrsOfAttrs: + let + # map function to string for each key val + mapAttrsToStringsSep = sep: mapFn: attrs: + concatStringsSep sep + (mapAttrsToList mapFn attrs); + mkSection = sectName: sectValues: '' + ${sectName} { + '' + lib.generators.toKeyValue { inherit mkKeyValue listsAsDuplicateKeys; } sectValues + ''}''; + in + # map input to ini sections + mapAttrsToStringsSep "\n" mkSection attrsOfAttrs; + + configFile = pkgs.writeText "manticore.conf" ( + toSphinx { + mkKeyValue = k: v: " ${k} = ${v}"; + } cfg.settings + ); + +in { + + options = { + services.manticore = { + + enable = mkEnableOption "Manticoresearch"; + + settings = mkOption { + default = { + searchd = { + listen = [ + "127.0.0.1:9312" + "127.0.0.1:9306:mysql" + "127.0.0.1:9308:http" + ]; + log = "/var/log/manticore/searchd.log"; + query_log = "/var/log/manticore/query.log"; + pid_file = "/run/manticore/searchd.pid"; + data_dir = "/var/lib/manticore"; + }; + }; + description = '' + Configuration for Manticoresearch. See + + for more information. + ''; + type = types.submodule { + freeformType = format.type; + }; + example = literalExpression '' + { + searchd = { + listen = [ + "127.0.0.1:9312" + "127.0.0.1:9306:mysql" + "127.0.0.1:9308:http" + ]; + log = "/var/log/manticore/searchd.log"; + query_log = "/var/log/manticore/query.log"; + pid_file = "/run/manticore/searchd.pid"; + data_dir = "/var/lib/manticore"; + }; + } + ''; + }; + + }; + }; + + config = mkIf cfg.enable { + + systemd = { + packages = [ pkgs.manticoresearch ]; + services.manticore = { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + serviceConfig = { + ExecStart = [ + "" + "${pkgs.manticoresearch}/bin/searchd --config ${configFile}" + ]; + ExecStop = [ + "" + "${pkgs.manticoresearch}/bin/searchd --config ${configFile} --stopwait" + ]; + ExecStartPre = [ "" ]; + DynamicUser = true; + LogsDirectory = "manticore"; + RuntimeDirectory = "manticore"; + StateDirectory = "manticore"; + ReadWritePaths = ""; + CapabilityBoundingSet = ""; + RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ]; + RestrictNamespaces = true; + PrivateDevices = true; + PrivateUsers = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + SystemCallArchitectures = "native"; + SystemCallFilter = [ "@system-service" "~@privileged" ]; + RestrictRealtime = true; + LockPersonality = true; + MemoryDenyWriteExecute = true; + UMask = "0066"; + ProtectHostname = true; + } // lib.optionalAttrs (cfg.settings.searchd.pid_file != null) { + PIDFile = cfg.settings.searchd.pid_file; + }; + }; + }; + + }; + + meta.maintainers = with lib.maintainers; [ onny ]; + +}