kalipso/ep3-bs.nix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: kalipso:d9d82ecb3359238ad947d08f42460ab8f290facd
Branches Tags
kalipso:master kalipso:passwordFile
...
compare: kalipso:passwordFile
Branches Tags
kalipso:master kalipso:passwordFile

7 Commits
d9d82ecb33 ... passwordFi

Author SHA1 Message Date
kalipso
a4128e9603 dont store passwords in /nix/store anymore 2024-06-26 11:56:07 +02:00
kalipso
2ddc2856f9 WIP password -> passwordFile 2024-06-24 20:31:49 +02:00
kalipso
5ea5fa2f15 update flake description 2024-01-26 15:10:26 +01:00
kalipso
2228675fa2 add MIT license 2024-01-26 15:10:19 +01:00
kalipso
a2678c9b39 update readme 2024-01-26 15:00:18 +01:00
kalipso
083b2062e6 rm ep3-bs_pkg 2024-01-06 00:23:44 +01:00
kalipso
60f5759374 add gitignore 2023-11-01 14:18:25 +01:00
7 changed files with 100 additions and 127 deletions
Expand all files Collapse all files

3
.gitignore vendored Normal file
View File

@@ -0,0 +1,3 @@
*.qcow2
result
*.bak

21
LICENSE Normal file
View File

@@ -0,0 +1,21 @@
Copyright (c) 2003-2023 Eelco Dolstra and the Nixpkgs/NixOS contributors
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

32
README.md
View File

@@ -2,34 +2,22 @@
This flake aims to provide a nixosModule that handles running an [ep3-bs](https://bs.hbsys.de/) instance. This flake aims to provide a nixosModule that handles running an [ep3-bs](https://bs.hbsys.de/) instance.
## What does it look like? ## Usage
Here is a minimal configuration: Here is a minimal configuration:
``` nix ``` nix
{ {
services.ep3-bs.enable = true; services.ep3-bs = {
services.ep3-bs.mail.address = "test@test.de"; enable = true;
mail.address = "test@test.de";
database.user = "testuser3";
database.password = "testPassword1234"; #TODO: should be set as file
in_production = false;
};
} }
``` ```
Now you can access ep3-bs using your browser. You will be guided through the database setup in the frontend. Afterwards you have to manually delete the ```setup.php```. This only has to be done once on the initial setup. Now you can access ep3-bs using your browser. You will be guided through the database setup in the frontend. When you are done set ```service.ep3-bs.in_production = true``` and rebuild your machine.
It can be done as root with: If there is a better solution where you dont have to toggle the in_production variable, please let me know.
``` shell
rm /var/lib/ep3-bs/public/setup.php
```
If there is a better solution using nix, please let me know.
## Installation
### Using flakes
Add ep3-bs as input:
``` nix
{
# ...
inputs.ep3-bs.url = github:kalipso/ep3-bs.nix;
}
```

