kalipso/ep3-bs.nix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add WIP module

Browse Source
This commit is contained in:
kalipso
2023-03-20 01:12:11 +01:00
parent 826132e866
commit 5feae91463
4 changed files with 445 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

345
ep3-bs.nix Normal file
View File

@@ -0,0 +1,345 @@
{ config, lib, options, pkgs, ... }:
with lib;
let
cfg = config.services.ep3-bs;
ep3-bs-pkg =
with pkgs;
stdenv.mkDerivation {
name = "ep3-bs";
src = fetchFromGitHub {
owner = "tkrebs";
repo = "ep3-bs";
rev = "1.8.1";
sha256 = "sha256-mcuFgi1ebawaAyuEREsC9jdIqGA0BeMabqwiVcXsKSY=";
};
installPhase = ''
runHook preInstall
mkdir -p $out/
cp -R . $out/
runHook postInstall
'';
};
nixosModules.ep3-bs = import ./ep3-bs.nix {
ep3-bs-pkg = self.packages.x86_64-linux.ep3-bs;
};
configFile = pkgs.writeText "local.php" ''
<?php
/**
* Local application configuration
*
* Insert your local database credentials here
* and provide the email address the system should use.
*/
return array(
'db' => array(
'database' => '${cfg.database.name}',
'username' => '${cfg.database.user}',
'password' => '${cfg.database.password}',
'hostname' => 'localhost',
'port' => null,
),
'mail' => array(
'type' => 'sendmail', // or 'smtp' or 'smtp-tls' (or 'file', to not send, but save to file (data/mails/))
'address' => 'info@test.de',
// Make sure 'bookings.example.com' matches the hosting domain when using type 'sendmail'
'host' => '?', // for 'smtp' type only, otherwise remove or leave as is
'user' => '?', // for 'smtp' type only, otherwise remove or leave as is
'pw' => '?', // for 'smtp' type only, otherwise remove or leave as is
'port' => 'auto', // for 'smtp' type only, otherwise remove or leave as is
'auth' => 'plain', // for 'smtp' type only, change this to 'login' if you have problems with SMTP authentication
),
'i18n' => array(
'choice' => array(
'en-US' => 'English',
'de-DE' => 'Deutsch',
// More possible languages:
// 'fr-FR' => 'Français',
// 'hu-HU' => 'Magyar',
),
'currency' => 'EUR',
// The language is usually detected from the user's web browser.
// If it cannot be detected automatically and there is no cookie from a manual language selection,
// the following locale will be used as the default "fallback":
'locale' => 'de-DE',
),
);
'';
init_ep3bs = pkgs.writeScriptBin "init_ep3bs" ''
#!${pkgs.stdenv.shell}
mkdir /tmp
#TODO: dont do this
rm -rf ${cfg.stateDir}/*
echo "echoing name: $(whoami)"
echo "path of ep3bs: ${ep3-bs-pkg}"
cp -r ${ep3-bs-pkg}/* ${cfg.stateDir}
mkdir ${cfg.stateDir}/vendor
mkdir ${cfg.stateDir}/vendor/symfony
chmod -R 777 ${cfg.stateDir}
cd ${cfg.stateDir}
${pkgs.php81Packages.composer}/bin/composer install --ignore-platform-reqs
chmod -R 777 ${cfg.stateDir}
${pkgs.php81Packages.composer}/bin/composer install --ignore-platform-reqs
cp ${cfg.stateDir}/config/init.php.dist ${cfg.stateDir}/config/init.php
echo "path of cfg file: ${configFile}"
cp -f ${configFile} ${cfg.stateDir}/config/autoload/local.php
mv ${cfg.stateDir}/public/.htaccess_original ${cfg.stateDir}/public/.htaccess
${pkgs.php81}/bin/php ${cfg.stateDir}/public/setup.php
#TODO: rm setup
rm ${cfg.stateDir}/data/cache/*
chmod -R 777 ${cfg.stateDir}
if [ -d "${cfg.stateDir}" ]; then
echo "${cfg.stateDir} already exists. Not doing anything..."
exit 0
fi
'';
in
{
options = {
services.ep3-bs = {
enable = mkOption {
default = false;
type = types.bool;
description = lib.mdDoc "Enable ep3-bs Service.";
};
user = mkOption {
type = types.str;
default = "ep3-bs";
description = lib.mdDoc "User account under which ep3-bs runs.";
};
extraConfig = mkOption {
type = with types; nullOr str;
default = null;
description = lib.mdDoc "Configuration lines appended to the generated gitea configuration file.";
};
stateDir = mkOption {
default = "/var/lib/ep3-bs";
type = types.str;
description = lib.mdDoc "ep3-bs data directory.";
};
database = {
host = mkOption {
type = types.str;
default = "127.0.0.1";
description = lib.mdDoc "Database host address.";
};
#port = mkOption {
