public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #82753 from Kloenk/feature/engelsystem

Browse Source 
engelsystem: init at 3.1.0
This commit is contained in:
Kim Lindberger 2020-05-24 16:31:23 +02:00 committed by GitHub
commit 825e20ff46
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 293 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
maintainers/maintainer-list.nix
View File

@ -4071,6 +4071,16 @@
github = "klntsky"; github = "klntsky";
githubId = 18447310; githubId = 18447310;
}; };
kloenk = {
email = "me@kloenk.de";
name = "Finn Behrens";
github = "kloenk";
githubId = 12898828;
keys = [{
longkeyid = "ed25519/0xB92445CFC9546F9D";
fingerprint = "6881 5A95 D715 D429 659B 48A4 B924 45CF C954 6F9D";
}];
};
kmcopper = { kmcopper = {
email = "kmcopper@danwin1210.me"; email = "kmcopper@danwin1210.me";
name = "Kyle Copperfield"; name = "Kyle Copperfield";

1
nixos/modules/module-list.nix
View File

@ -830,6 +830,7 @@
./services/web-apps/cryptpad.nix ./services/web-apps/cryptpad.nix
./services/web-apps/documize.nix ./services/web-apps/documize.nix
./services/web-apps/dokuwiki.nix ./services/web-apps/dokuwiki.nix
./services/web-apps/engelsystem.nix
./services/web-apps/frab.nix ./services/web-apps/frab.nix
./services/web-apps/gerrit.nix ./services/web-apps/gerrit.nix
./services/web-apps/gotify-server.nix ./services/web-apps/gotify-server.nix

186
nixos/modules/services/web-apps/engelsystem.nix Normal file
View File

@ -0,0 +1,186 @@
{ config, lib, pkgs, utils, ... }:
let
inherit (lib) mkDefault mkEnableOption mkIf mkOption types literalExample;
cfg = config.services.engelsystem;
in {
options = {
services.engelsystem = {
enable = mkOption {
default = false;
example = true;
description = ''
Whether to enable engelsystem, an online tool for coordinating helpers
and shifts on large events.
'';
type = lib.types.bool;
};
domain = mkOption {
type = types.str;
example = "engelsystem.example.com";
description = "Domain to serve on.";
};
package = mkOption {
type = types.package;
example = literalExample "pkgs.engelsystem";
description = "Engelsystem package used for the service.";
default = pkgs.engelsystem;
};
createDatabase = mkOption {
type = types.bool;
default = true;
description = ''
Whether to create a local database automatically.
This will override every database setting in <option>services.engelsystem.config</option>.
'';
};
};
services.engelsystem.config = mkOption {
type = types.attrs;
default = {
database = {
host = "localhost";
database = "engelsystem";
username = "engelsystem";
};
};
example = {
maintenance = false;
database = {
host = "database.example.com";
database = "engelsystem";
username = "engelsystem";
password._secret = "/var/keys/engelsystem/database";
};
email = {
driver = "smtp";
host = "smtp.example.com";
port = 587;
from.address = "engelsystem@example.com";
from.name = "example engelsystem";
encryption = "tls";
username = "engelsystem@example.com";
password._secret = "/var/keys/engelsystem/mail";
};
autoarrive = true;
min_password_length = 6;
default_locale = "de_DE";
};
description = ''
Options to be added to config.php, as a nix attribute set. Options containing secret data
should be set to an attribute set containing the attribute _secret - a string pointing to a
file containing the value the option should be set to. See the example to get a better
picture of this: in the resulting config.php file, the email.password key will be set to
the contents of the /var/keys/engelsystem/mail file.
See https://engelsystem.de/doc/admin/configuration/ for available options.
Note that the admin user login credentials cannot be set here - they always default to
admin:asdfasdf. Log in and change them immediately.
'';
};
};
config = mkIf cfg.enable {
# create database
services.mysql = mkIf cfg.createDatabase {
enable = true;
package = mkDefault pkgs.mysql;
ensureUsers = [{
name = "engelsystem";
ensurePermissions = { "engelsystem.*" = "ALL PRIVILEGES"; };
}];
ensureDatabases = [ "engelsystem" ];
};
environment.etc."engelsystem/config.php".source =
pkgs.writeText "config.php" ''
<?php
return json_decode(file_get_contents("/var/lib/engelsystem/config.json"), true);
'';
services.phpfpm.pools.engelsystem = {
user = "engelsystem";
settings = {
"listen.owner" = config.services.nginx.user;
"pm" = "dynamic";
"pm.max_children" = 32;
"pm.max_requests" = 500;
"pm.start_servers" = 2;
"pm.min_spare_servers" = 2;
"pm.max_spare_servers" = 5;
"php_admin_value[error_log]" = "stderr";
"php_admin_flag[log_errors]" = true;
"catch_workers_output" = true;
};
};
services.nginx = {
enable = true;
virtualHosts."${cfg.domain}".locations = {
"/" = {
root = "${cfg.package}/share/engelsystem/public";
extraConfig = ''
index index.php;
try_files $uri $uri/ /index.php?$args;
autoindex off;
'';
};
"~ \\.php$" = {
root = "${cfg.package}/share/engelsystem/public";
extraConfig = ''
fastcgi_pass unix:${config.services.phpfpm.pools.engelsystem.socket};
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include ${config.services.nginx.package}/conf/fastcgi_params;
include ${config.services.nginx.package}/conf/fastcgi.conf;
'';
};
};
};
systemd.services."engelsystem-init" = {
wantedBy = [ "multi-user.target" ];
serviceConfig = { Type = "oneshot"; };
script =
let
genConfigScript = pkgs.writeScript "engelsystem-gen-config.sh"
(utils.genJqSecretsReplacementSnippet cfg.config "config.json");
in ''
umask 077
mkdir -p /var/lib/engelsystem/storage/app
mkdir -p /var/lib/engelsystem/storage/cache/views
cd /var/lib/engelsystem
${genConfigScript}
chmod 400 config.json
chown -R engelsystem .
'';
};
systemd.services."engelsystem-migrate" = {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
User = "engelsystem";
Group = "engelsystem";
};
script = ''
${cfg.package}/bin/migrate
'';
after = [ "engelsystem-init.service" "mysql.service" ];
};
systemd.services."phpfpm-engelsystem".after =
[ "engelsystem-migrate.service" ];
users.users.engelsystem = {
isSystemUser = true;
createHome = true;
home = "/var/lib/engelsystem/storage";
group = "engelsystem";
};
users.groups.engelsystem = { };
};
}

