diff --git a/ep3-bs.nix b/ep3-bs.nix index 71c72a3..483ee72 100644 --- a/ep3-bs.nix +++ b/ep3-bs.nix @@ -4,6 +4,8 @@ with lib; let cfg = config.services.ep3-bs; + useSmtp = cfg.mail.type == "smtp" || cfg.mail.type == "smtp-tls"; + ep3-bs-pkg = with pkgs; @@ -49,16 +51,16 @@ let 'port' => null, ), 'mail' => array( - 'type' => 'sendmail', // or 'smtp' or 'smtp-tls' (or 'file', to not send, but save to file (data/mails/)) - 'address' => 'info@test.de', + 'type' => '${cfg.mail.type}', // or 'smtp' or 'smtp-tls' (or 'file', to not send, but save to file (data/mails/)) + 'address' => '${cfg.mail.address}', // Make sure 'bookings.example.com' matches the hosting domain when using type 'sendmail' - 'host' => '?', // for 'smtp' type only, otherwise remove or leave as is - 'user' => '?', // for 'smtp' type only, otherwise remove or leave as is - 'pw' => '?', // for 'smtp' type only, otherwise remove or leave as is + 'host' => '${cfg.mail.host}', // for 'smtp' type only, otherwise remove or leave as is + 'user' => '${cfg.mail.user}', // for 'smtp' type only, otherwise remove or leave as is + 'pw' => '${cfg.mail.password}', // for 'smtp' type only, otherwise remove or leave as is - 'port' => 'auto', // for 'smtp' type only, otherwise remove or leave as is - 'auth' => 'plain', // for 'smtp' type only, change this to 'login' if you have problems with SMTP authentication + 'port' => '${cfg.mail.port}', // for 'smtp' type only, otherwise remove or leave as is + 'auth' => '${cfg.mail.auth}', // for 'smtp' type only, change this to 'login' if you have problems with SMTP authentication ), 'i18n' => array( 'choice' => array( @@ -83,41 +85,20 @@ let init_ep3bs = pkgs.writeScriptBin "init_ep3bs" '' #!${pkgs.stdenv.shell} - mkdir /tmp - - #TODO: dont do this - rm -rf ${cfg.stateDir}/* - - echo "echoing name: $(whoami)" - echo "path of ep3bs: ${ep3-bs-pkg}" cp -r ${ep3-bs-pkg}/* ${cfg.stateDir} + chmod -R 0770 ${cfg.stateDir} mkdir ${cfg.stateDir}/vendor mkdir ${cfg.stateDir}/vendor/symfony - chmod -R 777 ${cfg.stateDir} - cd ${cfg.stateDir} ${pkgs.php81Packages.composer}/bin/composer install --ignore-platform-reqs - chmod -R 777 ${cfg.stateDir} - ${pkgs.php81Packages.composer}/bin/composer install --ignore-platform-reqs - cp ${cfg.stateDir}/config/init.php.dist ${cfg.stateDir}/config/init.php - echo "path of cfg file: ${configFile}" - cp -f ${configFile} ${cfg.stateDir}/config/autoload/local.php - + rm ${cfg.stateDir}/config/autoload/local.php.dist mv ${cfg.stateDir}/public/.htaccess_original ${cfg.stateDir}/public/.htaccess - ${pkgs.php81}/bin/php ${cfg.stateDir}/public/setup.php - #TODO: rm setup - rm ${cfg.stateDir}/data/cache/* - chmod -R 777 ${cfg.stateDir} - - if [ -d "${cfg.stateDir}" ]; then - echo "${cfg.stateDir} already exists. Not doing anything..." - exit 0 - fi + touch "${cfg.stateDir}/.is_initialized" ''; in { @@ -132,7 +113,13 @@ in user = mkOption { type = types.str; default = "ep3-bs"; - description = lib.mdDoc "User account under which ep3-bs runs."; + description = lib.mdDoc "User for ep3-bs."; + }; + + group = mkOption { + type = types.str; + default = "ep3-bs"; + description = lib.mdDoc "Group for ep3-bs."; }; extraConfig = mkOption { @@ -147,6 +134,56 @@ in description = lib.mdDoc "ep3-bs data directory."; }; + mail = mkOption { + description = "mail stuff"; + default = {}; + type = with types; submodule { + options = { + type = mkOption { + type = types.enum [ "smtp" "smtp-tls" "sendmail" "file" ]; + default = "sendmail"; + description = lib.mdDoc '' + The way mails are send. + When set to smtp or smtp-tls it is necessary to set: + host, user, password, port and auth." + ''; + }; + + address = mkOption { + type = types.str; + default = ""; + description = lib.mDoc "Address to send mails from."; + }; + + host = mkOption { + type = types.str; + default = "?"; + }; + + user = mkOption { + type = types.str; + default = "?"; + }; + + password = mkOption { + type = types.str; + default = "?"; + }; + + port = mkOption { + type = types.str; + default = "auto"; + }; + + auth = mkOption { + type = types.enum [ "plain" "login" ]; + default = "plain"; + }; + + }; + }; + }; + database = { host = mkOption { type = types.str; @@ -154,17 +191,6 @@ in description = lib.mdDoc "Database host address."; }; - #port = mkOption { - # type = types.port; - # default = if !usePostgresql then 3306 else pg.port; - # defaultText = literalExpression '' - # if config.${opt.database.type} != "postgresql" - # then 3306 - # else config.