shiori: 1.5.5 -> 1.7.0

3 files changed, 135 insertions, 96 deletions

diff --git a/nixos/modules/services/web-apps/shiori.nix b/nixos/modules/services/web-apps/shiori.nix
index 022bb5e438812..208b5432ef8ae 100644
--- a/nixos/modules/services/web-apps/shiori.nix
+++ b/nixos/modules/services/web-apps/shiori.nix
@@ -1,17 +1,15 @@
 { config, lib, pkgs, ... }:
 
-with lib;
-let
-  cfg = config.services.shiori;
+let cfg = config.services.shiori;
 in {
   options = {
     services.shiori = {
-      enable = mkEnableOption "Shiori simple bookmarks manager";
+      enable = lib.mkEnableOption "Shiori simple bookmarks manager";
 
-      package = mkPackageOption pkgs "shiori" { };
+      package = lib.mkPackageOption pkgs "shiori" { };
 
-      address = mkOption {
-        type = types.str;
+      address = lib.mkOption {
+        type = lib.types.str;
         default = "";
         description = ''
           The IP address on which Shiori will listen.
@@ -19,30 +17,55 @@ in {
         '';
       };
 
-      port = mkOption {
-        type = types.port;
+      port = lib.mkOption {
+        type = lib.types.port;
         default = 8080;
         description = "The port of the Shiori web application";
       };
 
-      webRoot = mkOption {
-        type = types.str;
+      webRoot = lib.mkOption {
+        type = lib.types.str;
         default = "/";
         example = "/shiori";
         description = "The root of the Shiori web application";
       };
+
+      environmentFile = lib.mkOption {
+        type = lib.types.null or lib.types.path;
+        default = null;
+        example = "/path/to/environmentFile";
+        description = ''
+          Path to file containing environment variables.
+          Useful for passing down secrets.
+          <https://github.com/go-shiori/shiori/blob/master/docs/Configuration.md#overall-configuration>
+        '';
+      };
+
+      databaseUrl = lib.mkOption {
+        type = lib.types.null or lib.types.str;
+        default = null;
+        example = "postgresql:///shiori?host=/run/postgresql";
+        description = "The connection URL to connect to MySQL or PostgreSQL";
+      };
     };
   };
 
-  config = mkIf cfg.enable {
-    systemd.services.shiori = with cfg; {
+  config = lib.mkIf cfg.enable {
+    systemd.services.shiori = {
       description = "Shiori simple bookmarks manager";
       wantedBy = [ "multi-user.target" ];
-
-      environment.SHIORI_DIR = "/var/lib/shiori";
+      after = [ "postgresql.service" "mysql.service" ];
+      environment = {
+        SHIORI_DIR = "/var/lib/shiori";
+      } // lib.optionalAttrs (cfg.databaseUrl != null) {
+        SHIORI_DATABASE_URL = cfg.databaseUrl;
+      };
 
       serviceConfig = {
-        ExecStart = "${package}/bin/shiori serve --address '${address}' --port '${toString port}' --webroot '${webRoot}'";
+        ExecStart =
+          "${cfg.package}/bin/shiori server --address '${cfg.address}' --port '${
+            toString cfg.port
+          }' --webroot '${cfg.webRoot}'";
 
         DynamicUser = true;
         StateDirectory = "shiori";
@@ -50,15 +73,20 @@ in {
         RuntimeDirectory = "shiori";
 
         # Security options
-
+        EnvironmentFile =
+          lib.optional (cfg.environmentFile != null) cfg.environmentFile;
         BindReadOnlyPaths = [
           "/nix/store"
 
           # For SSL certificates, and the resolv.conf
           "/etc"
-        ];
+        ] ++ lib.optional (lib.strings.hasInfix "postgres" cfg.databaseUrl
+          && config.services.postgresql.enable) "/run/postgresql"
+          ++ lib.optional (lib.strings.hasInfix "mysql" cfg.databaseUrl
+            && config.services.mysql.enable) "/var/run/mysqld";
 
         CapabilityBoundingSet = "";
+        AmbientCapabilities = "CAP_NET_BIND_SERVICE";
 
         DeviceAllow = "";
 
@@ -78,7 +106,7 @@ in {
         ProtectKernelTunables = true;
 
         RestrictNamespaces = true;
-        RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
+        RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
         RestrictRealtime = true;
         RestrictSUIDSGID = true;
 