# type = types.port;
# default = if !usePostgresql then 3306 else pg.port;
# defaultText = literalExpression ''
# if config.${opt.database.type} != "postgresql"
# then 3306
# else config.${options.services.postgresql.port}
# '';
# description = lib.mdDoc "Database host port.";
#};
name = mkOption {
type = types.str;
default = "ep3bs";
description = lib.mdDoc "Database name.";
};
user = mkOption {
type = types.str;
default = "ep3bs";
description = lib.mdDoc "Database user.";
};
password = mkOption {
type = types.str;
default = "";
description = lib.mdDoc ''
The password corresponding to {option}`database.user`.
Warning: this is stored in cleartext in the Nix store!
Use {option}`database.passwordFile` instead.
'';
};
passwordFile = mkOption {
type = types.nullOr types.path;
default = null;
example = "/run/keys/gitea-dbpassword";
description = lib.mdDoc ''
A file containing the password corresponding to
{option}`database.user`.
'';
};
createDatabase = mkOption {
type = types.bool;
default = true;
description = lib.mdDoc "Whether to create a local database automatically.";
};
};
};
};
imports = [
{
environment.systemPackages = with pkgs; [
php81
php81Packages.composer
php81Extensions.intl
git
];
networking.firewall.allowedTCPPorts = [ 80 ];
}
];
config = mkIf cfg.enable
{
#TODO: do some shit in prestart -> set everything up
#start apache with document root pointing towards
systemd.tmpfiles.rules = [
"d '${cfg.stateDir}' 777 ${cfg.user} ep3-bs - -"
"d '${cfg.stateDir}/config' 777 ${cfg.user} ep3-bs - -"
"d '${cfg.stateDir}/config/autoload' 777 ${cfg.user} ep3-bs - -"
"d '${cfg.stateDir}/vendor' 777 ${cfg.user} ep3-bs - -"
"d '${cfg.stateDir}/vendor/symfony' 777 ${cfg.user} ep3-bs - -"
#"z '${cfg.stateDir}' 777 ${cfg.user} ep3-bs - -"
"Z '${cfg.stateDir}' 777 ${cfg.user} ep3-bs - -"
];
services.httpd = {
enable = mkDefault true;
user = mkDefault "${cfg.user}";
enablePHP = true;
phpPackage = pkgs.php81;
adminAddr = mkDefault "alice@example.org";
extraModules = [
"rewrite"
];
virtualHosts.localhost = {
documentRoot = mkDefault "${cfg.stateDir}";
extraConfig = ''
<Directory ${cfg.stateDir}/>
DirectoryIndex index.php index.htm index.html
Allow from *
Options +FollowSymlinks
AllowOverride All
Require all granted
</Directory>
'';
};
};
services.mysql = {
enable = mkDefault true;
package = mkDefault pkgs.mariadb;
initialScript = let
mysqlInitScript = pkgs.writeText "mysqlInitScript" ''
CREATE USER '${cfg.database.user}'@'localhost' IDENTIFIED BY '${cfg.database.password}';
'';
in "${mysqlInitScript}";
ensureDatabases = [ cfg.database.name ];
ensureUsers = [
{ name = cfg.database.user;
ensurePermissions = { "${cfg.database.name}.*" = "ALL PRIVILEGES"; };
}
];
};
systemd.services.ep3-bs = {
description = "ep3-bs";
after = [ "network.target" "mysql.service" ];
wantedBy = [ "multi-user.target" ];
#TODO: here somehow the ep3-bs package should be listed?
path = [ ];
serviceConfig = {
Type = "oneshot";
User = "root";
Group = "ep3-bs";
WorkingDirectory = cfg.stateDir;
ExecStart = "${init_ep3bs}/bin/init_ep3bs";
# Runtime directory and mode
RuntimeDirectory = "ep3-bs";
RuntimeDirectoryMode = "0755";
# Access write directories
ReadWritePaths = [ cfg.stateDir ];
UMask = "777";
# Capabilities
#CapabilityBoundingSet = "";
## Security
#NoNewPrivileges = true;
## Sandboxing
#ProtectSystem = "strict";
#ProtectHome = true;
#PrivateTmp = true;
#PrivateDevices = true;
#PrivateUsers = true;
#ProtectHostname = true;
#ProtectClock = true;
#ProtectKernelTunables = true;
#ProtectKernelModules = true;
#ProtectKernelLogs = true;
#ProtectControlGroups = true;
#RestrictAddressFamilies = [ "AF_UNIX AF_INET AF_INET6" ];
#LockPersonality = true;
#MemoryDenyWriteExecute = true;
#RestrictRealtime = true;
#RestrictSUIDSGID = true;
#PrivateMounts = true;
## System Call Filtering
#SystemCallArchitectures = "native";
#SystemCallFilter = "~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap";
};
environment = {
USER = cfg.user;
HOME = cfg.stateDir;
EP3-BS_WORK_DIR = cfg.stateDir;
};
};
users.users = mkIf (cfg.user == "ep3-bs") {
ep3-bs = {
description = "ep3-bs Service";
home = cfg.stateDir;
useDefaultShell = true;
group = "ep3-bs";
isSystemUser = true;
};
};
users.groups.ep3-bs = {};
};
}

