aboutsummaryrefslogtreecommitdiff
path: root/nixops/modules/task/default.nix
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2019-05-10 00:20:30 +0200
committerIsmaël Bouya <ismael.bouya@normalesup.org>2019-05-10 00:20:30 +0200
commit2977fd8fdfc55dd42837e3dd56c77d36097ef607 (patch)
treed245f84b567b8b7275440aeb8eb9690fe0a95f34 /nixops/modules/task/default.nix
parent598aaa373c359046ee08ab5e7576ebaa4f0331e0 (diff)
downloadNix-2977fd8fdfc55dd42837e3dd56c77d36097ef607.tar.gz
Nix-2977fd8fdfc55dd42837e3dd56c77d36097ef607.tar.zst
Nix-2977fd8fdfc55dd42837e3dd56c77d36097ef607.zip
Move taskwarrior-web to pkgs
Diffstat (limited to 'nixops/modules/task/default.nix')
-rw-r--r--nixops/modules/task/default.nix75
1 files changed, 37 insertions, 38 deletions
diff --git a/nixops/modules/task/default.nix b/nixops/modules/task/default.nix
index 9671725..1f5ddd2 100644
--- a/nixops/modules/task/default.nix
+++ b/nixops/modules/task/default.nix
@@ -1,7 +1,7 @@
1{ lib, pkgs, config, myconfig, mylibs, ... }: 1{ lib, pkgs, config, myconfig, mylibs, ... }:
2let 2let
3 cfg = config.services.myTasks; 3 cfg = config.services.myTasks;
4 vardir = config.services.taskserver.dataDir; 4 server_vardir = config.services.taskserver.dataDir;
5 fqdn = "task.immae.eu"; 5 fqdn = "task.immae.eu";
6 user = config.services.taskserver.user; 6 user = config.services.taskserver.user;
7 env = myconfig.env.tools.task; 7 env = myconfig.env.tools.task;
@@ -22,8 +22,8 @@ let
22 22
23 silent_certtool -p \ 23 silent_certtool -p \
24 --bits 4096 \ 24 --bits 4096 \
25 --outfile "${vardir}/userkeys/$user.key.pem" 25 --outfile "${server_vardir}/userkeys/$user.key.pem"
26 ${pkgs.gnused}/bin/sed -i -n -e '/^-----BEGIN RSA PRIVATE KEY-----$/,$p' "${vardir}/userkeys/$user.key.pem" 26 ${pkgs.gnused}/bin/sed -i -n -e '/^-----BEGIN RSA PRIVATE KEY-----$/,$p' "${server_vardir}/userkeys/$user.key.pem"
27 27
28 silent_certtool -c \ 28 silent_certtool -c \
29 --template "${pkgs.writeText "taskserver-ca.template" '' 29 --template "${pkgs.writeText "taskserver-ca.template" ''
@@ -32,18 +32,17 @@ let
32 signing_key 32 signing_key
33 expiration_days = 3650 33 expiration_days = 3650
34 ''}" \ 34 ''}" \
35 --load-ca-certificate "${vardir}/keys/ca.cert" \ 35 --load-ca-certificate "${server_vardir}/keys/ca.cert" \
36 --load-ca-privkey "${vardir}/keys/ca.key" \ 36 --load-ca-privkey "${server_vardir}/keys/ca.key" \
37 --load-privkey "${vardir}/userkeys/$user.key.pem" \ 37 --load-privkey "${server_vardir}/userkeys/$user.key.pem" \
38 --outfile "${vardir}/userkeys/$user.cert.pem" 38 --outfile "${server_vardir}/userkeys/$user.cert.pem"
39 EOF 39 EOF
40 chmod a+x $out/bin/taskserver-user-certs 40 chmod a+x $out/bin/taskserver-user-certs
41 patchShebangs $out/bin/taskserver-user-certs 41 patchShebangs $out/bin/taskserver-user-certs
42 ''; 42 '';
