aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--nixops/modules/task/default.nix75
-rw-r--r--pkgs/webapps/default.nix2
-rw-r--r--pkgs/webapps/taskwarrior-web/Gemfile.lock (renamed from nixops/modules/task/Gemfile.lock)0
-rw-r--r--pkgs/webapps/taskwarrior-web/default.nix (renamed from nixops/modules/task/taskwarrior-web.nix)30
-rw-r--r--pkgs/webapps/taskwarrior-web/fixes.patch (renamed from nixops/modules/task/fixes.patch)0
-rw-r--r--pkgs/webapps/taskwarrior-web/gemset.nix (renamed from nixops/modules/task/gemset.nix)0
-rw-r--r--pkgs/webapps/taskwarrior-web/taskwarrior-web.json (renamed from nixops/modules/task/taskwarrior-web.json)0
-rw-r--r--pkgs/webapps/taskwarrior-web/thin.patch (renamed from nixops/modules/task/thin.patch)0
8 files changed, 53 insertions, 54 deletions
diff --git a/nixops/modules/task/default.nix b/nixops/modules/task/default.nix
index 9671725..1f5ddd2 100644
--- a/nixops/modules/task/default.nix
+++ b/nixops/modules/task/default.nix
@@ -1,7 +1,7 @@
1{ lib, pkgs, config, myconfig, mylibs, ... }: 1{ lib, pkgs, config, myconfig, mylibs, ... }:
2let 2let
3 cfg = config.services.myTasks; 3 cfg = config.services.myTasks;
4 vardir = config.services.taskserver.dataDir; 4 server_vardir = config.services.taskserver.dataDir;
5 fqdn = "task.immae.eu"; 5 fqdn = "task.immae.eu";
6 user = config.services.taskserver.user; 6 user = config.services.taskserver.user;
7 env = myconfig.env.tools.task; 7 env = myconfig.env.tools.task;
@@ -22,8 +22,8 @@ let
22 22
23 silent_certtool -p \ 23 silent_certtool -p \
24 --bits 4096 \ 24 --bits 4096 \
25 --outfile "${vardir}/userkeys/$user.key.pem" 25 --outfile "${server_vardir}/userkeys/$user.key.pem"
26 ${pkgs.gnused}/bin/sed -i -n -e '/^-----BEGIN RSA PRIVATE KEY-----$/,$p' "${vardir}/userkeys/$user.key.pem" 26 ${pkgs.gnused}/bin/sed -i -n -e '/^-----BEGIN RSA PRIVATE KEY-----$/,$p' "${server_vardir}/userkeys/$user.key.pem"
27 27
28 silent_certtool -c \ 28 silent_certtool -c \
29 --template "${pkgs.writeText "taskserver-ca.template" '' 29 --template "${pkgs.writeText "taskserver-ca.template" ''
@@ -32,18 +32,17 @@ let
32 signing_key 32 signing_key
33 expiration_days = 3650 33 expiration_days = 3650
34 ''}" \ 34 ''}" \
35 --load-ca-certificate "${vardir}/keys/ca.cert" \ 35 --load-ca-certificate "${server_vardir}/keys/ca.cert" \
36 --load-ca-privkey "${vardir}/keys/ca.key" \ 36 --load-ca-privkey "${server_vardir}/keys/ca.key" \
37 --load-privkey "${vardir}/userkeys/$user.key.pem" \ 37 --load-privkey "${server_vardir}/userkeys/$user.key.pem" \
38 --outfile "${vardir}/userkeys/$user.cert.pem" 38 --outfile "${server_vardir}/userkeys/$user.cert.pem"
39 EOF 39 EOF
40 chmod a+x $out/bin/taskserver-user-certs 40 chmod a+x $out/bin/taskserver-user-certs
41 patchShebangs $out/bin/taskserver-user-certs 41 patchShebangs $out/bin/taskserver-user-certs
42 ''; 42 '';
43 taskwarrior-web = pkgs.callPackage ./taskwarrior-web.nix { 43 taskwarrior-web = pkgs.webapps.taskwarrior-web;
44 inherit (mylibs) fetchedGithub; 44 socketsDir = "/run/taskwarrior-web";
45 inherit env; 45 varDir = "/var/lib/taskwarrior-web";
46 };
47 taskwebPages = let 46 taskwebPages = let
48 uidPages = lib.attrsets.zipAttrs ( 47 uidPages = lib.attrsets.zipAttrs (
49 lib.lists.flatten 48 lib.lists.flatten
@@ -94,7 +93,7 @@ in {
94 permissions = "0400"; 93 permissions = "0400";
95 text = '' 94 text = ''
96 SetEnv TASKD_HOST "${fqdn}:${toString config.services.taskserver.listenPort}" 95 SetEnv TASKD_HOST "${fqdn}:${toString config.services.taskserver.listenPort}"
97 SetEnv TASKD_VARDIR "${vardir}" 96 SetEnv TASKD_VARDIR "${server_vardir}"
98 SetEnv TASKD_LDAP_HOST "ldaps://${env.ldap.host}" 97 SetEnv TASKD_LDAP_HOST "ldaps://${env.ldap.host}"
99 SetEnv TASKD_LDAP_DN "${env.ldap.dn}" 98 SetEnv TASKD_LDAP_DN "${env.ldap.dn}"
100 SetEnv TASKD_LDAP_PASSWORD "${env.ldap.password}" 99 SetEnv TASKD_LDAP_PASSWORD "${env.ldap.password}"