${options.services.postgresql.port} - # ''; - # description = lib.mdDoc "Database host port."; - #}; - name = mkOption { type = types.str; default = "ep3bsdb"; @@ -206,37 +232,51 @@ in }; }; - imports = [ - { - environment.systemPackages = with pkgs; [ - php81 - php81Packages.composer - php81Extensions.intl - git - ]; - - networking.firewall.allowedTCPPorts = [ 80 ]; - } - ]; - config = mkIf cfg.enable { - #TODO: do some shit in prestart -> set everything up - #start apache with document root pointing towards - systemd.tmpfiles.rules = [ - "d '${cfg.stateDir}' 777 ${cfg.user} ep3-bs - -" - "d '${cfg.stateDir}/config' 777 ${cfg.user} ep3-bs - -" - "d '${cfg.stateDir}/config/autoload' 777 ${cfg.user} ep3-bs - -" - "d '${cfg.stateDir}/vendor' 777 ${cfg.user} ep3-bs - -" - "d '${cfg.stateDir}/vendor/symfony' 777 ${cfg.user} ep3-bs - -" - "Z '${cfg.stateDir}' 777 ${cfg.user} ep3-bs - -" + + environment.systemPackages = with pkgs; [ + php81 + php81Packages.composer + php81Extensions.intl + git + ]; + + networking.firewall.allowedTCPPorts = [ 80 ]; + + assertions = [ + { + assertion = !(cfg.mail.type != "file" && cfg.mail.address == ""); + message = '' + You need to specify mail.address. + If you dont want to send email set mail.type to "file". + ''; + } + { + assertion = if useSmtp then cfg.mail.host != "?" else true; + message = '' + You need to specify mail.host when using mail.type "smtp" or "smtp-tls". + ''; + } + { + assertion = if useSmtp then cfg.mail.user != "?" else true; + message = '' + You need to specify mail.user when using mail.type "smtp" or "smtp-tls". + ''; + } + { + assertion = if useSmtp then cfg.mail.password != "?" else true; + message = '' + You need to specify mail.password when using mail.type "smtp" or "smtp-tls". + ''; + } ]; services.httpd = { enable = mkDefault true; user = mkDefault "${cfg.user}"; enablePHP = true; - phpPackage = pkgs.php81; + phpPackage = mkDefault pkgs.php81; adminAddr = mkDefault "alice@example.org"; extraModules = [ "rewrite" @@ -261,7 +301,6 @@ in enable = mkDefault true; package = mkDefault pkgs.mariadb; - #GRANT ALL PRIVILEGES ON DATABASE ${cfg.database.name} TO '${cfg.database.user}'@'localhost'; initialScript = pkgs.writeText "mysqlInitScript" '' CREATE USER '${cfg.database.user}'@localhost IDENTIFIED BY '${cfg.database.password}'; CREATE DATABASE ${cfg.database.name}; @@ -277,67 +316,42 @@ in #]; }; - systemd.services.ep3-bs = { - description = "ep3-bs"; - after = [ "network.target" "mysql.service" ]; + systemd.services.ep3-bs-init = { + description = "Initialize ep3-bs Data Directory"; + after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - #TODO: here somehow the ep3-bs package should be listed? - path = [ ]; + preStart = '' + mkdir -m 0770 -p "${cfg.stateDir}" + chown "${cfg.user}:${cfg.group}" "${cfg.stateDir}" + ''; + + unitConfig.ConditionPathExists = "!${cfg.stateDir}/.is_initialized"; serviceConfig = { Type = "oneshot"; - User = "root"; - Group = "ep3-bs"; - WorkingDirectory = cfg.stateDir; + User = cfg.user; + Group = cfg.group; + PermissionsStartOnly = true; + PrivateNetwork = false; + PrivateDevices = false; + PrivateTmp = true; ExecStart = "${init_ep3bs}/bin/init_ep3bs"; - # Runtime directory and mode - RuntimeDirectory = "ep3-bs"; - RuntimeDirectoryMode = "0755"; - # Access write directories - ReadWritePaths = [ cfg.stateDir ]; - UMask = "777"; - # Capabilities - #CapabilityBoundingSet = ""; - ## Security - #NoNewPrivileges = true; - ## Sandboxing - #ProtectSystem = "strict"; - #ProtectHome = true; - #PrivateTmp = true; - #PrivateDevices = true; - #PrivateUsers = true; - #ProtectHostname = true; - #ProtectClock = true; - #ProtectKernelTunables = true; - #ProtectKernelModules = true; - #ProtectKernelLogs = true; - #ProtectControlGroups = true; - #RestrictAddressFamilies = [ "AF_UNIX AF_INET AF_INET6" ]; - #LockPersonality = true; - #MemoryDenyWriteExecute = true; - #RestrictRealtime = true; - #RestrictSUIDSGID = true; - #PrivateMounts = true; - ## System Call Filtering - #SystemCallArchitectures = "native"; - #SystemCallFilter = "~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap"; }; environment = { USER = cfg.user; HOME = cfg.stateDir; - EP3-BS_WORK_DIR = cfg.stateDir; }; }; + users.users = mkIf (cfg.user == "ep3-bs") { ep3-bs = { - description = "ep3-bs Service"; + description = "ep3-bs Service User"; home = cfg.stateDir; - useDefaultShell = true; group = "ep3-bs"; - isSystemUser = true; + isNormalUser = true; }; };