public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #46370 from primeos/nixos-sks

Browse Source 
sks,nixos/sks: Various minor improvements

Module:
- Add a webroot option (serve a website by default, makes the setup easier)
- Explicitly set a group (instead of using 65534/nogroup)
- Move pkgs.sks from environment.systemPackages to the "sks" user and add pkgs.db

Package:
- Adapt the output of "sks version" to NixOS
- Copy the example webpages to $webSamples
This commit is contained in:
Michael Weiss 2018-09-08 17:24:58 +02:00 committed by GitHub
commit b58a230c60
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 69 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
nixos/modules/services/security/sks.nix
View File

@ -53,39 +53,60 @@ in {
type = types.ints.u16; type = types.ints.u16;
description = "HKP port to listen on."; description = "HKP port to listen on.";
}; };
webroot = mkOption {
type = types.nullOr types.path;
default = "${sksPkg.webSamples}/OpenPKG";
defaultText = "\${pkgs.sks.webSamples}/OpenPKG";
description = ''
Source directory (will be symlinked, if not null) for the files the
built-in webserver should serve. SKS (''${pkgs.sks.webSamples})
provides the following examples: "HTML5", "OpenPKG", and "XHTML+ES".
The index file can be named index.html, index.htm, index.xhtm, or
index.xhtml. Files with the extensions .css, .es, .js, .jpg, .jpeg,
.png, or .gif are supported. Subdirectories and filenames with
anything other than alphanumeric characters and the '.' character
will be ignored.
'';
};
}; };
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = [ sksPkg ]; users = {
users.sks = {
users.users.sks = { isSystemUser = true;
createHome = true; description = "SKS user";
home = cfg.dataDir; home = cfg.dataDir;
isSystemUser = true; createHome = true;
shell = "${pkgs.coreutils}/bin/true"; group = "sks";
useDefaultShell = true;
packages = [ sksPkg pkgs.db ];
};
groups.sks = { };
}; };
systemd.services = let systemd.services = let
hkpAddress = "'" + (builtins.concatStringsSep " " cfg.hkpAddress) + "'" ; hkpAddress = "'" + (builtins.concatStringsSep " " cfg.hkpAddress) + "'" ;
hkpPort = builtins.toString cfg.hkpPort; hkpPort = builtins.toString cfg.hkpPort;
home = config.users.users.sks.home;
user = config.users.users.sks.name;
in { in {
"sks-db" = { "sks-db" = {
description = "SKS database server"; description = "SKS database server";
after = [ "network.target" ]; after = [ "network.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
preStart = '' preStart = ''
mkdir -p ${home}/dump ${lib.optionalString (cfg.webroot != null)
${sksPkg}/bin/sks build ${home}/dump/*.gpg -n 10 -cache 100 || true #*/ "ln -sfT \"${cfg.webroot}\" web"}
mkdir -p dump
${sksPkg}/bin/sks build dump/*.gpg -n 10 -cache 100 || true #*/
${sksPkg}/bin/sks cleandb || true ${sksPkg}/bin/sks cleandb || true
${sksPkg}/bin/sks pbuild -cache 20 -ptree_cache 70 || true ${sksPkg}/bin/sks pbuild -cache 20 -ptree_cache 70 || true
''; '';
serviceConfig = { serviceConfig = {
WorkingDirectory = home; WorkingDirectory = "~";
User = user; User = "sks";
Group = "sks";
Restart = "always"; Restart = "always";
ExecStart = "${sksPkg}/bin/sks db -hkp_address ${hkpAddress} -hkp_port ${hkpPort}"; ExecStart = "${sksPkg}/bin/sks db -hkp_address ${hkpAddress} -hkp_port ${hkpPort}";
}; };

27
pkgs/servers/sks/adapt-to-nixos.patch Normal file
View File

@ -0,0 +1,27 @@
--- a/version.ml 2018-09-08 15:56:18.919154257 +0200
+++ b/version.ml 2018-09-08 15:56:07.544028575 +0200
@@ -24,16 +24,6 @@
let run () =
let bdb_version = Bdb.version () in
- let dbstats_dir =
- let split = Str.regexp_string "." in
- let major_minor_string major minor =
- sprintf "Further details about the BDB environment can be seen by \
- executing\ndb%s.%s_stat -x in the KDB and Ptree directories\n" major minor
- in
- match Str.split split bdb_version with
- | major :: minor :: _ -> major_minor_string major minor
- | [] | _ :: [] -> major_minor_string "X" "Y"
- in
printf "SKS version %s%s\n"
Common.version Common.version_suffix;
@@ -44,5 +34,6 @@
requirement for recon of SKS %s\n"
Common.compatible_version_string;
- printf "%s" dbstats_dir
+ printf "Further details about the BDB environment can be seen by executing\n\
+ db_stat -x in the KDB and PTree directories\n"

8
pkgs/servers/sks/default.nix
View File

@ -11,6 +11,11 @@ stdenv.mkDerivation rec {
sha256 = "00q5ma5rvl10rkc6cdw8d69bddgrmvy0ckqj3hbisy65l4idj2zm"; sha256 = "00q5ma5rvl10rkc6cdw8d69bddgrmvy0ckqj3hbisy65l4idj2zm";
}; };
# pkgs.db provides db_stat, not db$major.$minor_stat
patches = [ ./adapt-to-nixos.patch ];
outputs = [ "out" "webSamples" ];
buildInputs = [ ocaml zlib db perl camlp4 ]; buildInputs = [ ocaml zlib db perl camlp4 ];
makeFlags = [ "PREFIX=$(out)" "MANDIR=$(out)/share/man" ]; makeFlags = [ "PREFIX=$(out)" "MANDIR=$(out)/share/man" ];
@ -26,6 +31,9 @@ stdenv.mkDerivation rec {
doCheck = true; doCheck = true;
checkPhase = "./sks unit_test"; checkPhase = "./sks unit_test";
# Copy the web examples for the NixOS module
postInstall = "cp -R sampleWeb $webSamples";
meta = with stdenv.lib; { meta = with stdenv.lib; {
description = "An easily deployable & decentralized OpenPGP keyserver"; description = "An easily deployable & decentralized OpenPGP keyserver";
longDescription = '' longDescription = ''