@@ -88,11 +116,17 @@ in {
         SystemCallErrorNumber = "EPERM";
         SystemCallFilter = [
           "@system-service"
-          "~@cpu-emulation" "~@debug" "~@keyring" "~@memlock" "~@obsolete" "~@privileged" "~@setuid"
+          "~@cpu-emulation"
+          "~@debug"
+          "~@keyring"
+          "~@memlock"
+          "~@obsolete"
+          "~@privileged"
+          "~@setuid"
         ];
       };
     };
   };
 
-  meta.maintainers = with maintainers; [ minijackson ];
+  meta.maintainers = with lib.maintainers; [ minijackson CaptainJawZ ];
 }
diff --git a/nixos/tests/shiori.nix b/nixos/tests/shiori.nix
index d0f68b903f8c3..99c1301cc3f8f 100644
--- a/nixos/tests/shiori.nix
+++ b/nixos/tests/shiori.nix
@@ -1,80 +1,79 @@
-import ./make-test-python.nix ({ pkgs, lib, ...}:
+import ./make-test-python.nix ({ pkgs, lib, ... }:
 
-{
-  name = "shiori";
-  meta.maintainers = with lib.maintainers; [ minijackson ];
+  {
+    name = "shiori";
+    meta.maintainers = with lib.maintainers; [ minijackson ];
 
-  nodes.machine =
-    { ... }:
-    { services.shiori.enable = true; };
+    nodes.machine = { ... }: { services.shiori.enable = true; };
 
-  testScript = let
-    authJSON = pkgs.writeText "auth.json" (builtins.toJSON {
-      username = "shiori";
-      password = "gopher";
-      owner = true;
-    });
+    testScript = let
+      authJSON = pkgs.writeText "auth.json" (builtins.toJSON {
+        username = "shiori";
+        password = "gopher";
+        owner = true;
+      });
 
-  insertBookmark = {
-    url = "http://example.org";
-    title = "Example Bookmark";
-  };
+      insertBookmark = {
+        url = "http://example.org";
+        title = "Example Bookmark";
+      };
 
-  insertBookmarkJSON = pkgs.writeText "insertBookmark.json" (builtins.toJSON insertBookmark);
-  in ''
-    import json
+      insertBookmarkJSON =
+        pkgs.writeText "insertBookmark.json" (builtins.toJSON insertBookmark);
+    in ''
+      import json
 
-    machine.wait_for_unit("shiori.service")
-    machine.wait_for_open_port(8080)
-    machine.succeed("curl --fail http://localhost:8080/")
-    machine.succeed("curl --fail --location http://localhost:8080/ | grep -i shiori")
+      machine.wait_for_unit("shiori.service")
+      machine.wait_for_open_port(8080)
+      machine.succeed("curl --fail http://localhost:8080/")
+      machine.succeed("curl --fail --location http://localhost:8080/ | grep -i shiori")
 
-    with subtest("login"):
-        auth_json = machine.succeed(
-            "curl --fail --location http://localhost:8080/api/login "
-            "-X POST -H 'Content-Type:application/json' -d @${authJSON}"
-        )
-        auth_ret = json.loads(auth_json)
-        session_id = auth_ret["session"]
+      with subtest("login"):
+          auth_json = machine.succeed(
+              "curl --fail --location http://localhost:8080/api/login "
+              "-X POST -H 'Content-Type:application/json' -d @${authJSON}"
+          )
+          auth_ret = json.loads(auth_json)
+          session_id = auth_ret["session"]
 
-    with subtest("bookmarks"):
-        with subtest("first use no bookmarks"):
-            bookmarks_json = machine.succeed(
-                (
-                    "curl --fail --location http://localhost:8080/api/bookmarks "
-                    "-H 'X-Session-Id:{}'"
-                ).format(session_id)
-            )
+      with subtest("bookmarks"):
+          with subtest("first use no bookmarks"):
+              bookmarks_json = machine.succeed(
+                  (
+                      "curl --fail --location http://localhost:8080/api/bookmarks "
+                      "-H 'X-Session-Id:{}'"
+                  ).format(session_id)
+              )
 
-            if json.loads(bookmarks_json)["bookmarks"] != []:
-                raise Exception("Shiori have a bookmark on first use")
+              if json.loads(bookmarks_json)["bookmarks"] != []:
+                  raise Exception("Shiori have a bookmark on first use")
 