74
ep3-bs.nix
View File

@@ -1,12 +1,12 @@
{ config, lib, options, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
with lib;
let let
cfg = config.services.ep3-bs; cfg = config.services.ep3-bs;
useSmtp = cfg.mail.type == "smtp" || cfg.mail.type == "smtp-tls"; useSmtp = cfg.mail.type == "smtp" || cfg.mail.type == "smtp-tls";
ep3-bs-pkg = ep3-bs-pkg =
with pkgs; with pkgs;
stdenv.mkDerivation { stdenv.mkDerivation {
@@ -28,9 +28,12 @@ let
}; };
nixosModules.ep3-bs = import ./ep3-bs.nix { dbInitScript = pkgs.writeText "ep3bsnixInitScript.sql" ''
ep3-bs-pkg = self.packages.x86_64-linux.ep3-bs; CREATE USER '${cfg.database.user}'@localhost IDENTIFIED BY '%%PASSWORD_DB%%';
}; CREATE DATABASE ${cfg.database.name};
GRANT ALL PRIVILEGES ON *.* TO '${cfg.database.user}'@localhost IDENTIFIED BY '%%PASSWORD_DB%%';
FLUSH PRIVILEGES;
'';
configFile = pkgs.writeText "local.php" '' configFile = pkgs.writeText "local.php" ''
<?php <?php
@@ -45,7 +48,7 @@ let
'db' => array( 'db' => array(
'database' => '${cfg.database.name}', 'database' => '${cfg.database.name}',
'username' => '${cfg.database.user}', 'username' => '${cfg.database.user}',
'password' => '${cfg.database.password}', 'password' => '%%PASSWORD_DB%%',
'hostname' => 'localhost', 'hostname' => 'localhost',
'port' => null, 'port' => null,
@@ -57,7 +60,7 @@ let
'host' => '${cfg.mail.host}', // for 'smtp' type only, otherwise remove or leave as is 'host' => '${cfg.mail.host}', // for 'smtp' type only, otherwise remove or leave as is
'user' => '${cfg.mail.user}', // for 'smtp' type only, otherwise remove or leave as is 'user' => '${cfg.mail.user}', // for 'smtp' type only, otherwise remove or leave as is
'pw' => '${cfg.mail.password}', // for 'smtp' type only, otherwise remove or leave as is 'pw' => '%%PASSWORD_MAIL%%', // for 'smtp' type only, otherwise remove or leave as is
'port' => '${cfg.mail.port}', // for 'smtp' type only, otherwise remove or leave as is 'port' => '${cfg.mail.port}', // for 'smtp' type only, otherwise remove or leave as is
'auth' => '${cfg.mail.auth}', // for 'smtp' type only, change this to 'login' if you have problems with SMTP authentication 'auth' => '${cfg.mail.auth}', // for 'smtp' type only, change this to 'login' if you have problems with SMTP authentication
@@ -95,6 +98,15 @@ let
rm ${cfg.stateDir}/config/autoload/local.php.dist rm ${cfg.stateDir}/config/autoload/local.php.dist
rm ${cfg.stateDir}/data/cache/* rm ${cfg.stateDir}/data/cache/*
cp -f ${dbInitScript} ${cfg.stateDir}/dbInitScript.sql
sed -i s/%%PASSWORD_DB%%/$(cat ${cfg.database.passwordFile})/ ${cfg.stateDir}/dbInitScript.sql
cat ${cfg.stateDir}/dbInitScript.sql | ${config.services.mysql.package}/bin/mysql -u root -N
rm ${cfg.stateDir}/dbInitScript.sql
chmod -R 0770 ${cfg.stateDir}
chown -R ${cfg.user} ${cfg.stateDir}
touch "${cfg.stateDir}/.is_initialized" touch "${cfg.stateDir}/.is_initialized"
''; '';
@@ -105,8 +117,15 @@ let
${pkgs.php81Packages.composer}/bin/composer install --ignore-platform-reqs ${pkgs.php81Packages.composer}/bin/composer install --ignore-platform-reqs
cp ${cfg.favicon} ${cfg.stateDir}/public/imgs-client/icons/fav.ico cp ${cfg.favicon} ${cfg.stateDir}/public/imgs-client/icons/fav.ico
cp ${cfg.logo} ${cfg.stateDir}/public/imgs-client/layout/logo.png cp ${cfg.logo} ${cfg.stateDir}/public/imgs-client/layout/logo.png
cp -f ${configFile} ${cfg.stateDir}/config/autoload/local.php cp -f ${configFile} ${cfg.stateDir}/config/autoload/local.php
sed -i s/%%PASSWORD_DB%%/$(cat ${cfg.database.passwordFile})/ ${cfg.stateDir}/config/autoload/local.php
if test -e ${cfg.mail.passwordFile}; then
sed -i s/%%PASSWORD_MAIL%%/$(cat ${cfg.mail.passwordFile})/ ${cfg.stateDir}/config/autoload/local.php
fi
if "${if cfg.in_production == true then "true" else "false"}" if "${if cfg.in_production == true then "true" else "false"}"
then then
rm ${cfg.stateDir}/public/setup.php rm ${cfg.stateDir}/public/setup.php
@@ -225,9 +244,14 @@ in
default = "?"; default = "?";
}; };
password = mkOption { passwordFile = mkOption {
type = types.str; type = types.str;
default = "?"; default = "";
example = "/run/keys/mail-passwd";
description = lib.mdDoc ''
A file containing the password corresponding to
{option}`mail.user`.
'';
}; };
port = mkOption { port = mkOption {
@@ -263,16 +287,6 @@ in
description = lib.mdDoc "Database user."; description = lib.mdDoc "Database user.";
}; };
password = mkOption {
type = types.str;
default = "";
description = lib.mdDoc ''
The password corresponding to {option}`database.user`.
Warning: this is stored in cleartext in the Nix store!
Use {option}`database.passwordFile` instead.
'';
};
passwordFile = mkOption { passwordFile = mkOption {
type = types.nullOr types.path; type = types.nullOr types.path;
default = null; default = null;
@@ -325,7 +339,7 @@ in
''; '';
} }
{ {
assertion = if useSmtp then cfg.mail.password != "?" else true; assertion = if useSmtp then cfg.mail.passwordFile != "" else true;
message = '' message = ''
You need to specify mail.password when using mail.type "smtp" or "smtp-tls". You need to specify mail.password when using mail.type "smtp" or "smtp-tls".
''; '';
@@ -359,25 +373,11 @@ in
services.mysql = mkIf (cfg.database.createDatabase == true) { services.mysql = mkIf (cfg.database.createDatabase == true) {
enable = mkDefault true; enable = mkDefault true;
package = mkDefault pkgs.mariadb; package = mkDefault pkgs.mariadb;
initialScript = pkgs.writeText "mysqlInitScript" ''
CREATE USER '${cfg.database.user}'@localhost IDENTIFIED BY '${cfg.database.password}';
CREATE DATABASE ${cfg.database.name};
GRANT ALL PRIVILEGES ON *.* TO '${cfg.database.user}'@localhost IDENTIFIED BY '${cfg.database.password}';
FLUSH PRIVILEGES;
'';
ensureDatabases = [ cfg.database.name ];
ensureUsers = [
{ name = cfg.database.user;
ensurePermissions = { "${cfg.database.name}.*" = "ALL PRIVILEGES"; };
}
];
}; };
systemd.services.ep3-bs-init = { systemd.services.ep3-bs-init = {
description = "Initialize ep3-bs Data Directory"; description = "Initialize ep3-bs Data Directory";
after = [ "network.target" ]; after = [ "network.target" "mysql.service" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
preStart = '' preStart = ''
@@ -389,7 +389,7 @@ in
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
User = cfg.user; User = "root";
Group = cfg.group; Group = cfg.group;
PermissionsStartOnly = true; PermissionsStartOnly = true;
PrivateNetwork = false; PrivateNetwork = false;