43 taskwarrior-web = pkgs.callPackage ./taskwarrior-web.nix { 43 taskwarrior-web = pkgs.webapps.taskwarrior-web;
44 inherit (mylibs) fetchedGithub; 44 socketsDir = "/run/taskwarrior-web";
45 inherit env; 45 varDir = "/var/lib/taskwarrior-web";
46 };
47 taskwebPages = let 46 taskwebPages = let
48 uidPages = lib.attrsets.zipAttrs ( 47 uidPages = lib.attrsets.zipAttrs (
49 lib.lists.flatten 48 lib.lists.flatten
@@ -94,7 +93,7 @@ in {
94 permissions = "0400"; 93 permissions = "0400";
95 text = '' 94 text = ''
96 SetEnv TASKD_HOST "${fqdn}:${toString config.services.taskserver.listenPort}" 95 SetEnv TASKD_HOST "${fqdn}:${toString config.services.taskserver.listenPort}"
97 SetEnv TASKD_VARDIR "${vardir}" 96 SetEnv TASKD_VARDIR "${server_vardir}"
98 SetEnv TASKD_LDAP_HOST "ldaps://${env.ldap.host}" 97 SetEnv TASKD_LDAP_HOST "ldaps://${env.ldap.host}"
99 SetEnv TASKD_LDAP_DN "${env.ldap.dn}" 98 SetEnv TASKD_LDAP_DN "${env.ldap.dn}"
100 SetEnv TASKD_LDAP_PASSWORD "${env.ldap.password}" 99 SetEnv TASKD_LDAP_PASSWORD "${env.ldap.password}"
@@ -121,8 +120,8 @@ in {
121 '' 120 ''
122 '' 121 ''
123 <Macro Taskwarrior %{folderName}> 122 <Macro Taskwarrior %{folderName}>
124 ProxyPass "unix://${taskwarrior-web.socketsDir}/%{folderName}.sock|http://localhost-%{folderName}/" 123 ProxyPass "unix://${socketsDir}/%{folderName}.sock|http://localhost-%{folderName}/"
125 ProxyPassReverse "unix://${taskwarrior-web.socketsDir}/%{folderName}.sock|http://localhost-%{folderName}/" 124 ProxyPassReverse "unix://${socketsDir}/%{folderName}.sock|http://localhost-%{folderName}/"
126 ProxyPassReverse http://${fqdn}/ 125 ProxyPassReverse http://${fqdn}/
127 126
128 SetOutputFilter Sed 127 SetOutputFilter Sed
@@ -177,7 +176,7 @@ in {
177 ; Needed to avoid clashes in browser cookies (same domain) 176 ; Needed to avoid clashes in browser cookies (same domain)
178 env[PATH] = "/etc/profiles/per-user/${user}/bin" 177 env[PATH] = "/etc/profiles/per-user/${user}/bin"
179 php_value[session.name] = TaskPHPSESSID 178 php_value[session.name] = TaskPHPSESSID
180 php_admin_value[open_basedir] = "${./www}:/tmp:${vardir}:/etc/profiles/per-user/${user}/bin/" 179 php_admin_value[open_basedir] = "${./www}:/tmp:${server_vardir}:/etc/profiles/per-user/${user}/bin/"
181 ''; 180 '';
182 }; 181 };
183 182
@@ -199,11 +198,11 @@ in {
199 system.activationScripts.taskserver = { 198 system.activationScripts.taskserver = {
200 deps = [ "users" ]; 199 deps = [ "users" ];
201 text = '' 200 text = ''
202 install -m 0750 -o ${user} -g ${group} -d ${vardir} 201 install -m 0750 -o ${user} -g ${group} -d ${server_vardir}
203 install -m 0750 -o ${user} -g ${group} -d ${vardir}/userkeys 202 install -m 0750 -o ${user} -g ${group} -d ${server_vardir}/userkeys
204 install -m 0750 -o ${user} -g ${group} -d ${vardir}/keys 203 install -m 0750 -o ${user} -g ${group} -d ${server_vardir}/keys
