talexander/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Releases Activity

nixos/orthanc: init

Browse Source
This commit is contained in:
Pol Dellaiera 2025-03-14 09:09:38 +01:00
parent aca5621685
commit 933f835219
6 changed files with 170 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/doc/manual/release-notes/rl-2505.section.md
View File

@ -187,6 +187,8 @@
- [Limine](https://github.com/limine-bootloader/limine) a modern, advanced, portable, multiprotocol bootloader and boot manager. Available as [boot.loader.limine](#opt-boot.loader.limine.enable)
- [Orthanc](https://orthanc.uclouvain.be/) a lightweight, RESTful DICOM server for healthcare and medical research. Available as [services.orthanc](#opt-services.orthanc.enable).
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
## Backward Incompatibilities {#sec-release-25.05-incompatibilities}

1
nixos/modules/module-list.nix
View File

@ -848,6 +848,7 @@
./services/misc/ombi.nix
./services/misc/omnom.nix
./services/misc/open-webui.nix
./services/misc/orthanc.nix
./services/misc/osrm.nix
./services/misc/owncast.nix
./services/misc/packagekit.nix

134
nixos/modules/services/misc/orthanc.nix Normal file
View File

@ -0,0 +1,134 @@
{
config,
options,
lib,
pkgs,
...
}:
let
inherit (lib) types;
cfg = config.services.orthanc;
opt = options.services.orthanc;
settingsFormat = pkgs.formats.json { };
in
{
options = {
services.orthanc = {
enable = lib.mkEnableOption "Orthanc server";
package = lib.mkPackageOption pkgs "orthanc" { };
stateDir = lib.mkOption {
type = types.path;
default = "/var/lib/orthanc";
example = "/home/foo";
description = "State directory of Orthanc.";
};
environment = lib.mkOption {
type = types.attrsOf types.str;
default = {
};
example = ''
{
ORTHANC_NAME = "Orthanc server";
}
'';
description = ''
Extra environment variables
For more details see <https://orthanc.uclouvain.be/book/users/configuration.html>
'';
};
environmentFile = lib.mkOption {
description = ''
Environment file to be passed to the systemd service.
Useful for passing secrets to the service to prevent them from being
world-readable in the Nix store.
'';
type = lib.types.nullOr lib.types.path;
default = null;
example = "/var/lib/secrets/orthancSecrets";
};
settings = lib.mkOption {
type = lib.types.submodule {
freeformType = settingsFormat.type;
};
default = {
HttpPort = lib.mkDefault 8042;
IndexDirectory = lib.mkDefault "/var/lib/orthanc/";
StorageDirectory = lib.mkDefault "/var/lib/orthanc/";
};
example = {
Name = "My Orthanc Server";
HttpPort = 12345;
};
description = ''
Configuration written to a json file that is read by orthanc.
See <https://orthanc.uclouvain.be/book/index.html> for more.
'';
};
openFirewall = lib.mkOption {
type = types.bool;
default = false;
description = ''
Whether to open the firewall for Orthanc.
This adds `services.orthanc.settings.HttpPort` to `networking.firewall.allowedTCPPorts`.
'';
};
};
};
config = lib.mkIf cfg.enable {
services.orthanc.settings = options.services.orthanc.settings.default;
systemd.services.orthanc = {
description = "Orthanc is a lightweight, RESTful DICOM server for healthcare and medical research";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
environment = cfg.environment;
serviceConfig =
let
config-json = settingsFormat.generate "orthanc-config.json" (cfg.settings);
in
{
ExecStart = "${lib.getExe cfg.package} ${config-json}";
EnvironmentFile = lib.optional (cfg.environmentFile != null) cfg.environmentFile;
WorkingDirectory = cfg.stateDir;
BindReadOnlyPaths = [
"-/etc/localtime"
];
StateDirectory = "orthanc";
RuntimeDirectory = "orthanc";
RuntimeDirectoryMode = "0755";
PrivateTmp = true;
DynamicUser = true;
DevicePolicy = "closed";
LockPersonality = true;
PrivateUsers = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectControlGroups = true;
RestrictNamespaces = true;
RestrictRealtime = true;
SystemCallArchitectures = "native";
UMask = "0077";
};
};
networking.firewall = lib.mkIf cfg.openFirewall { allowedTCPPorts = [ cfg.settings.HttpPort ]; };
# Orthanc requires /etc/localtime to be present
time.timeZone = lib.mkDefault "UTC";
};
meta.maintainers = with lib.maintainers; [ drupol ];
}

1
nixos/tests/all-tests.nix
View File

@ -862,6 +862,7 @@ in {
opentelemetry-collector = handleTest ./opentelemetry-collector.nix {};
open-web-calendar = handleTest ./web-apps/open-web-calendar.nix {};
ocsinventory-agent = handleTestOn [ "x86_64-linux" "aarch64-linux" ] ./ocsinventory-agent.nix {};
orthanc = runTest ./orthanc.nix;
owncast = handleTest ./owncast.nix {};
outline = handleTest ./outline.nix {};
image-contents = handleTest ./image-contents.nix {};

27
nixos/tests/orthanc.nix Normal file
View File

@ -0,0 +1,27 @@
{ lib, ... }:
{
name = "orthanc";
nodes = {
machine =
{ pkgs, ... }:
{
services.orthanc = {
enable = true;
settings = {
HttpPort = 12345;
};
};
};
};
testScript = ''
machine.start()
machine.wait_for_unit("orthanc.service")
machine.wait_for_open_port(12345)
machine.wait_for_open_port(4242)
'';
meta.maintainers = [ lib.maintainers.drupol ];
}

5
pkgs/by-name/or/orthanc/package.nix
View File

@ -22,6 +22,7 @@
sqlite,
unzip,
versionCheckHook,
nixosTests,
}:
stdenv.mkDerivation (finalAttrs: {
@ -104,6 +105,10 @@ stdenv.mkDerivation (finalAttrs: {
versionCheckProgramArg = "--version";
doInstallCheck = true;
passthru.tests = {
inherit (nixosTests) orthanc;
};
meta = {
description = "Orthanc is a lightweight, RESTful DICOM server for healthcare and medical research";
homepage = "https://www.orthanc-server.com/";