merge files for ttrss

all-packages.nix

@@ -28,15 +28,7 @@ let
 
     mkKeycloakCliService = callPackage ./keycloak-cli-config/unit.nix {inherit utils;};
 
-    TtrssEnvironment = callPackage ./ttrss/environment.nix {};
-    TtrssConfig = callPackage ./ttrss/config.nix {};
-    mkTtrssConfig = callPackage ./ttrss/mkconfig.nix {inherit TtrssConfig;};
-    TtrssUpdateService = callPackage ./ttrss/update.nix {inherit utils;};
-    mkTtrssUpdateService = callPackage ./ttrss/mkupdate.nix {inherit TtrssUpdateService;};
-    TtrssUpgradeDBService = callPackage ./ttrss/dbupgrade.nix {};
-    mkTtrssUpgradeDBService = callPackage ./ttrss/mkdbupgrade.nix {inherit TtrssUpgradeDBService;};
-    mkTtrssPHPNormalizeHeaders = callPackage ./ttrss/normalize-headers.nix {};
-
+    ttrss = callPackage ./ttrss {inherit utils customPkgs;};
     vaultwarden = callPackage ./vaultwarden {inherit utils customPkgs;};
   };
 in

ttrss/config.nix

@@ -2,8 +2,10 @@
 , pkgs
 , lib
 }:
-{ document_root
+{ documentRoot
 , name ? "ttrss"
+, serviceName ? "ttrss"
+, subdomain ? "ttrss"
 , user ? "http"
 , group ? "http"
 , domain
@@ -22,8 +24,8 @@
 # , feedback_url ? ""
 , auth_remote_post_logout_url ? null
 , enabled_plugins ? [ "auth_remote" "note" ]
-}:
-{ TtrssPostgresDB
+
+, dependsOn ? {}
 }:
 
 let
@@ -34,9 +36,9 @@ let
   );
   wrapPutenv = key: value: "putenv('TTRSS_${lib.toUpper key}=${value}');";
 
-  config = self_url_path: {
+  config = self_url_path: db: {
     db_type = "pgsql";
-    db_host = db_host {inherit TtrssPostgresDB;};
+    db_host = db_host db;
     db_port = builtins.toString db_port;
     db_user = db_username;
     db_name = db_database;
@@ -85,26 +87,35 @@ let
     } else {}
   );
 in
-stdenv.mkDerivation rec {
-  inherit name;
-  src = pkgs.tt-rss;
+{
+  name = serviceName;
 
-  buildCommand =
-    let
-      configFile = pkgs.writeText "config.php" (asTtrssConfig (config "https://${name}.${domain}/"));
-      dr = dirOf document_root;
-    in
-      ''
-      mkdir -p $out/${name}
-      cp -ra $src/* $out/${name}
-      cp ${configFile} $out/${name}/config.php
+  pkg = {
+    db
+  }: stdenv.mkDerivation rec {
+    inherit name;
+    src = pkgs.tt-rss;
 
-      echo "${dr}" > $out/.dysnomia-targetdir
-      echo "${user}:${group}" > $out/.dysnomia-filesetowner
-      
-      cat > $out/.dysnomia-fileset <<FILESET
-        symlink $out/${name}
-        target ${dr}
-      FILESET
-      '';
+    buildCommand =
+      let
+        configFile = pkgs.writeText "config.php" (asTtrssConfig (config "https://${subdomain}.${domain}/" db));
+        dr = dirOf documentRoot;
+      in
+        ''
+        mkdir -p $out/${name}
+        cp -ra $src/* $out/${name}
+        cp ${configFile} $out/${name}/config.php
+
+        echo "${dr}" > $out/.dysnomia-targetdir
+        echo "${user}:${group}" > $out/.dysnomia-filesetowner
+
+        cat > $out/.dysnomia-fileset <<FILESET
+          symlink $out/${name}
+          target ${dr}
+        FILESET
+        '';
+  };
+
+  inherit dependsOn;
+  type = "fileset";
 }

ttrss/dbupgrade.nix

@@ -1,42 +1,52 @@
 { stdenv
 , pkgs
 }:
-{ binDir
+{ name
 , user
-}:
-{ TtrssPostgresDB
-, TtrssConfig
+, binDir
+
+, dependsOn ? {}
 }:
 