34
ep3-bs_pkg.nix
View File

@@ -1,34 +0,0 @@
{ config, lib, pkgs, ... }:
stdenv.mkDerivation rec {
pname = "ep3-bs";
src = fetchFromGitHub {
owner = "tkrebs";
repo = "ep3-bs";
rev = "1.8.1";
sha256 = "sha256-UqlUhzkt1Xj/LHw9LrJqQ5ldg+Mib1gMUlwG9cBWeBI=";
};
patches = [];
#passthru.tests = nixosTests.nextcloud;
#installPhase = ''
# runHook preInstall
# mkdir -p $out/
# cp -R . $out/
# runHook postInstall
#'';
#meta = with lib; {
# changelog = "https://nextcloud.com/changelog/#${lib.replaceStrings [ "." ] [ "-" ] version}";
# description = "Sharing solution for files, calendars, contacts and more";
# homepage = "https://nextcloud.com";
# maintainers = with maintainers; [ schneefux bachp globin ma27 ];
# license = licenses.agpl3Plus;
# platforms = with platforms; unix;
# knownVulnerabilities = extraVulnerabilities
# ++ (optional eol "Nextcloud version ${version} is EOL");
#};
};

32
flake.lock generated
View File

@@ -2,11 +2,11 @@
"nodes": { "nodes": {
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1679319606, "lastModified": 1694948089,
"narHash": "sha256-wyEMIZB6BnsmJWInEgDZu66hXVMGJEZFl5uDsn27f9M=", "narHash": "sha256-d2B282GmQ9o8klc22/Rbbbj6r99EnELQpOQjWMyv0rU=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "8bc6945b1224a1cfa679d6801580b1054dba1a5c", "rev": "5148520bfab61f99fd25fb9ff7bfbb50dad3c9db",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -20,13 +20,31 @@
"utils": "utils" "utils": "utils"
} }
}, },
"utils": { "systems": {
"locked": { "locked": {
"lastModified": 1678901627, "lastModified": 1681028828,
"narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=", "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6", "rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github" "type": "github"
}, },
"original": { "original": {

31
flake.nix
View File

@@ -1,5 +1,5 @@
{ {
description = "A very basic flake"; description = "providing ep3-bs as nixosModule";
inputs.utils.url = "github:numtide/flake-utils"; inputs.utils.url = "github:numtide/flake-utils";
@@ -10,32 +10,8 @@
pkgs = nixpkgs.legacyPackages."${system}"; pkgs = nixpkgs.legacyPackages."${system}";
in in
{ {
devShells.default = pkgs.mkShell {
shellHook = ''
export QEMU_NET_OPTS="hostfwd=tcp::2221-:22,hostfwd=tcp::8080-:80"
'';
};
packages.ep3-bs = with pkgs; stdenv.mkDerivation {
name = "ep3-bs";
src = fetchFromGitHub {
owner = "tkrebs";
repo = "ep3-bs";
rev = "1.8.1";
sha256 = "sha256-mcuFgi1ebawaAyuEREsC9jdIqGA0BeMabqwiVcXsKSY=";
};
installPhase = ''
runHook preInstall
mkdir -p $out/
cp -R . $out/
runHook postInstall
'';
};
}) // { }) // {
nixosModules.ep3-bs = import ./ep3-bs.nix; nixosModules.ep3-bs = import ./ep3-bs.nix;
nixosConfigurations.test = nixpkgs.lib.nixosSystem { nixosConfigurations.test = nixpkgs.lib.nixosSystem {
@@ -47,14 +23,15 @@
services.ep3-bs.enable = true; services.ep3-bs.enable = true;
services.ep3-bs.mail.address = "test@test.de"; services.ep3-bs.mail.address = "test@test.de";
services.ep3-bs.database.user = "testuser3"; services.ep3-bs.database.user = "testuser3";
services.ep3-bs.database.password = "testPassword1234"; services.ep3-bs.database.passwordFile = "/var/lib/db.txt";
services.ep3-bs.mail.passwordFile = "/var/lib/mail.txt";
users.users.test = { users.users.test = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" ]; extraGroups = [ "wheel" ];
initialPassword = "test"; initialPassword = "test";
}; };
virtualisation.vmVariant.virtualisation.graphics = true; virtualisation.vmVariant.virtualisation.graphics = false;
} }
]; ];
}; };