public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #55432 from Mic92/ttrss

Browse Source 
ttrss: database.passwordFile, ldap plugin, configureable socket
This commit is contained in:
Jörg Thalheim 2019-02-10 09:01:45 +00:00 committed by GitHub
commit d59f9c0e5f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 75 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
nixos/modules/services/web-apps/tt-rss.nix
View File

@ -34,7 +34,14 @@ let
define('DB_HOST', '${optionalString (cfg.database.host != null) cfg.database.host}'); define('DB_HOST', '${optionalString (cfg.database.host != null) cfg.database.host}');
define('DB_USER', '${cfg.database.user}'); define('DB_USER', '${cfg.database.user}');
define('DB_NAME', '${cfg.database.name}'); define('DB_NAME', '${cfg.database.name}');
define('DB_PASS', '${optionalString (cfg.database.password != null) (escape ["'" "\\"] cfg.database.password)}'); define('DB_PASS', ${
if (cfg.database.password != null) then
"'${(escape ["'" "\\"] cfg.database.password)}'"
else if (cfg.database.passwordFile != null) then
"file_get_contents('${cfg.database.passwordFile}')"
else
""
});
define('DB_PORT', '${toString dbPort}'); define('DB_PORT', '${toString dbPort}');
define('AUTH_AUTO_CREATE', ${boolToString cfg.auth.autoCreate}); define('AUTH_AUTO_CREATE', ${boolToString cfg.auth.autoCreate});
@ -168,6 +175,14 @@ let
''; '';
}; };
passwordFile = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
The database user's password.
'';
};
port = mkOption { port = mkOption {
type = types.nullOr types.int; type = types.nullOr types.int;
default = null; default = null;
@ -479,21 +494,30 @@ let
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.phpfpm.poolConfigs = mkIf (cfg.pool == "${poolName}") { assertions = [
"${poolName}" = '' {
listen = "${phpfpmSocketName}"; assertion = cfg.database.password != null -> cfg.database.passwordFile == null;
listen.owner = nginx message = "Cannot set both password and passwordFile";
listen.group = nginx }
listen.mode = 0600 ];
user = ${cfg.user}
pm = dynamic services.phpfpm.pools = mkIf (cfg.pool == "${poolName}") {
pm.max_children = 75 "${poolName}" = {
pm.start_servers = 10 listen = "/var/run/phpfpm/${poolName}.sock";
pm.min_spare_servers = 5 extraConfig = ''
pm.max_spare_servers = 20 listen.owner = nginx
pm.max_requests = 500 listen.group = nginx
catch_workers_output = 1 listen.mode = 0600
''; user = ${cfg.user}
pm = dynamic
pm.max_children = 75
pm.start_servers = 10
pm.min_spare_servers = 5
pm.max_spare_servers = 20
pm.max_requests = 500
catch_workers_output = 1
'';
};
}; };
# NOTE: No configuration is done if not using virtual host # NOTE: No configuration is done if not using virtual host
@ -510,7 +534,7 @@ let
locations."~ \.php$" = { locations."~ \.php$" = {
extraConfig = '' extraConfig = ''
fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:${phpfpmSocketName}; fastcgi_pass unix:${config.services.phpfpm.pools.${cfg.pool}.listen};
fastcgi_index index.php; fastcgi_index index.php;
''; '';
}; };
@ -528,6 +552,7 @@ let
callSql = e: callSql = e:
if cfg.database.type == "pgsql" then '' if cfg.database.type == "pgsql" then ''
${optionalString (cfg.database.password != null) "PGPASSWORD=${cfg.database.password}"} \ ${optionalString (cfg.database.password != null) "PGPASSWORD=${cfg.database.password}"} \
${optionalString (cfg.database.passwordFile != null) "PGPASSWORD=$(cat ${cfg.database.passwordFile}"}) \
${pkgs.sudo}/bin/sudo -u ${cfg.user} ${config.services.postgresql.package}/bin/psql \ ${pkgs.sudo}/bin/sudo -u ${cfg.user} ${config.services.postgresql.package}/bin/psql \
-U ${cfg.database.user} \ -U ${cfg.database.user} \
${optionalString (cfg.database.host != null) "-h ${cfg.database.host} --port ${toString dbPort}"} \ ${optionalString (cfg.database.host != null) "-h ${cfg.database.host} --port ${toString dbPort}"} \

32
pkgs/servers/tt-rss/plugin-auth-ldap/default.nix Normal file
View File

@ -0,0 +1,32 @@
{ stdenv, fetchFromGitHub, fetchpatch }:
stdenv.mkDerivation rec {
name = "tt-rss-plugin-auth-ldap-${version}";
version = "2.0.0";
src = fetchFromGitHub {
owner = "hydrian";
repo = "TTRSS-Auth-LDAP";
rev = version;
sha256 = "1mg9jff2m0ajxql1vd1g7hsxfbv9smhrmjg4j2gvvjbii45ry0jh";
};
patches = [
(fetchpatch {
url = "https://github.com/Mic92/TTRSS-Auth-LDAP/commit/7534fa54babc377a070e05e326a46a252b5e3884.patch";
sha256 = "1p7zas0n627z0g226dp5m5dg1ai2z3vi69n3xivp517iv3lch70l";
})
];
installPhase = ''
install -D plugins/auth_ldap/init.php $out/auth_ldap/init.php
'';
meta = with stdenv.lib; {
description = "Plugin for TT-RSS to authenticate users via ldap";
license = licenses.gpl3;
homepage = https://github.com/hydrian/TTRSS-Auth-LDAP;
maintainers = with maintainers; [ mic92 ];
platforms = platforms.all;
};
}

1
pkgs/top-level/all-packages.nix
View File

@ -14113,6 +14113,7 @@ in
tt-rss = callPackage ../servers/tt-rss { }; tt-rss = callPackage ../servers/tt-rss { };
tt-rss-plugin-tumblr-gdpr = callPackage ../servers/tt-rss/plugin-tumblr-gdpr { }; tt-rss-plugin-tumblr-gdpr = callPackage ../servers/tt-rss/plugin-tumblr-gdpr { };
tt-rss-plugin-auth-ldap = callPackage ../servers/tt-rss/plugin-auth-ldap { };
tt-rss-theme-feedly = callPackage ../servers/tt-rss/theme-feedly { }; tt-rss-theme-feedly = callPackage ../servers/tt-rss/theme-feedly { };
searx = callPackage ../servers/web-apps/searx { }; searx = callPackage ../servers/web-apps/searx { };