diff options
author | Kim Lindberger <kim.lindberger@gmail.com> | 2020-05-24 16:31:23 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-05-24 16:31:23 +0200 |
commit | 825e20ff4610fed832b944e8bc4e9e8799e93255 (patch) | |
tree | b556044f02bf0c55f5043683872b81f48e918b83 | |
parent | 854142134d1aa6efee645b6934283caa54aa9abd (diff) | |
parent | 1e343d1638aae170cedf4fbe2ad1cf81f1ba4d79 (diff) |
Merge pull request #82753 from Kloenk/feature/engelsystem
engelsystem: init at 3.1.0
-rw-r--r-- | maintainers/maintainer-list.nix | 10 | ||||
-rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/web-apps/engelsystem.nix | 186 | ||||
-rw-r--r-- | nixos/tests/all-tests.nix | 1 | ||||
-rw-r--r-- | nixos/tests/engelsystem.nix | 41 | ||||
-rw-r--r-- | pkgs/servers/web-apps/engelsystem/default.nix | 52 | ||||
-rw-r--r-- | pkgs/top-level/all-packages.nix | 2 |
7 files changed, 293 insertions, 0 deletions
diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index d2faca2e87a00..b7ee71285138f 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -4071,6 +4071,16 @@ github = "klntsky"; githubId = 18447310; }; + kloenk = { + email = "me@kloenk.de"; + name = "Finn Behrens"; + github = "kloenk"; + githubId = 12898828; + keys = [{ + longkeyid = "ed25519/0xB92445CFC9546F9D"; + fingerprint = "6881 5A95 D715 D429 659B 48A4 B924 45CF C954 6F9D"; + }]; + }; kmcopper = { email = "kmcopper@danwin1210.me"; name = "Kyle Copperfield"; diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index daa0f6cc2eee3..9f9bf3bc53294 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -830,6 +830,7 @@ ./services/web-apps/cryptpad.nix ./services/web-apps/documize.nix ./services/web-apps/dokuwiki.nix + ./services/web-apps/engelsystem.nix ./services/web-apps/frab.nix ./services/web-apps/gerrit.nix ./services/web-apps/gotify-server.nix diff --git a/nixos/modules/services/web-apps/engelsystem.nix b/nixos/modules/services/web-apps/engelsystem.nix new file mode 100644 index 0000000000000..899582a203040 --- /dev/null +++ b/nixos/modules/services/web-apps/engelsystem.nix @@ -0,0 +1,186 @@ +{ config, lib, pkgs, utils, ... }: + +let + inherit (lib) mkDefault mkEnableOption mkIf mkOption types literalExample; + cfg = config.services.engelsystem; +in { + options = { + services.engelsystem = { + enable = mkOption { + default = false; + example = true; + description = '' + Whether to enable engelsystem, an online tool for coordinating helpers + and shifts on large events. + ''; + type = lib.types.bool; + }; + + domain = mkOption { + type = types.str; + example = "engelsystem.example.com"; + description = "Domain to serve on."; + }; + + package = mkOption { + type = types.package; + example = literalExample "pkgs.engelsystem"; + description = "Engelsystem package used for the service."; + default = pkgs.engelsystem; + }; + + createDatabase = mkOption { + type = types.bool; + default = true; + description = '' + Whether to create a local database automatically. + This will override every database setting in <option>services.engelsystem.config</option>. + ''; + }; + }; + + services.engelsystem.config = mkOption { + type = types.attrs; + default = { + database = { + host = "localhost"; + database = "engelsystem"; + username = "engelsystem"; + }; + }; + example = { + maintenance = false; + database = { + host = "database.example.com"; + database = "engelsystem"; + username = "engelsystem"; + password._secret = "/var/keys/engelsystem/database"; + }; + email = { + driver = "smtp"; + host = "smtp.example.com"; + port = 587; + from.address = "engelsystem@example.com"; + from.name = "example engelsystem"; + encryption = "tls"; + username = "engelsystem@example.com"; + password._secret = "/var/keys/engelsystem/mail"; + }; + autoarrive = true; + min_password_length = 6; + default_locale = "de_DE"; + }; + description = '' + Options to be added to config.php, as a nix attribute set. Options containing secret data + should be set to an attribute set containing the attribute _secret - a string pointing to a + file containing the value the option should be set to. See the example to get a better + picture of this: in the resulting config.php file, the email.password key will be set to + the contents of the /var/keys/engelsystem/mail file. + + See https://engelsystem.de/doc/admin/configuration/ for available options. + + Note that the admin user login credentials cannot be set here - they always default to + admin:asdfasdf. Log in and change them immediately. + ''; + }; + }; + + config = mkIf cfg.enable { + # create database + services.mysql = mkIf cfg.createDatabase { + enable = true; + package = mkDefault pkgs.mysql; + ensureUsers = [{ + name = "engelsystem"; + ensurePermissions = { "engelsystem.*" = "ALL PRIVILEGES"; }; + }]; + ensureDatabases = [ "engelsystem" ]; + }; + + environment.etc."engelsystem/config.php".source = + pkgs.writeText "config.php" '' + <?php + return json_decode(file_get_contents("/var/lib/engelsystem/config.json"), true); + ''; + + services.phpfpm.pools.engelsystem = { + user = "engelsystem"; + settings = { + "listen.owner" = config.services.nginx.user; + "pm" = "dynamic"; + "pm.max_children" = 32; + "pm.max_requests" = 500; + "pm.start_servers" = 2; + "pm.min_spare_servers" = 2; + "pm.max_spare_servers" = 5; + "php_admin_value[error_log]" = "stderr"; + "php_admin_flag[log_errors]" = true; + "catch_workers_output" = true; + }; + }; + + services.nginx = { + enable = true; + virtualHosts."${cfg.domain}".locations = { + "/" = { + root = "${cfg.package}/share/engelsystem/public"; + extraConfig = '' + index index.php; + try_files $uri $uri/ /index.php?$args; + autoindex off; + ''; + }; + "~ \\.php$" = { + root = "${cfg.package}/share/engelsystem/public"; + extraConfig = '' + fastcgi_pass unix:${config.services.phpfpm.pools.engelsystem.socket}; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include ${config.services.nginx.package}/conf/fastcgi_params; + include ${config.services.nginx.package}/conf/fastcgi.conf; + ''; + }; + }; + }; + + systemd.services."engelsystem-init" = { + wantedBy = [ "multi-user.target" ]; + serviceConfig = { Type = "oneshot"; }; + script = + let + genConfigScript = pkgs.writeScript "engelsystem-gen-config.sh" + (utils.genJqSecretsReplacementSnippet cfg.config "config.json"); + in '' + umask 077 + mkdir -p /var/lib/engelsystem/storage/app + mkdir -p /var/lib/engelsystem/storage/cache/views + cd /var/lib/engelsystem + ${genConfigScript} + chmod 400 config.json + chown -R engelsystem . + ''; + }; + systemd.services."engelsystem-migrate" = { + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Type = "oneshot"; + User = "engelsystem"; + Group = "engelsystem"; + }; + script = '' + ${cfg.package}/bin/migrate + ''; + after = [ "engelsystem-init.service" "mysql.service" ]; + }; + systemd.services."phpfpm-engelsystem".after = + [ "engelsystem-migrate.service" ]; + + users.users.engelsystem = { + isSystemUser = true; + createHome = true; + home = "/var/lib/engelsystem/storage"; + group = "engelsystem"; + }; + users.groups.engelsystem = { }; + }; +} diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index af619ac99a322..5812098736439 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -87,6 +87,7 @@ in ecryptfs = handleTest ./ecryptfs.nix {}; ejabberd = handleTest ./xmpp/ejabberd.nix {}; elk = handleTestOn ["x86_64-linux"] ./elk.nix {}; + engelsystem = handleTest ./engelsystem.nix {}; enlightenment = handleTest ./enlightenment.nix {}; env = handleTest ./env.nix {}; etcd = handleTestOn ["x86_64-linux"] ./etcd.nix {}; diff --git a/nixos/tests/engelsystem.nix b/nixos/tests/engelsystem.nix new file mode 100644 index 0000000000000..39c10718093f6 --- /dev/null +++ b/nixos/tests/engelsystem.nix @@ -0,0 +1,41 @@ +import ./make-test-python.nix ( + { pkgs, lib, ... }: + { + name = "engelsystem"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ talyz ]; + }; + + nodes.engelsystem = + { ... }: + { + services.engelsystem = { + enable = true; + domain = "engelsystem"; + createDatabase = true; + }; + networking.firewall.allowedTCPPorts = [ 80 443 ]; + environment.systemPackages = with pkgs; [ + xmlstarlet + libxml2 + ]; + }; + + testScript = '' + engelsystem.start() + engelsystem.wait_for_unit("phpfpm-engelsystem.service") + engelsystem.wait_until_succeeds("curl engelsystem/login -sS -f") + engelsystem.succeed( + "curl engelsystem/login -sS -f -c cookie | xmllint -html -xmlout - >login" + ) + engelsystem.succeed( + "xml sel -T -t -m \"html/head/meta[@name='csrf-token']\" -v @content login >token" + ) + engelsystem.succeed( + "curl engelsystem/login -sS -f -b cookie -F 'login=admin' -F 'password=asdfasdf' -F '_token=<token' -L | xmllint -html -xmlout - >news" + ) + engelsystem.succeed( + "test 'News - Engelsystem' = \"$(xml sel -T -t -c html/head/title news)\"" + ) + ''; + }) diff --git a/pkgs/servers/web-apps/engelsystem/default.nix b/pkgs/servers/web-apps/engelsystem/default.nix new file mode 100644 index 0000000000000..8ef6a9afa0e8f --- /dev/null +++ b/pkgs/servers/web-apps/engelsystem/default.nix @@ -0,0 +1,52 @@ +{ stdenv, fetchzip, php, writeText, nixosTests }: + +let + phpExt = php.withExtensions + ({ enabled, all }: with all; [ json filter mysqlnd mysqli pdo pdo_mysql ]); +in stdenv.mkDerivation rec { + pname = "engelsystem"; + version = "3.1.0"; + + src = fetchzip { + url = + "https://github.com/engelsystem/engelsystem/releases/download/v3.1.0/engelsystem-v3.1.0.zip"; + sha256 = "01wra7li7n5kn1l6xkrmw4vlvvyqh089zs43qzn98hj0mw8gw7ai"; + # This is needed, because the zip contains a directory with world write access, which is not allowed in nix + extraPostFetch = "chmod -R a-w $out"; + }; + + buildInputs = [ phpExt ]; + + installPhase = '' + runHook preInstall + + # prepare + rm -r ./storage/ + rm -r ./docker/ + + ln -sf /etc/engelsystem/config.php ./config/config.php + ln -sf /var/lib/engelsystem/storage/ ./storage + + mkdir -p $out/share/engelsystem + mkdir -p $out/bin + cp -r . $out/share/engelsystem + + echo $(command -v php) + # The patchShebangAuto function always used the php without extensions, so path the shebang manually + sed -i -e "1 s|.*|#\!${phpExt}/bin/php|" "$out/share/engelsystem/bin/migrate" + ln -s "$out/share/engelsystem/bin/migrate" "$out/bin/migrate" + + runHook postInstall + ''; + + passthru.tests = nixosTests.engelsystem; + + meta = with stdenv.lib; { + description = + "Coordinate your helpers in teams, assign them to work shifts or let them decide for themselves when and where they want to help with what"; + license = licenses.gpl2; + homepage = "https://engelsystem.de"; + maintainers = with maintainers; [ kloenk ]; + platforms = platforms.all; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 2c4b18f7ac7cd..553dc51b3362e 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -15591,6 +15591,8 @@ in dspam = callPackage ../servers/mail/dspam { }; + engelsystem = callPackage ../servers/web-apps/engelsystem { }; + etcd = callPackage ../servers/etcd { }; etcd_3_4 = callPackage ../servers/etcd/3.4.nix { }; |