From 2977fd8fdfc55dd42837e3dd56c77d36097ef607 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Isma=C3=ABl=20Bouya?= Date: Fri, 10 May 2019 00:20:30 +0200 Subject: [PATCH] Move taskwarrior-web to pkgs --- nixops/modules/task/default.nix | 75 +++++++++---------- pkgs/webapps/default.nix | 2 + .../webapps/taskwarrior-web}/Gemfile.lock | 0 .../webapps/taskwarrior-web/default.nix | 30 ++++---- .../webapps/taskwarrior-web}/fixes.patch | 0 .../webapps/taskwarrior-web}/gemset.nix | 0 .../taskwarrior-web}/taskwarrior-web.json | 0 .../webapps/taskwarrior-web}/thin.patch | 0 8 files changed, 53 insertions(+), 54 deletions(-) rename {nixops/modules/task => pkgs/webapps/taskwarrior-web}/Gemfile.lock (100%) rename nixops/modules/task/taskwarrior-web.nix => pkgs/webapps/taskwarrior-web/default.nix (54%) rename {nixops/modules/task => pkgs/webapps/taskwarrior-web}/fixes.patch (100%) rename {nixops/modules/task => pkgs/webapps/taskwarrior-web}/gemset.nix (100%) rename {nixops/modules/task => pkgs/webapps/taskwarrior-web}/taskwarrior-web.json (100%) rename {nixops/modules/task => pkgs/webapps/taskwarrior-web}/thin.patch (100%) diff --git a/nixops/modules/task/default.nix b/nixops/modules/task/default.nix index 9671725..1f5ddd2 100644 --- a/nixops/modules/task/default.nix +++ b/nixops/modules/task/default.nix @@ -1,7 +1,7 @@ { lib, pkgs, config, myconfig, mylibs, ... }: let cfg = config.services.myTasks; - vardir = config.services.taskserver.dataDir; + server_vardir = config.services.taskserver.dataDir; fqdn = "task.immae.eu"; user = config.services.taskserver.user; env = myconfig.env.tools.task; @@ -22,8 +22,8 @@ let silent_certtool -p \ --bits 4096 \ - --outfile "${vardir}/userkeys/$user.key.pem" - ${pkgs.gnused}/bin/sed -i -n -e '/^-----BEGIN RSA PRIVATE KEY-----$/,$p' "${vardir}/userkeys/$user.key.pem" + --outfile "${server_vardir}/userkeys/$user.key.pem" + ${pkgs.gnused}/bin/sed -i -n -e '/^-----BEGIN RSA PRIVATE KEY-----$/,$p' "${server_vardir}/userkeys/$user.key.pem" silent_certtool -c \ --template "${pkgs.writeText "taskserver-ca.template" '' @@ -32,18 +32,17 @@ let signing_key expiration_days = 3650 ''}" \ - --load-ca-certificate "${vardir}/keys/ca.cert" \ - --load-ca-privkey "${vardir}/keys/ca.key" \ - --load-privkey "${vardir}/userkeys/$user.key.pem" \ - --outfile "${vardir}/userkeys/$user.cert.pem" + --load-ca-certificate "${server_vardir}/keys/ca.cert" \ + --load-ca-privkey "${server_vardir}/keys/ca.key" \ + --load-privkey "${server_vardir}/userkeys/$user.key.pem" \ + --outfile "${server_vardir}/userkeys/$user.cert.pem" EOF chmod a+x $out/bin/taskserver-user-certs patchShebangs $out/bin/taskserver-user-certs ''; - taskwarrior-web = pkgs.callPackage ./taskwarrior-web.nix { - inherit (mylibs) fetchedGithub; - inherit env; - }; + taskwarrior-web = pkgs.webapps.taskwarrior-web; + socketsDir = "/run/taskwarrior-web"; + varDir = "/var/lib/taskwarrior-web"; taskwebPages = let uidPages = lib.attrsets.zipAttrs ( lib.lists.flatten @@ -94,7 +93,7 @@ in { permissions = "0400"; text = '' SetEnv TASKD_HOST "${fqdn}:${toString config.services.taskserver.listenPort}" - SetEnv TASKD_VARDIR "${vardir}" + SetEnv TASKD_VARDIR "${server_vardir}" SetEnv TASKD_LDAP_HOST "ldaps://${env.ldap.host}" SetEnv TASKD_LDAP_DN "${env.ldap.dn}" SetEnv TASKD_LDAP_PASSWORD "${env.ldap.password}" @@ -121,8 +120,8 @@ in { '' '' - ProxyPass "unix://${taskwarrior-web.socketsDir}/%{folderName}.sock|http://localhost-%{folderName}/" - ProxyPassReverse "unix://${taskwarrior-web.socketsDir}/%{folderName}.sock|http://localhost-%{folderName}/" + ProxyPass "unix://${socketsDir}/%{folderName}.sock|http://localhost-%{folderName}/" + ProxyPassReverse "unix://${socketsDir}/%{folderName}.sock|http://localhost-%{folderName}/" ProxyPassReverse http://${fqdn}/ SetOutputFilter Sed @@ -177,7 +176,7 @@ in { ; Needed