-stdenv.mkDerivation {
-  name = "dbupgrade";
+{
+  inherit name;
+  pkg =
+    { db
+    , config
+    }:
+    stdenv.mkDerivation {
+      name = "dbupgrade";
 
-  src = pkgs.writeTextDir "wrapper" ''
-  #!/bin/bash -e
+      src = pkgs.writeTextDir "wrapper" ''
+      #!/bin/bash -e
 
-  sudo -u ${user} bash <<HERE
-  case "$1" in
-    activate)
-      ${pkgs.php}/bin/php ${binDir}/update.php --update-schema=force-yes
-      ;;
-    lock)
-        if [ -f /tmp/wrapper.lock ]
-        then
-            exit 1
-        else
-            echo "1" > /tmp/wrapper.lock
-        fi
-        ;;
-    unlock)
-        rm -f /tmp/wrapper.lock
-        ;;
-  esac
-  HERE
-  '';
+      sudo -u ${user} bash <<HERE
+      case "$1" in
+        activate)
+          ${pkgs.php}/bin/php ${binDir}/update.php --update-schema=force-yes
+          ;;
+        lock)
+            if [ -f /tmp/wrapper.lock ]
+            then
+                exit 1
+            else
+                echo "1" > /tmp/wrapper.lock
+            fi
+            ;;
+        unlock)
+            rm -f /tmp/wrapper.lock
+            ;;
+      esac
+      HERE
+      '';
 
-  installPhase = ''
-  mkdir -p $out/bin
-  cp $src/wrapper $out/bin
-  chmod +x $out/bin/*
-  '';
+      installPhase = ''
+      mkdir -p $out/bin
+      cp $src/wrapper $out/bin
+      chmod +x $out/bin/*
+      '';
+    };
+
+  inherit dependsOn;
+  type = "wrapper";
 }

ttrss/default.nix

@@ -66,7 +66,7 @@ rec {
         inherit (phpfpmService) user group;
         inherit domain;
 
-        db_host = {TtrssPostgresDB}: TtrssPostgresDB.target.properties.hostname;
+        db_host = db: db.target.properties.hostname;
         db_port = (utils.getTarget distribution "TtrssPostgresDB").containers.postgresql-database.port;
         db_database = postgresDatabase;
         db_username = postgresUser;

ttrss/environment.nix

@@ -1,37 +0,0 @@
-{}:
-{
-  name ? "ttrss",
-  document_root ? "/usr/share/webapps/${name}",
-  systemd_run ? "/run/${name}",
-  persistent_dir ? "/var/lib/${name}"
-}:
-rec {
-  inherit name document_root systemd_run persistent_dir;
-
-  lock_directory = "${systemd_run}/lock";
-  cache_directory = "${systemd_run}/cache";
-  feed_icons_directory = "${persistent_dir}/feed-icons";
-
-  ro_directories = [];
-  rw_directories = [
-    lock_directory
-    cache_directory
-    feed_icons_directory
-  ];
-
-  directories_modes = {
-    "${systemd_run}" = "0550";
-    "${lock_directory}" = "0770";
-    "${cache_directory}" = "0770";
-    "${cache_directory}/upload" = "0770";
-    "${cache_directory}/images" = "0770";
-    "${cache_directory}/export" = "0770";
-    "${persistent_dir}/feed-icons" = "0770";
-  };
-
-  postgresql = {
-    username = name;
-    password = "ttrsspw";
-    database = name;
-  };
-}

ttrss/mkconfig.nix

@@ -1,39 +0,0 @@
-{ TtrssConfig
-}:
-{ name
-, user
-, group
-, domain
-, serviceName
-, document_root
-, lock_directory
-, cache_directory
-, feed_icons_directory
-, enabled_plugins ? []
-, auth_remote_post_logout_url ? null
-
-, db_host
-, db_port
-, db_username
-, db_password
-, db_database
-
-, dependsOn ? {}
-}:
-
-{
-  inherit name;
-  pkg = TtrssConfig {
-    name = serviceName;
-    inherit document_root lock_directory cache_directory feed_icons_directory;
-    inherit user group;
-    inherit domain;
-
-    inherit db_host db_port db_username db_password db_database;
-    inherit enabled_plugins;
-    inherit auth_remote_post_logout_url;
-  };
-
-  inherit dependsOn;
-  type = "fileset";
-}