205 204
206 if [ ! -e "${vardir}/keys/ca.key" ]; then 205 if [ ! -e "${server_vardir}/keys/ca.key" ]; then
207 silent_certtool() { 206 silent_certtool() {
208 if ! output="$("${pkgs.gnutls.bin}/bin/certtool" "$@" 2>&1)"; then 207 if ! output="$("${pkgs.gnutls.bin}/bin/certtool" "$@" 2>&1)"; then
209 echo "GNUTLS certtool invocation failed with output:" >&2 208 echo "GNUTLS certtool invocation failed with output:" >&2
@@ -213,7 +212,7 @@ in {
213 212
214 silent_certtool -p \ 213 silent_certtool -p \
215 --bits 4096 \ 214 --bits 4096 \
216 --outfile "${vardir}/keys/ca.key" 215 --outfile "${server_vardir}/keys/ca.key"
217 216
218 silent_certtool -s \ 217 silent_certtool -s \
219 --template "${pkgs.writeText "taskserver-ca.template" '' 218 --template "${pkgs.writeText "taskserver-ca.template" ''
@@ -222,11 +221,11 @@ in {
222 cert_signing_key 221 cert_signing_key
223 ca 222 ca
224 ''}" \ 223 ''}" \
225 --load-privkey "${vardir}/keys/ca.key" \ 224 --load-privkey "${server_vardir}/keys/ca.key" \
226 --outfile "${vardir}/keys/ca.cert" 225 --outfile "${server_vardir}/keys/ca.cert"
227 226
228 chown :${group} "${vardir}/keys/ca.key" 227 chown :${group} "${server_vardir}/keys/ca.key"
229 chmod g+r "${vardir}/keys/ca.key" 228 chmod g+r "${server_vardir}/keys/ca.key"
230 fi 229 fi
231 ''; 230 '';
232 }; 231 };
@@ -236,7 +235,7 @@ in {
236 allowedClientIDs = [ "^task [2-9]" "^Mirakel [1-9]" ]; 235 allowedClientIDs = [ "^task [2-9]" "^Mirakel [1-9]" ];
237 inherit fqdn; 236 inherit fqdn;
238 listenHost = "::"; 237 listenHost = "::";
239 pki.manual.ca.cert = "${vardir}/keys/ca.cert"; 238 pki.manual.ca.cert = "${server_vardir}/keys/ca.cert";
240 pki.manual.server.cert = "/var/lib/acme/task/fullchain.pem"; 239 pki.manual.server.cert = "/var/lib/acme/task/fullchain.pem";
241 pki.manual.server.crl = "/var/lib/acme/task/invalid.crl"; 240 pki.manual.server.crl = "/var/lib/acme/task/invalid.crl";
242 pki.manual.server.key = "/var/lib/acme/task/key.pem"; 241 pki.manual.server.key = "/var/lib/acme/task/key.pem";
@@ -246,15 +245,15 @@ in {
246 system.activationScripts.taskwarrior-web = { 245 system.activationScripts.taskwarrior-web = {
247 deps = [ "users" ]; 246 deps = [ "users" ];
248 text = '' 247 text = ''
249 install -m 0755 -o ${user} -g ${group} -d ${taskwarrior-web.socketsDir} 248 install -m 0755 -o ${user} -g ${group} -d ${socketsDir}
250 install -m 0750 -o ${user} -g ${group} -d ${taskwarrior-web.varDir} 249 install -m 0750 -o ${user} -g ${group} -d ${varDir}
251 ${builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList 250 ${builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList
252 (k: v: "install -m 0750 -o ${user} -g ${group} -d ${taskwarrior-web.varDir}/${k}") 251 (k: v: "install -m 0750 -o ${user} -g ${group} -d ${varDir}/${k}")
