Compare commits
2 Commits
5ea5fa2f15
...
a4128e9603
| Author | SHA1 | Date | |
|---|---|---|---|
| a4128e9603 | |||
| 2ddc2856f9 |
71
ep3-bs.nix
71
ep3-bs.nix
@@ -1,6 +1,7 @@
|
||||
{ config, lib, options, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.ep3-bs;
|
||||
@@ -27,6 +28,13 @@ let
|
||||
|
||||
};
|
||||
|
||||
dbInitScript = pkgs.writeText "ep3bsnixInitScript.sql" ''
|
||||
CREATE USER '${cfg.database.user}'@localhost IDENTIFIED BY '%%PASSWORD_DB%%';
|
||||
CREATE DATABASE ${cfg.database.name};
|
||||
GRANT ALL PRIVILEGES ON *.* TO '${cfg.database.user}'@localhost IDENTIFIED BY '%%PASSWORD_DB%%';
|
||||
FLUSH PRIVILEGES;
|
||||
'';
|
||||
|
||||
configFile = pkgs.writeText "local.php" ''
|
||||
<?php
|
||||
/**
|
||||
@@ -40,7 +48,7 @@ let
|
||||
'db' => array(
|
||||
'database' => '${cfg.database.name}',
|
||||
'username' => '${cfg.database.user}',
|
||||
'password' => '${cfg.database.password}',
|
||||
'password' => '%%PASSWORD_DB%%',
|
||||
|
||||
'hostname' => 'localhost',
|
||||
'port' => null,
|
||||
@@ -52,7 +60,7 @@ let
|
||||
|
||||
'host' => '${cfg.mail.host}', // for 'smtp' type only, otherwise remove or leave as is
|
||||
'user' => '${cfg.mail.user}', // for 'smtp' type only, otherwise remove or leave as is
|
||||
'pw' => '${cfg.mail.password}', // for 'smtp' type only, otherwise remove or leave as is
|
||||
'pw' => '%%PASSWORD_MAIL%%', // for 'smtp' type only, otherwise remove or leave as is
|
||||
|
||||
'port' => '${cfg.mail.port}', // for 'smtp' type only, otherwise remove or leave as is
|
||||
'auth' => '${cfg.mail.auth}', // for 'smtp' type only, change this to 'login' if you have problems with SMTP authentication
|
||||
@@ -90,6 +98,15 @@ let
|
||||
rm ${cfg.stateDir}/config/autoload/local.php.dist
|
||||
rm ${cfg.stateDir}/data/cache/*
|
||||
|
||||
cp -f ${dbInitScript} ${cfg.stateDir}/dbInitScript.sql
|
||||
sed -i s/%%PASSWORD_DB%%/$(cat ${cfg.database.passwordFile})/ ${cfg.stateDir}/dbInitScript.sql
|
||||
|
||||
cat ${cfg.stateDir}/dbInitScript.sql | ${config.services.mysql.package}/bin/mysql -u root -N
|
||||
rm ${cfg.stateDir}/dbInitScript.sql
|
||||
|
||||
chmod -R 0770 ${cfg.stateDir}
|
||||
chown -R ${cfg.user} ${cfg.stateDir}
|
||||
|
||||
touch "${cfg.stateDir}/.is_initialized"
|
||||
'';
|
||||
|
||||
@@ -100,8 +117,15 @@ let
|
||||
${pkgs.php81Packages.composer}/bin/composer install --ignore-platform-reqs
|
||||
cp ${cfg.favicon} ${cfg.stateDir}/public/imgs-client/icons/fav.ico
|
||||
cp ${cfg.logo} ${cfg.stateDir}/public/imgs-client/layout/logo.png
|
||||
|
||||
cp -f ${configFile} ${cfg.stateDir}/config/autoload/local.php
|
||||
|
||||
sed -i s/%%PASSWORD_DB%%/$(cat ${cfg.database.passwordFile})/ ${cfg.stateDir}/config/autoload/local.php
|
||||
|
||||
if test -e ${cfg.mail.passwordFile}; then
|
||||
sed -i s/%%PASSWORD_MAIL%%/$(cat ${cfg.mail.passwordFile})/ ${cfg.stateDir}/config/autoload/local.php
|
||||
fi
|
||||
|
||||
if "${if cfg.in_production == true then "true" else "false"}"
|
||||
then
|
||||
rm ${cfg.stateDir}/public/setup.php
|
||||
@@ -220,9 +244,14 @@ in
|
||||
default = "?";
|
||||
};
|
||||
|
||||
password = mkOption {
|
||||
passwordFile = mkOption {
|
||||
type = types.str;
|
||||
default = "?";
|
||||
default = "";
|
||||
example = "/run/keys/mail-passwd";
|
||||
description = lib.mdDoc ''
|
||||
A file containing the password corresponding to
|
||||
{option}`mail.user`.