ttrss/mkdbupgrade.nix

@@ -1,17 +0,0 @@
-{ TtrssUpgradeDBService
-}:
-{ name
-, user
-, binDir
-, dependsOn ? {}
-}:
-
-{
-  inherit name;
-  pkg = TtrssUpgradeDBService {
-    inherit user binDir;
-  };
-
-  inherit dependsOn;
-  type = "wrapper";
-}

ttrss/mkupdate.nix

@@ -1,25 +0,0 @@
-{ TtrssUpdateService
-}:
-{ name
-, user
-, group
-, documentRoot
-, readOnlyPaths
-, readWritePaths
-, postgresServiceName
-, dependsOn ? {}
-}:
-
-{
-  inherit name;
-  pkg = TtrssUpdateService {
-    inherit documentRoot;
-    inherit user group;
-
-    inherit readOnlyPaths readWritePaths;
-    inherit postgresServiceName;
-  };
-
-  inherit dependsOn;
-  type = "systemd-unit";
-}

ttrss/update.nix

@@ -3,14 +3,15 @@
 , lib
 , utils
 }:
-{ documentRoot
+{ name
 , user
 , group
+, documentRoot
 , readOnlyPaths ? []
 , readWritePaths ? []
 , postgresServiceName
-}:
-{ ...
+
+, dependsOn ? {}
 }:
 
 # Assumptions:
@@ -25,43 +26,49 @@ let
   fullPath = "${documentRoot}";
   roPaths = [fullPath] ++ readOnlyPaths;
 in
-utils.systemd.mkService rec {
-  name = "ttrss-update";
-  content = ''
-    [Unit]
-    Description=${name}
-    After=network.target ${postgresServiceName}
-    
-    [Service]
-    User=${user}
-    Group=${group}
-    ExecStart=${pkgs.php}/bin/php ${fullPath}/update_daemon2.php
+{
+  inherit name;
+  pkg = {...}: utils.systemd.mkService rec {
+    name = "ttrss-update";
+    content = ''
+      [Unit]
+      Description=${name}
+      After=network.target ${postgresServiceName}
 
-    RuntimeDirectory=${name}
+      [Service]
+      User=${user}
+      Group=${group}
+      ExecStart=${pkgs.php}/bin/php ${fullPath}/update_daemon2.php
 
-    PrivateDevices=true
-    PrivateTmp=true
-    ProtectKernelTunables=true
-    ProtectKernelModules=true
-    ProtectControlGroups=true
-    ProtectKernelLogs=true
-    ProtectHome=true
-    ProtectHostname=true
-    ProtectClock=true
-    RestrictSUIDSGID=true
-    LockPersonality=true
-    NoNewPrivileges=true
+      RuntimeDirectory=${name}
 
-    SystemCallFilter=@basic-io @file-system @process @system-service
+      PrivateDevices=true
+      PrivateTmp=true
+      ProtectKernelTunables=true
+      ProtectKernelModules=true
+      ProtectControlGroups=true
+      ProtectKernelLogs=true
+      ProtectHome=true
+      ProtectHostname=true
+      ProtectClock=true
+      RestrictSUIDSGID=true
+      LockPersonality=true
+      NoNewPrivileges=true
 
-    ProtectSystem=strict
-    ReadOnlyPaths=${builtins.concatStringsSep " " roPaths}
-    ReadWritePaths=${builtins.concatStringsSep " " readWritePaths}
+      SystemCallFilter=@basic-io @file-system @process @system-service
 
-    # NoExecPaths=/
-    # ExecPaths=${pkgs.php}/bin
+      ProtectSystem=strict
+      ReadOnlyPaths=${builtins.concatStringsSep " " roPaths}
+      ReadWritePaths=${builtins.concatStringsSep " " readWritePaths}
 
-    [Install]
-    WantedBy=multi-user.target
-  '';
+      # NoExecPaths=/
+      # ExecPaths=${pkgs.php}/bin
+
+      [Install]
+      WantedBy=multi-user.target
+    '';
+  };
+
+  inherit dependsOn;
+  type = "systemd-unit";
 }

vaultwarden/default.nix

@@ -99,7 +99,7 @@ rec {
 
         ExecStart=${pkgs.vaultwarden-postgresql}/bin/vaultwarden
         WorkingDirectory=${dataFolder}
-        StateDirectory=${dataFolder}
+        StateDirectory=${name}
         User=${user}
         Group=${group}