253 env.taskwarrior-web 252 env.taskwarrior-web
254 )} 253 )}
255 if [ ! -f ${vardir}/userkeys/taskwarrior-web.cert.pem ]; then 254 if [ ! -f ${server_vardir}/userkeys/taskwarrior-web.cert.pem ]; then
256 ${taskserver-user-certs}/bin/taskserver-user-certs taskwarrior-web 255 ${taskserver-user-certs}/bin/taskserver-user-certs taskwarrior-web
257 chown taskd:taskd ${vardir}/userkeys/taskwarrior-web.cert.pem ${vardir}/userkeys/taskwarrior-web.key.pem 256 chown taskd:taskd ${server_vardir}/userkeys/taskwarrior-web.cert.pem ${server_vardir}/userkeys/taskwarrior-web.key.pem
258 fi 257 fi
259 ''; 258 '';
260 }; 259 };
@@ -264,9 +263,9 @@ in {
264 credentials = "${userConfig.org}/${name}/${userConfig.key}"; 263 credentials = "${userConfig.org}/${name}/${userConfig.key}";
265 dateFormat = userConfig.date; 264 dateFormat = userConfig.date;
266 taskrc = pkgs.writeText "taskrc" '' 265 taskrc = pkgs.writeText "taskrc" ''
267 data.location=${taskwarrior-web.varDir}/${name} 266 data.location=${varDir}/${name}
268 taskd.certificate=${vardir}/userkeys/taskwarrior-web.cert.pem 267 taskd.certificate=${server_vardir}/userkeys/taskwarrior-web.cert.pem
269 taskd.key=${vardir}/userkeys/taskwarrior-web.key.pem 268 taskd.key=${server_vardir}/userkeys/taskwarrior-web.key.pem
270 # IdenTrust DST Root CA X3 269 # IdenTrust DST Root CA X3
271 # obtained here: https://letsencrypt.org/fr/certificates/ 270 # obtained here: https://letsencrypt.org/fr/certificates/
272 taskd.ca=${pkgs.writeText "ca.cert" '' 271 taskd.ca=${pkgs.writeText "ca.cert" ''
@@ -306,7 +305,7 @@ in {
306 environment.LC_ALL = "fr_FR.UTF-8"; 305 environment.LC_ALL = "fr_FR.UTF-8";
307 306
308 script = '' 307 script = ''
309 exec ${taskwarrior-web.gems}/${taskwarrior-web.gems.ruby.gemPath}/bin/bundle exec thin start -R config.ru -S ${taskwarrior-web.socketsDir}/${name}.sock 308 exec ${taskwarrior-web.gems}/${taskwarrior-web.gems.ruby.gemPath}/bin/bundle exec thin start -R config.ru -S ${socketsDir}/${name}.sock
310 ''; 309 '';
311 310
312 serviceConfig = { 311 serviceConfig = {
@@ -315,14 +314,14 @@ in {
315 Restart = "always"; 314 Restart = "always";
316 TimeoutSec = 60; 315 TimeoutSec = 60;
317 Type = "simple"; 316 Type = "simple";
318 WorkingDirectory = taskwarrior-web.rubyRoot; 317 WorkingDirectory = taskwarrior-web;
319 }; 318 };
320 319
321 unitConfig.RequiresMountsFor = taskwarrior-web.varDir; 320 unitConfig.RequiresMountsFor = varDir;
322 }) env.taskwarrior-web) // { 321 }) env.taskwarrior-web) // {
323 taskserver-ca.postStart = '' 322 taskserver-ca.postStart = ''
324 chown :${group} "${vardir}/keys/ca.key" 323 chown :${group} "${server_vardir}/keys/ca.key"
325 chmod g+r "${vardir}/keys/ca.key" 324 chmod g+r "${server_vardir}/keys/ca.key"
326 ''; 325 '';
327 }; 326 };
328 327
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-11 16:21:28 +0000