1
0
Fork 0

merge files for ttrss

This commit is contained in:
ibizaman 2023-01-16 21:39:20 -08:00
parent c98cfdb892
commit ba14b8d4a1
10 changed files with 124 additions and 222 deletions

View file

@ -28,15 +28,7 @@ let
mkKeycloakCliService = callPackage ./keycloak-cli-config/unit.nix {inherit utils;};
TtrssEnvironment = callPackage ./ttrss/environment.nix {};
TtrssConfig = callPackage ./ttrss/config.nix {};
mkTtrssConfig = callPackage ./ttrss/mkconfig.nix {inherit TtrssConfig;};
TtrssUpdateService = callPackage ./ttrss/update.nix {inherit utils;};
mkTtrssUpdateService = callPackage ./ttrss/mkupdate.nix {inherit TtrssUpdateService;};
TtrssUpgradeDBService = callPackage ./ttrss/dbupgrade.nix {};
mkTtrssUpgradeDBService = callPackage ./ttrss/mkdbupgrade.nix {inherit TtrssUpgradeDBService;};
mkTtrssPHPNormalizeHeaders = callPackage ./ttrss/normalize-headers.nix {};
ttrss = callPackage ./ttrss {inherit utils customPkgs;};
vaultwarden = callPackage ./vaultwarden {inherit utils customPkgs;};
};
in

View file

@ -2,8 +2,10 @@
, pkgs
, lib
}:
{ document_root
{ documentRoot
, name ? "ttrss"
, serviceName ? "ttrss"
, subdomain ? "ttrss"
, user ? "http"
, group ? "http"
, domain
@ -22,8 +24,8 @@
# , feedback_url ? ""
, auth_remote_post_logout_url ? null
, enabled_plugins ? [ "auth_remote" "note" ]
}:
{ TtrssPostgresDB
, dependsOn ? {}
}:
let
@ -34,9 +36,9 @@ let
);
wrapPutenv = key: value: "putenv('TTRSS_${lib.toUpper key}=${value}');";
config = self_url_path: {
config = self_url_path: db: {
db_type = "pgsql";
db_host = db_host {inherit TtrssPostgresDB;};
db_host = db_host db;
db_port = builtins.toString db_port;
db_user = db_username;
db_name = db_database;
@ -85,26 +87,35 @@ let
} else {}
);
in
stdenv.mkDerivation rec {
inherit name;
src = pkgs.tt-rss;
{
name = serviceName;
buildCommand =
let
configFile = pkgs.writeText "config.php" (asTtrssConfig (config "https://${name}.${domain}/"));
dr = dirOf document_root;
in
''
mkdir -p $out/${name}
cp -ra $src/* $out/${name}
cp ${configFile} $out/${name}/config.php
pkg = {
db
}: stdenv.mkDerivation rec {
inherit name;
src = pkgs.tt-rss;
echo "${dr}" > $out/.dysnomia-targetdir
echo "${user}:${group}" > $out/.dysnomia-filesetowner
buildCommand =
let
configFile = pkgs.writeText "config.php" (asTtrssConfig (config "https://${subdomain}.${domain}/" db));
dr = dirOf documentRoot;
in
''
mkdir -p $out/${name}
cp -ra $src/* $out/${name}
cp ${configFile} $out/${name}/config.php
cat > $out/.dysnomia-fileset <<FILESET
symlink $out/${name}
target ${dr}
FILESET
'';
echo "${dr}" > $out/.dysnomia-targetdir
echo "${user}:${group}" > $out/.dysnomia-filesetowner
cat > $out/.dysnomia-fileset <<FILESET
symlink $out/${name}
target ${dr}
FILESET
'';
};
inherit dependsOn;
type = "fileset";
}

View file

@ -1,42 +1,52 @@
{ stdenv
, pkgs
}:
{ binDir
{ name
, user
}:
{ TtrssPostgresDB
, TtrssConfig
, binDir
, dependsOn ? {}
}:
stdenv.mkDerivation {
name = "dbupgrade";
{
inherit name;
pkg =
{ db
, config
}:
stdenv.mkDerivation {
name = "dbupgrade";
src = pkgs.writeTextDir "wrapper" ''
#!/bin/bash -e
src = pkgs.writeTextDir "wrapper" ''
#!/bin/bash -e
sudo -u ${user} bash <<HERE
case "$1" in
activate)
${pkgs.php}/bin/php ${binDir}/update.php --update-schema=force-yes
;;
lock)
if [ -f /tmp/wrapper.lock ]
then
exit 1
else
echo "1" > /tmp/wrapper.lock
fi
;;
unlock)
rm -f /tmp/wrapper.lock
;;
esac
HERE
'';
sudo -u ${user} bash <<HERE
case "$1" in
activate)
${pkgs.php}/bin/php ${binDir}/update.php --update-schema=force-yes
;;
lock)
if [ -f /tmp/wrapper.lock ]
then
exit 1
else
echo "1" > /tmp/wrapper.lock
fi
;;
unlock)
rm -f /tmp/wrapper.lock
;;
esac
HERE
'';
installPhase = ''
mkdir -p $out/bin
cp $src/wrapper $out/bin
chmod +x $out/bin/*
'';
installPhase = ''
mkdir -p $out/bin
cp $src/wrapper $out/bin
chmod +x $out/bin/*
'';
};
inherit dependsOn;
type = "wrapper";
}