-        with subtest("insert bookmark"):
-            machine.succeed(
-                (
-                    "curl --fail --location http://localhost:8080/api/bookmarks "
-                    "-X POST -H 'X-Session-Id:{}' "
-                    "-H 'Content-Type:application/json' -d @${insertBookmarkJSON}"
-                ).format(session_id)
-            )
+          with subtest("insert bookmark"):
+              machine.succeed(
+                  (
+                      "curl --fail --location http://localhost:8080/api/bookmarks "
+                      "-X POST -H 'X-Session-Id:{}' "
+                      "-H 'Content-Type:application/json' -d @${insertBookmarkJSON}"
+                  ).format(session_id)
+              )
 
-        with subtest("get inserted bookmark"):
-            bookmarks_json = machine.succeed(
-                (
-                    "curl --fail --location http://localhost:8080/api/bookmarks "
-                    "-H 'X-Session-Id:{}'"
-                ).format(session_id)
-            )
+          with subtest("get inserted bookmark"):
+              bookmarks_json = machine.succeed(
+                  (
+                      "curl --fail --location http://localhost:8080/api/bookmarks "
+                      "-H 'X-Session-Id:{}'"
+                  ).format(session_id)
+              )
 
-            bookmarks = json.loads(bookmarks_json)["bookmarks"]
-            if len(bookmarks) != 1:
-                raise Exception("Shiori didn't save the bookmark")
+              bookmarks = json.loads(bookmarks_json)["bookmarks"]
+              if len(bookmarks) != 1:
+                  raise Exception("Shiori didn't save the bookmark")
 
-            bookmark = bookmarks[0]
-            if (
-                bookmark["url"] != "${insertBookmark.url}"
-                or bookmark["title"] != "${insertBookmark.title}"
-            ):
-                raise Exception("Inserted bookmark doesn't have same URL or title")
-  '';
-})
+              bookmark = bookmarks[0]
+              if (
+                  bookmark["url"] != "${insertBookmark.url}"
+                  or bookmark["title"] != "${insertBookmark.title}"
+              ):
+                  raise Exception("Inserted bookmark doesn't have same URL or title")
+    '';
+  })
diff --git a/pkgs/servers/web-apps/shiori/default.nix b/pkgs/servers/web-apps/shiori/default.nix
index 8a9fc7973f98a..bd6a22287e5fa 100644
--- a/pkgs/servers/web-apps/shiori/default.nix
+++ b/pkgs/servers/web-apps/shiori/default.nix
@@ -1,10 +1,10 @@
-{ lib, buildGoModule, fetchFromGitHub, nixosTests }:
+{ lib, buildGoModule, fetchFromGitHub, nixosTests, installShellFiles }:
 
 buildGoModule rec {
   pname = "shiori";
-  version = "1.5.5";
+  version = "1.7.0";
 
-  vendorHash = "sha256-suWdtqf5IZntEVD+NHGD6RsL1tjcGH9vh5skISW+aCc=";
+  vendorHash = "sha256-fakRqgoEcdzw9WZuubaxfGfvVrMvb8gV/IwPikMnfRQ=";
 
   doCheck = false;
 
@@ -12,18 +12,24 @@ buildGoModule rec {
     owner = "go-shiori";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-kGPvCYvLLixEH9qih/F3StUyGPqlKukTWLSw41+Mq8E=";
+    sha256 = "sha256-5+hTtvBnj3Nh5HitReVkLift9LTiMYVuuYx5EirN0SA=";
   };
 
-  passthru.tests = {
-    smoke-test = nixosTests.shiori;
-  };
+  nativeBuildInputs = [ installShellFiles ];
+  postInstall = ''
+    installShellCompletion --cmd shiori \
+      --bash <($out/bin/shiori completion bash) \
+      --fish <($out/bin/shiori completion fish) \
+      --zsh <($out/bin/shiori completion zsh)
+  '';
+
+  # passthru.tests.smoke-test = nixosTests.shiori; # test broken
 
   meta = with lib; {
     description = "Simple bookmark manager built with Go";
     mainProgram = "shiori";
     homepage = "https://github.com/go-shiori/shiori";
     license = licenses.mit;
-    maintainers = with maintainers; [ minijackson ];
+    maintainers = with maintainers; [ minijackson CaptainJawZ ];
   };
 }