to avoid clashes in browser cookies (same domain) env[PATH] = "/etc/profiles/per-user/${user}/bin" php_value[session.name] = TaskPHPSESSID - php_admin_value[open_basedir] = "${./www}:/tmp:${vardir}:/etc/profiles/per-user/${user}/bin/" + php_admin_value[open_basedir] = "${./www}:/tmp:${server_vardir}:/etc/profiles/per-user/${user}/bin/" ''; }; @@ -199,11 +198,11 @@ in { system.activationScripts.taskserver = { deps = [ "users" ]; text = '' - install -m 0750 -o ${user} -g ${group} -d ${vardir} - install -m 0750 -o ${user} -g ${group} -d ${vardir}/userkeys - install -m 0750 -o ${user} -g ${group} -d ${vardir}/keys + install -m 0750 -o ${user} -g ${group} -d ${server_vardir} + install -m 0750 -o ${user} -g ${group} -d ${server_vardir}/userkeys + install -m 0750 -o ${user} -g ${group} -d ${server_vardir}/keys - if [ ! -e "${vardir}/keys/ca.key" ]; then + if [ ! -e "${server_vardir}/keys/ca.key" ]; then silent_certtool() { if ! output="$("${pkgs.gnutls.bin}/bin/certtool" "$@" 2>&1)"; then echo "GNUTLS certtool invocation failed with output:" >&2 @@ -213,7 +212,7 @@ in { silent_certtool -p \ --bits 4096 \ - --outfile "${vardir}/keys/ca.key" + --outfile "${server_vardir}/keys/ca.key" silent_certtool -s \ --template "${pkgs.writeText "taskserver-ca.template" '' @@ -222,11 +221,11 @@ in { cert_signing_key ca ''}" \ - --load-privkey "${vardir}/keys/ca.key" \ - --outfile "${vardir}/keys/ca.cert" + --load-privkey "${server_vardir}/keys/ca.key" \ + --outfile "${server_vardir}/keys/ca.cert" - chown :${group} "${vardir}/keys/ca.key" - chmod g+r "${vardir}/keys/ca.key" + chown :${group} "${server_vardir}/keys/ca.key" + chmod g+r "${server_vardir}/keys/ca.key" fi ''; }; @@ -236,7 +235,7 @@ in { allowedClientIDs = [ "^task [2-9]" "^Mirakel [1-9]" ]; inherit fqdn; listenHost = "::"; - pki.manual.ca.cert = "${vardir}/keys/ca.cert"; + pki.manual.ca.cert = "${server_vardir}/keys/ca.cert"; pki.manual.server.cert = "/var/lib/acme/task/fullchain.pem"; pki.manual.server.crl = "/var/lib/acme/task/invalid.crl"; pki.manual.server.key = "/var/lib/acme/task/key.pem"; @@ -246,15 +245,15 @@ in { system.activationScripts.taskwarrior-web = { deps = [ "users" ]; text = '' - install -m 0755 -o ${user} -g ${group} -d ${taskwarrior-web.socketsDir} - install -m 0750 -o ${user} -g ${group} -d ${taskwarrior-web.varDir} + install -m 0755 -o ${user} -g ${group} -d ${socketsDir} + install -m 0750 -o ${user} -g ${group} -d ${varDir} ${builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList - (k: v: "install -m 0750 -o ${user} -g ${group} -d ${taskwarrior-web.varDir}/${k}") + (k: v: "install -m 0750 -o ${user} -g ${group} -d ${varDir}/${k}") env.taskwarrior-web )} - if [ ! -f ${vardir}/userkeys/taskwarrior-web.cert.pem ]; then + if [ ! -f ${server_vardir}/userkeys/taskwarrior-web.cert.pem ]; then ${taskserver-user-certs}/bin/taskserver-user-certs taskwarrior-web - chown taskd:taskd ${vardir}/userkeys/taskwarrior-web.cert.pem ${vardir}/userkeys/taskwarrior-web.key.pem + chown taskd:taskd ${server_vardir}/userkeys/taskwarrior-web.cert.pem ${server_vardir}/userkeys/taskwarrior-web.key.pem fi ''; }; @@ -264,9 +263,9 @@ in { credentials = "${userConfig.org}/${name}/${userConfig.key}"; dateFormat = userConfig.date; taskrc = pkgs.writeText "taskrc" '' - data.location=${taskwarrior-web.varDir}/${name} - taskd.certificate=${vardir}/userkeys/taskwarrior-web.cert.pem - taskd.key=${vardir}/userkeys/taskwarrior-web.key.pem + data.location=${varDir}/${name} + taskd.certificate=${server_vardir}/userkeys/taskwarrior-web.cert.pem + taskd.key=${server_vardir}/userkeys/taskwarrior-web.key.pem # IdenTrust DST Root CA X3 # obtained here: https://letsencrypt.org/fr/certificates/ taskd.ca=${pkgs.writeText "ca.cert" '' @@ -306,7 +305,7 @@ in { environment.LC_ALL = "fr_FR.UTF-8"; script = '' - exec ${taskwarrior-web.gems}/${taskwarrior-web.gems.ruby.gemPath}/bin/bundle exec thin start -R config.ru -S ${taskwarrior-web.socketsDir}/${name}.sock + exec ${taskwarrior-web.gems}/${taskwarrior-web.gems.ruby.gemPath}/bin/bundle exec thin start -R config.ru -S ${socketsDir}/${name}.sock ''; serviceConfig = { @@ -315,14 +314,14 @@ in { Restart = "always"; TimeoutSec = 60; Type = "simple"; - WorkingDirectory = taskwarrior-web.rubyRoot; + WorkingDirectory = taskwarrior-web; }; - unitConfig.RequiresMountsFor = taskwarrior-web.varDir; + unitConfig.RequiresMountsFor = varDir; }) env.taskwarrior-web) // { taskserver-ca.postStart = '' - chown :${group} "${vardir}/keys/ca.key" - chmod g+r "${vardir}/keys/ca.key" + chown :${group} "${server_vardir}/keys/ca.key" + chmod g+r "${server_vardir}/keys/ca.key" ''; }; diff --git a/pkgs/webapps/default.nix b/pkgs/webapps/default.nix index 74f9550..0ef6736 100644 --- a/pkgs/webapps/default.nix +++ b/pkgs/webapps/default.nix @@ -86,6 +86,8 @@ rec { lib.attrsets.genAttrs names (name: callPackage (./roundcubemail/plugins + "/${name}") { buildPlugin = roundcubemail.buildPlugin; }); + taskwarrior-web = callPackage ./taskwarrior-web { inherit mylibs; }; + ttrss = callPackage ./ttrss { inherit mylibs; }; ttrss-with-plugins = ttrss.withPlugins (builtins.attrValues ttrss-plugins); ttrss-plugins = let diff --git a/nixops/modules/task/Gemfile.lock b/pkgs/webapps/taskwarrior-web/Gemfile.lock similarity index 100% rename from nixops/modules/task/Gemfile.lock rename to pkgs/webapps/taskwarrior-web/Gemfile.lock diff --git a/nixops/modules/task/taskwarrior-web.nix b/pkgs/webapps/taskwarrior-web/default.nix similarity index 54% rename from nixops/modules/task/taskwarrior-web.nix rename to pkgs/webapps/taskwarrior-web/default.nix index e38ada4..d5368c5 100644 --- a/nixops/modules/task/taskwarrior-web.nix +++ b/pkgs/webapps/taskwarrior-web/default.nix @@ -1,24 +1,22 @@ -{ env, ruby_2_6, bundlerEnv, defaultGemConfig, fetchedGithub, stdenv, writeText, pkgs }: +{ ruby_2_6, bundlerEnv, mylibs, stdenv }: let - varDir = "/var/lib/taskwarrior-web"; - socketsDir = "/run/taskwarrior-web"; - rubyRoot = stdenv.mkDerivation (fetchedGithub ./taskwarrior-web.json // rec { - phases = [ "unpackPhase" "patchPhase" "installPhase" ]; - patches = [ ./fixes.patch ./thin.patch ]; - installPhase = '' - cp -a . $out - cp ${./Gemfile.lock} $out/Gemfile.lock - ''; - }); gems = bundlerEnv { name = "taskwarrior-web-env"; ruby = ruby_2_6; pname = "taskwarrior-web"; gemset = ./gemset.nix; - gemdir = rubyRoot.out; + gemdir = package.out; groups = [ "default" "local" "development" ]; }; -in - { - inherit gems varDir socketsDir rubyRoot; - } + package = stdenv.mkDerivation (mylibs.fetchedGithub ./taskwarrior-web.json // rec { + phases = [ "unpackPhase" "patchPhase" "installPhase" ]; + patches = [ ./fixes.patch ./thin.patch ]; + installPhase = '' + cp -a . $out + cp ${./Gemfile.lock} $out/Gemfile.lock + ''; + passthru = { + inherit gems; + }; + }); +in package diff --git a/nixops/modules/task/fixes.patch b/pkgs/webapps/taskwarrior-web/fixes.patch similarity index 100% rename from nixops/modules/task/fixes.patch rename to pkgs/webapps/taskwarrior-web/fixes.patch diff --git a/nixops/modules/task/gemset.nix b/pkgs/webapps/taskwarrior-web/gemset.nix similarity index 100% rename from nixops/modules/task/gemset.nix rename to pkgs/webapps/taskwarrior-web/gemset.nix diff --git a/nixops/modules/task/taskwarrior-web.json b/pkgs/webapps/taskwarrior-web/taskwarrior-web.json similarity index 100% rename from nixops/modules/task/taskwarrior-web.json rename to pkgs/webapps/taskwarrior-web/taskwarrior-web.json diff --git a/nixops/modules/task/thin.patch b/pkgs/webapps/taskwarrior-web/thin.patch similarity index 100% rename from nixops/modules/task/thin.patch rename to pkgs/webapps/taskwarrior-web/thin.patch -- 2.41.0