View file

@ -66,7 +66,7 @@ rec {
inherit (phpfpmService) user group;
inherit domain;
db_host = {TtrssPostgresDB}: TtrssPostgresDB.target.properties.hostname;
db_host = db: db.target.properties.hostname;
db_port = (utils.getTarget distribution "TtrssPostgresDB").containers.postgresql-database.port;
db_database = postgresDatabase;
db_username = postgresUser;

View file

@ -1,37 +0,0 @@
{}:
{
name ? "ttrss",
document_root ? "/usr/share/webapps/${name}",
systemd_run ? "/run/${name}",
persistent_dir ? "/var/lib/${name}"
}:
rec {
inherit name document_root systemd_run persistent_dir;
lock_directory = "${systemd_run}/lock";
cache_directory = "${systemd_run}/cache";
feed_icons_directory = "${persistent_dir}/feed-icons";
ro_directories = [];
rw_directories = [
lock_directory
cache_directory
feed_icons_directory
];
directories_modes = {
"${systemd_run}" = "0550";
"${lock_directory}" = "0770";
"${cache_directory}" = "0770";
"${cache_directory}/upload" = "0770";
"${cache_directory}/images" = "0770";
"${cache_directory}/export" = "0770";
"${persistent_dir}/feed-icons" = "0770";
};
postgresql = {
username = name;
password = "ttrsspw";
database = name;
};
}

View file

@ -1,39 +0,0 @@
{ TtrssConfig
}:
{ name
, user
, group
, domain
, serviceName
, document_root
, lock_directory
, cache_directory
, feed_icons_directory
, enabled_plugins ? []
, auth_remote_post_logout_url ? null
, db_host
, db_port
, db_username
, db_password
, db_database
, dependsOn ? {}
}:
{
inherit name;
pkg = TtrssConfig {
name = serviceName;
inherit document_root lock_directory cache_directory feed_icons_directory;
inherit user group;
inherit domain;
inherit db_host db_port db_username db_password db_database;
inherit enabled_plugins;
inherit auth_remote_post_logout_url;
};
inherit dependsOn;
type = "fileset";
}

View file

@ -1,17 +0,0 @@
{ TtrssUpgradeDBService
}:
{ name
, user
, binDir
, dependsOn ? {}
}:
{
inherit name;
pkg = TtrssUpgradeDBService {
inherit user binDir;
};
inherit dependsOn;
type = "wrapper";
}

View file

@ -1,25 +0,0 @@
{ TtrssUpdateService
}:
{ name
, user
, group
, documentRoot
, readOnlyPaths
, readWritePaths
, postgresServiceName
, dependsOn ? {}
}:
{
inherit name;
pkg = TtrssUpdateService {
inherit documentRoot;
inherit user group;
inherit readOnlyPaths readWritePaths;
inherit postgresServiceName;
};
inherit dependsOn;
type = "systemd-unit";
}

View file

@ -3,14 +3,15 @@
, lib
, utils
}:
{ documentRoot
{ name
, user
, group
, documentRoot
, readOnlyPaths ? []
, readWritePaths ? []
, postgresServiceName
}:
{ ...
, dependsOn ? {}
}:
# Assumptions:
@ -25,43 +26,49 @@ let
fullPath = "${documentRoot}";
roPaths = [fullPath] ++ readOnlyPaths;
in
utils.systemd.mkService rec {
name = "ttrss-update";
content = ''
[Unit]
Description=${name}
After=network.target ${postgresServiceName}
{
inherit name;
pkg = {...}: utils.systemd.mkService rec {
name = "ttrss-update";
content = ''
[Unit]
Description=${name}
After=network.target ${postgresServiceName}
[Service]
User=${user}
Group=${group}
ExecStart=${pkgs.php}/bin/php ${fullPath}/update_daemon2.php
[Service]
User=${user}
Group=${group}
ExecStart=${pkgs.php}/bin/php ${fullPath}/update_daemon2.php
RuntimeDirectory=${name}
RuntimeDirectory=${name}
PrivateDevices=true
PrivateTmp=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
ProtectKernelLogs=true
ProtectHome=true
ProtectHostname=true
ProtectClock=true
RestrictSUIDSGID=true
LockPersonality=true
NoNewPrivileges=true
PrivateDevices=true
PrivateTmp=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
ProtectKernelLogs=true
ProtectHome=true
ProtectHostname=true
ProtectClock=true
RestrictSUIDSGID=true
LockPersonality=true
NoNewPrivileges=true
SystemCallFilter=@basic-io @file-system @process @system-service
SystemCallFilter=@basic-io @file-system @process @system-service
ProtectSystem=strict
ReadOnlyPaths=${builtins.concatStringsSep " " roPaths}
ReadWritePaths=${builtins.concatStringsSep " " readWritePaths}
ProtectSystem=strict
ReadOnlyPaths=${builtins.concatStringsSep " " roPaths}
ReadWritePaths=${builtins.concatStringsSep " " readWritePaths}
# NoExecPaths=/
# ExecPaths=${pkgs.php}/bin
# NoExecPaths=/
# ExecPaths=${pkgs.php}/bin
[Install]
WantedBy=multi-user.target
'';
[Install]
WantedBy=multi-user.target
'';
};
inherit dependsOn;
type = "systemd-unit";
}

View file

@ -99,7 +99,7 @@ rec {
ExecStart=${pkgs.vaultwarden-postgresql}/bin/vaultwarden
WorkingDirectory=${dataFolder}
StateDirectory=${dataFolder}
StateDirectory=${name}
User=${user}
Group=${group}