about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--nixos/doc/manual/release-notes/rl-2405.section.md2
-rw-r--r--nixos/modules/module-list.nix1
-rw-r--r--nixos/modules/services/web-apps/commafeed.nix114
-rw-r--r--nixos/tests/all-tests.nix1
-rw-r--r--nixos/tests/commafeed.nix21
-rw-r--r--pkgs/by-name/co/commafeed/package.nix102
6 files changed, 241 insertions, 0 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2405.section.md b/nixos/doc/manual/release-notes/rl-2405.section.md
index 7600cf4324078..c6242c7a3291b 100644
--- a/nixos/doc/manual/release-notes/rl-2405.section.md
+++ b/nixos/doc/manual/release-notes/rl-2405.section.md
@@ -164,6 +164,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
 
 - [go-camo](https://github.com/cactus/go-camo), a secure image proxy server. Available as [services.go-camo](#opt-services.go-camo.enable).
 
+- [CommaFeed](https://github.com/Athou/commafeed), a Google Reader inspired self-hosted RSS reader. Available as [services.commafeed](#opt-services.commafeed.enable).
+
 - [Monado](https://monado.freedesktop.org/), an open source XR runtime. Available as [services.monado](#opt-services.monado.enable).
 
 - [intel-gpu-tools](https://drm.pages.freedesktop.org/igt-gpu-tools), tools for development and testing of the Intel DRM driver. Available as [hardware.intel-gpu-tools](#opt-hardware.intel-gpu-tools.enable).
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index f446fa13ea26f..83a37383cdaf2 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -1341,6 +1341,7 @@
   ./services/web-apps/chatgpt-retrieval-plugin.nix
   ./services/web-apps/cloudlog.nix
   ./services/web-apps/code-server.nix
+  ./services/web-apps/commafeed.nix
   ./services/web-apps/convos.nix
   ./services/web-apps/crabfit.nix
   ./services/web-apps/davis.nix
diff --git a/nixos/modules/services/web-apps/commafeed.nix b/nixos/modules/services/web-apps/commafeed.nix
new file mode 100644
index 0000000000000..354e3625bb999
--- /dev/null
+++ b/nixos/modules/services/web-apps/commafeed.nix
@@ -0,0 +1,114 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.services.commafeed;
+in
+{
+  options.services.commafeed = {
+    enable = lib.mkEnableOption "CommaFeed";
+
+    package = lib.mkPackageOption pkgs "commafeed" { };
+
+    user = lib.mkOption {
+      type = lib.types.str;
+      description = "User under which CommaFeed runs.";
+      default = "commafeed";
+    };
+
+    group = lib.mkOption {
+      type = lib.types.str;
+      description = "Group under which CommaFeed runs.";
+      default = "commafeed";
+    };
+
+    stateDir = lib.mkOption {
+      type = lib.types.path;
+      description = "Directory holding all state for CommaFeed to run.";
+      default = "/var/lib/commafeed";
+    };
+
+    environment = lib.mkOption {
+      type = lib.types.attrsOf (
+        lib.types.oneOf [
+          lib.types.bool
+          lib.types.int
+          lib.types.str
+        ]
+      );
+      description = ''
+        Extra environment variables passed to CommaFeed, refer to
+        <https://github.com/Athou/commafeed/blob/master/commafeed-server/config.yml.example>
+        for supported values. The default user is `admin` and the default password is `admin`.
+        Correct configuration for H2 database is already provided.
+      '';
+      default = { };
+      example = {
+        CF_SERVER_APPLICATIONCONNECTORS_0_TYPE = "http";
+        CF_SERVER_APPLICATIONCONNECTORS_0_PORT = 9090;
+      };
+    };
+
+    environmentFile = lib.mkOption {
+      type = lib.types.nullOr lib.types.path;
+      description = ''
+        Environment file as defined in {manpage}`systemd.exec(5)`.
+      '';
+      default = null;
+      example = "/var/lib/commafeed/commafeed.env";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    systemd.services.commafeed = {
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      environment = lib.mapAttrs (
+        _: v: if lib.isBool v then lib.boolToString v else toString v
+      ) cfg.environment;
+      serviceConfig = {
+        ExecStart = "${lib.getExe cfg.package} server ${cfg.package}/share/config.yml";
+        User = cfg.user;
+        Group = cfg.group;
+        StateDirectory = baseNameOf cfg.stateDir;
+        WorkingDirectory = cfg.stateDir;
+        # Hardening
+        CapabilityBoundingSet = [ "" ];
+        DevicePolicy = "closed";
+        DynamicUser = true;
+        LockPersonality = true;
+        NoNewPrivileges = true;
+        PrivateDevices = true;
+        PrivateUsers = true;
+        ProcSubset = "pid";
+        ProtectClock = true;