34
ep3-bs_pkg.nix Normal file
View File

@@ -0,0 +1,34 @@
{ config, lib, pkgs, ... }:
stdenv.mkDerivation rec {
pname = "ep3-bs";
src = fetchFromGitHub {
owner = "tkrebs";
repo = "ep3-bs";
rev = "1.8.1";
sha256 = "sha256-UqlUhzkt1Xj/LHw9LrJqQ5ldg+Mib1gMUlwG9cBWeBI=";
};
patches = [];
#passthru.tests = nixosTests.nextcloud;
#installPhase = ''
# runHook preInstall
# mkdir -p $out/
# cp -R . $out/
# runHook postInstall
#'';
#meta = with lib; {
# changelog = "https://nextcloud.com/changelog/#${lib.replaceStrings [ "." ] [ "-" ] version}";
# description = "Sharing solution for files, calendars, contacts and more";
# homepage = "https://nextcloud.com";
# maintainers = with maintainers; [ schneefux bachp globin ma27 ];
# license = licenses.agpl3Plus;
# platforms = with platforms; unix;
# knownVulnerabilities = extraVulnerabilities
# ++ (optional eol "Nextcloud version ${version} is EOL");
#};
};

25
flake.lock generated Normal file
View File

@@ -0,0 +1,25 @@
{
"nodes": {
"nixpkgs": {
"locked": {
"lastModified": 1679198465,
"narHash": "sha256-VfXpHpniNWgg7pBzxb20pRX7kqn80LApPDQYTReiFCw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5a05160f7671434e1c833b1b01284b876e04eca4",
"type": "github"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
}
},
"root": {
"inputs": {
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

44
flake.nix
View File

@@ -1,11 +1,49 @@
{ {
description = "A very basic flake"; description = "A very basic flake";
outputs = { self, nixpkgs }: { outputs = { self, nixpkgs }:
{
packages.x86_64-linux.hello = nixpkgs.legacyPackages.x86_64-linux.hello; packages.x86_64-linux.ep3-bs =
with import nixpkgs { system = "x86_64-linux"; };
stdenv.mkDerivation {
name = "ep3-bs";
packages.x86_64-linux.default = self.packages.x86_64-linux.hello; src = fetchFromGitHub {
owner = "tkrebs";
repo = "ep3-bs";
rev = "1.8.1";
sha256 = "sha256-mcuFgi1ebawaAyuEREsC9jdIqGA0BeMabqwiVcXsKSY=";
};
installPhase = ''
runHook preInstall
mkdir -p $out/
cp -R . $out/
runHook postInstall
'';
};
nixosModules.ep3-bs = import ./ep3-bs.nix;
nixosConfigurations.test = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
./ep3-bs.nix
{
services.ep3-bs.enable = true;
services.ep3-bs.database.password = "testPassword1234";
users.users.test = {
isNormalUser = true;
extraGroups = [ "wheel" ];
initialPassword = "test";
};
}
];
};
#packages.x86_64-linux.default = self.packages.x86_64-linux.hello;
}; };
} }