|
||||
'';
|
||||
};
|
||||
|
||||
port = mkOption {
|
||||
@@ -258,16 +287,6 @@ in
|
||||
description = lib.mdDoc "Database user.";
|
||||
};
|
||||
|
||||
password = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = lib.mdDoc ''
|
||||
The password corresponding to {option}`database.user`.
|
||||
Warning: this is stored in cleartext in the Nix store!
|
||||
Use {option}`database.passwordFile` instead.
|
||||
'';
|
||||
};
|
||||
|
||||
passwordFile = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
@@ -320,7 +339,7 @@ in
|
||||
'';
|
||||
}
|
||||
{
|
||||
assertion = if useSmtp then cfg.mail.password != "?" else true;
|
||||
assertion = if useSmtp then cfg.mail.passwordFile != "" else true;
|
||||
message = ''
|
||||
You need to specify mail.password when using mail.type "smtp" or "smtp-tls".
|
||||
'';
|
||||
@@ -354,25 +373,11 @@ in
|
||||
services.mysql = mkIf (cfg.database.createDatabase == true) {
|
||||
enable = mkDefault true;
|
||||
package = mkDefault pkgs.mariadb;
|
||||
|
||||
initialScript = pkgs.writeText "mysqlInitScript" ''
|
||||
CREATE USER '${cfg.database.user}'@localhost IDENTIFIED BY '${cfg.database.password}';
|
||||
CREATE DATABASE ${cfg.database.name};
|
||||
GRANT ALL PRIVILEGES ON *.* TO '${cfg.database.user}'@localhost IDENTIFIED BY '${cfg.database.password}';
|
||||
FLUSH PRIVILEGES;
|
||||
'';
|
||||
|
||||
ensureDatabases = [ cfg.database.name ];
|
||||
ensureUsers = [
|
||||
{ name = cfg.database.user;
|
||||
ensurePermissions = { "${cfg.database.name}.*" = "ALL PRIVILEGES"; };
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
systemd.services.ep3-bs-init = {
|
||||
description = "Initialize ep3-bs Data Directory";
|
||||
after = [ "network.target" ];
|
||||
after = [ "network.target" "mysql.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
preStart = ''
|
||||
@@ -384,7 +389,7 @@ in
|
||||
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
User = cfg.user;
|
||||
User = "root";
|
||||
Group = cfg.group;
|
||||
PermissionsStartOnly = true;
|
||||
PrivateNetwork = false;
|
||||
|
||||
32
flake.lock
generated
32
flake.lock
generated
@@ -2,11 +2,11 @@
|
||||
"nodes": {
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1679319606,
|
||||
"narHash": "sha256-wyEMIZB6BnsmJWInEgDZu66hXVMGJEZFl5uDsn27f9M=",
|
||||
"lastModified": 1694948089,
|
||||
"narHash": "sha256-d2B282GmQ9o8klc22/Rbbbj6r99EnELQpOQjWMyv0rU=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "8bc6945b1224a1cfa679d6801580b1054dba1a5c",
|
||||
"rev": "5148520bfab61f99fd25fb9ff7bfbb50dad3c9db",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -20,13 +20,31 @@
|
||||
"utils": "utils"
|
||||
}
|
||||
},
|
||||
"utils": {
|
||||
"systems": {
|
||||
"locked": {
|
||||
"lastModified": 1678901627,
|
||||
"narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=",
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"utils": {
|
||||
"inputs": {
|
||||
"systems": "systems"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1694529238,
|
||||
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6",
|
||||
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
||||
@@ -23,14 +23,15 @@
|
||||
services.ep3-bs.enable = true;
|
||||
services.ep3-bs.mail.address = "test@test.de";
|
||||
services.ep3-bs.database.user = "testuser3";
|
||||
services.ep3-bs.database.password = "testPassword1234";
|
||||
services.ep3-bs.database.passwordFile = "/var/lib/db.txt";
|
||||
services.ep3-bs.mail.passwordFile = "/var/lib/mail.txt";
|
||||
users.users.test = {
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "wheel" ];
|
||||
initialPassword = "test";
|
||||
};
|
||||
|
||||
virtualisation.vmVariant.virtualisation.graphics = true;
|
||||
virtualisation.vmVariant.virtualisation.graphics = false;
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user