+        ProtectControlGroups = true;
+        ProtectHome = true;
+        ProtectHostname = true;
+        ProtectKernelLogs = true;
+        ProtectKernelModules = true;
+        ProtectKernelTunables = true;
+        ProtectProc = "invisible";
+        ProtectSystem = true;
+        RestrictAddressFamilies = [
+          "AF_INET"
+          "AF_INET6"
+        ];
+        RestrictNamespaces = true;
+        RestrictRealtime = true;
+        RestrictSUIDSGID = true;
+        SystemCallArchitectures = "native";
+        SystemCallFilter = [
+          "@system-service"
+          "~@privileged"
+        ];
+        UMask = "0077";
+      } // lib.optionalAttrs (cfg.environmentFile != null) { EnvironmentFile = cfg.environmentFile; };
+    };
+  };
+
+  meta.maintainers = [ lib.maintainers.raroh73 ];
+}
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix
index e400549232628..2e538c61a3f22 100644
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@@ -205,6 +205,7 @@ in {
   code-server = handleTest ./code-server.nix {};
   coder = handleTest ./coder.nix {};
   collectd = handleTest ./collectd.nix {};
+  commafeed = handleTest ./commafeed.nix {};
   connman = handleTest ./connman.nix {};
   consul = handleTest ./consul.nix {};
   consul-template = handleTest ./consul-template.nix {};
diff --git a/nixos/tests/commafeed.nix b/nixos/tests/commafeed.nix
new file mode 100644
index 0000000000000..7b65720818a9b
--- /dev/null
+++ b/nixos/tests/commafeed.nix
@@ -0,0 +1,21 @@
+import ./make-test-python.nix (
+  { lib, ... }:
+  {
+    name = "commafeed";
+
+    nodes.server = {
+      services.commafeed = {
+        enable = true;
+      };
+    };
+
+    testScript = ''
+      server.start()
+      server.wait_for_unit("commafeed.service")
+      server.wait_for_open_port(8082)
+      server.succeed("curl --fail --silent http://localhost:8082")
+    '';
+
+    meta.maintainers = [ lib.maintainers.raroh73 ];
+  }
+)
diff --git a/pkgs/by-name/co/commafeed/package.nix b/pkgs/by-name/co/commafeed/package.nix
new file mode 100644
index 0000000000000..cc203468feead
--- /dev/null
+++ b/pkgs/by-name/co/commafeed/package.nix
@@ -0,0 +1,102 @@
+{
+  lib,
+  buildNpmPackage,
+  fetchFromGitHub,
+  jre,
+  maven,
+  makeWrapper,
+  nixosTests,
+  writeText,
+}:
+let
+  version = "4.3.3";
+
+  src = fetchFromGitHub {
+    owner = "Athou";
+    repo = "commafeed";
+    rev = version;
+    hash = "sha256-y0gTmtlDg7sdunG1ne/3WkFx2KQkTGRlfYpXBHFFh2o=";
+  };
+
+  frontend = buildNpmPackage {
+    inherit version src;
+
+    pname = "commafeed-frontend";
+
+    sourceRoot = "${src.name}/commafeed-client";
+
+    npmDepsHash = "sha256-fye7MPWXUeFCMgcnesspd1giGG/ZldiOv00fjtXZSb4=";
+
+    installPhase = ''
+      runHook preInstall
+
+      cp -r dist/ $out
+
+      runHook postInstall
+    '';
+  };
+
+  gitProperties = writeText "git.properties" ''
+    git.branch = none
+    git.build.time = 1970-01-01T00:00:00+0000
+    git.build.version = ${version}
+    git.commit.id = none
+    git.commit.id.abbrev = none
+  '';
+in
+maven.buildMavenPackage {
+  inherit version src;
+
+  pname = "commafeed";
+
+  mvnHash = "sha256-YnEDJf4GeyiXxOh8tZZTZdLOJrisG6lmShXU97ueGNE=";
+
+  mvnParameters = lib.escapeShellArgs [
+    "-Dskip.installnodenpm"
+    "-Dskip.npm"
+    "-Dspotless.check.skip"
+    "-Dmaven.gitcommitid.skip"
+    "-DskipTests"
+  ];
+
+  nativeBuildInputs = [ makeWrapper ];
+
+  configurePhase = ''
+    runHook preConfigure
+
+    ln -sf "${frontend}" commafeed-client/dist
+
+    cp ${gitProperties} commafeed-server/src/main/resources/git.properties
+
+    runHook postConfigure
+  '';
+
+  installPhase = ''
+    runHook preInstall
+
+    mkdir -p $out/bin $out/share
+    install -Dm644 commafeed-server/target/commafeed.jar $out/share/commafeed.jar
+    install -Dm644 commafeed-server/config.yml.example $out/share/config.yml
+
+    makeWrapper ${jre}/bin/java $out/bin/commafeed \
+      --add-flags "-jar $out/share/commafeed.jar"
+
+    runHook postInstall
+  '';
+
+  postInstall = ''
+    substituteInPlace $out/share/config.yml \
+      --replace-fail 'url: jdbc:h2:/commafeed/data/db;DEFRAG_ALWAYS=TRUE' \
+        'url: jdbc:h2:./database/db;DEFRAG_ALWAYS=TRUE'
+  '';
+
+  passthru.tests = nixosTests.commafeed;
+
+  meta = {
+    description = "Google Reader inspired self-hosted RSS reader";
+    homepage = "https://github.com/Athou/commafeed";
+    license = lib.licenses.asl20;
+    mainProgram = "commafeed";
+    maintainers = [ lib.maintainers.raroh73 ];
+  };
+}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-29 01:19:06 +0000