1
nixos/tests/all-tests.nix
View File

@ -87,6 +87,7 @@ in
ecryptfs = handleTest ./ecryptfs.nix {}; ecryptfs = handleTest ./ecryptfs.nix {};
ejabberd = handleTest ./xmpp/ejabberd.nix {}; ejabberd = handleTest ./xmpp/ejabberd.nix {};
elk = handleTestOn ["x86_64-linux"] ./elk.nix {}; elk = handleTestOn ["x86_64-linux"] ./elk.nix {};
engelsystem = handleTest ./engelsystem.nix {};
enlightenment = handleTest ./enlightenment.nix {}; enlightenment = handleTest ./enlightenment.nix {};
env = handleTest ./env.nix {}; env = handleTest ./env.nix {};
etcd = handleTestOn ["x86_64-linux"] ./etcd.nix {}; etcd = handleTestOn ["x86_64-linux"] ./etcd.nix {};

41
nixos/tests/engelsystem.nix Normal file
View File

@ -0,0 +1,41 @@
import ./make-test-python.nix (
{ pkgs, lib, ... }:
{
name = "engelsystem";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ talyz ];
};
nodes.engelsystem =
{ ... }:
{
services.engelsystem = {
enable = true;
domain = "engelsystem";
createDatabase = true;
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
environment.systemPackages = with pkgs; [
xmlstarlet
libxml2
];
};
testScript = ''
engelsystem.start()
engelsystem.wait_for_unit("phpfpm-engelsystem.service")
engelsystem.wait_until_succeeds("curl engelsystem/login -sS -f")
engelsystem.succeed(
"curl engelsystem/login -sS -f -c cookie | xmllint -html -xmlout - >login"
)
engelsystem.succeed(
"xml sel -T -t -m \"html/head/meta[@name='csrf-token']\" -v @content login >token"
)
engelsystem.succeed(
"curl engelsystem/login -sS -f -b cookie -F 'login=admin' -F 'password=asdfasdf' -F '_token=<token' -L | xmllint -html -xmlout - >news"
)
engelsystem.succeed(
"test 'News - Engelsystem' = \"$(xml sel -T -t -c html/head/title news)\""
)
'';
})

52
pkgs/servers/web-apps/engelsystem/default.nix Normal file
View File

@ -0,0 +1,52 @@
{ stdenv, fetchzip, php, writeText, nixosTests }:
let
phpExt = php.withExtensions
({ enabled, all }: with all; [ json filter mysqlnd mysqli pdo pdo_mysql ]);
in stdenv.mkDerivation rec {
pname = "engelsystem";
version = "3.1.0";
src = fetchzip {
url =
"https://github.com/engelsystem/engelsystem/releases/download/v3.1.0/engelsystem-v3.1.0.zip";
sha256 = "01wra7li7n5kn1l6xkrmw4vlvvyqh089zs43qzn98hj0mw8gw7ai";
# This is needed, because the zip contains a directory with world write access, which is not allowed in nix
extraPostFetch = "chmod -R a-w $out";
};
buildInputs = [ phpExt ];
installPhase = ''
runHook preInstall
# prepare
rm -r ./storage/
rm -r ./docker/
ln -sf /etc/engelsystem/config.php ./config/config.php
ln -sf /var/lib/engelsystem/storage/ ./storage
mkdir -p $out/share/engelsystem
mkdir -p $out/bin
cp -r . $out/share/engelsystem
echo $(command -v php)
# The patchShebangAuto function always used the php without extensions, so path the shebang manually
sed -i -e "1 s|.*|#\!${phpExt}/bin/php|" "$out/share/engelsystem/bin/migrate"
ln -s "$out/share/engelsystem/bin/migrate" "$out/bin/migrate"
runHook postInstall
'';
passthru.tests = nixosTests.engelsystem;
meta = with stdenv.lib; {
description =
"Coordinate your helpers in teams, assign them to work shifts or let them decide for themselves when and where they want to help with what";
license = licenses.gpl2;
homepage = "https://engelsystem.de";
maintainers = with maintainers; [ kloenk ];
platforms = platforms.all;
};
}

2
pkgs/top-level/all-packages.nix
View File

@ -15591,6 +15591,8 @@ in
dspam = callPackage ../servers/mail/dspam { }; dspam = callPackage ../servers/mail/dspam { };
engelsystem = callPackage ../servers/web-apps/engelsystem { };
etcd = callPackage ../servers/etcd { }; etcd = callPackage ../servers/etcd { };
etcd_3_4 = callPackage ../servers/etcd/3.4.nix { }; etcd_3_4 = callPackage ../servers/etcd/3.4.nix { };