@@ -121,8 +120,8 @@ in {
121 '' 120 ''
122 '' 121 ''
123 <Macro Taskwarrior %{folderName}> 122 <Macro Taskwarrior %{folderName}>
124 ProxyPass "unix://${taskwarrior-web.socketsDir}/%{folderName}.sock|http://localhost-%{folderName}/" 123 ProxyPass "unix://${socketsDir}/%{folderName}.sock|http://localhost-%{folderName}/"
125 ProxyPassReverse "unix://${taskwarrior-web.socketsDir}/%{folderName}.sock|http://localhost-%{folderName}/" 124 ProxyPassReverse "unix://${socketsDir}/%{folderName}.sock|http://localhost-%{folderName}/"
126 ProxyPassReverse http://${fqdn}/ 125 ProxyPassReverse http://${fqdn}/
127 126
128 SetOutputFilter Sed 127 SetOutputFilter Sed
@@ -177,7 +176,7 @@ in {
177 ; Needed to avoid clashes in browser cookies (same domain) 176 ; Needed to avoid clashes in browser cookies (same domain)
178 env[PATH] = "/etc/profiles/per-user/${user}/bin" 177 env[PATH] = "/etc/profiles/per-user/${user}/bin"
179 php_value[session.name] = TaskPHPSESSID 178 php_value[session.name] = TaskPHPSESSID
180 php_admin_value[open_basedir] = "${./www}:/tmp:${vardir}:/etc/profiles/per-user/${user}/bin/" 179 php_admin_value[open_basedir] = "${./www}:/tmp:${server_vardir}:/etc/profiles/per-user/${user}/bin/"
181 ''; 180 '';
182 }; 181 };
183 182
@@ -199,11 +198,11 @@ in {
199 system.activationScripts.taskserver = { 198 system.activationScripts.taskserver = {
200 deps = [ "users" ]; 199 deps = [ "users" ];
201 text = '' 200 text = ''
202 install -m 0750 -o ${user} -g ${group} -d ${vardir} 201 install -m 0750 -o ${user} -g ${group} -d ${server_vardir}
203 install -m 0750 -o ${user} -g ${group} -d ${vardir}/userkeys 202 install -m 0750 -o ${user} -g ${group} -d ${server_vardir}/userkeys
204 install -m 0750 -o ${user} -g ${group} -d ${vardir}/keys 203 install -m 0750 -o ${user} -g ${group} -d ${server_vardir}/keys
205 204
206 if [ ! -e "${vardir}/keys/ca.key" ]; then 205 if [ ! -e "${server_vardir}/keys/ca.key" ]; then
207 silent_certtool() { 206 silent_certtool() {
208 if ! output="$("${pkgs.gnutls.bin}/bin/certtool" "$@" 2>&1)"; then 207 if ! output="$("${pkgs.gnutls.bin}/bin/certtool" "$@" 2>&1)"; then
209 echo "GNUTLS certtool invocation failed with output:" >&2 208 echo "GNUTLS certtool invocation failed with output:" >&2
@@ -213,7 +212,7 @@ in {
213 212
214 silent_certtool -p \ 213 silent_certtool -p \
215 --bits 4096 \ 214 --bits 4096 \
216 --outfile "${vardir}/keys/ca.key" 215 --outfile "${server_vardir}/keys/ca.key"
217 216
218 silent_certtool -s \ 217 silent_certtool -s \
219 --template "${pkgs.writeText "taskserver-ca.template" '' 218 --template "${pkgs.writeText "taskserver-ca.template" ''
@@ -222,11 +221,11 @@ in {
222 cert_signing_key 221 cert_signing_key
223 ca 222 ca
224 ''}" \ 223 ''}" \
225 --load-privkey "${vardir}/keys/ca.key" \ 224 --load-privkey "${server_vardir}/keys/ca.key" \
226 --outfile "${vardir}/keys/ca.cert" 225 --outfile "${server_vardir}/keys/ca.cert"
227 226
228 chown :${group} "${vardir}/keys/ca.key" 227 chown :${group} "${server_vardir}/keys/ca.key"
229 chmod g+r "${vardir}/keys/ca.key" 228 chmod g+r "${server_vardir}/keys/ca.key"
230 fi 229 fi
231 ''; 230 '';
232 }; 231 };
@@ -236,7 +235,7 @@ in {
236 allowedClientIDs = [ "^task [2-9]" "^Mirakel [1-9]" ]; 235 allowedClientIDs = [ "^task [2-9]" "^Mirakel [1-9]" ];
237 inherit fqdn; 236 inherit fqdn;
238 listenHost = "::"; 237 listenHost = "::";
239 pki.manual.ca.cert = "${vardir}/keys/ca.cert"; 238 pki.manual.ca.cert = "${server_vardir}/keys/ca.cert";
240 pki.manual.server.cert = "/var/lib/acme/task/fullchain.pem"; 239 pki.manual.server.cert = "/var/lib/acme/task/fullchain.pem";
241 pki.manual.server.crl = "/var/lib/acme/task/invalid.crl"; 240 pki.manual.server.crl = "/var/lib/acme/task/invalid.crl";
242 pki.manual.server.key = "/var/lib/acme/task/key.pem"; 241 pki.manual.server.key = "/var/lib/acme/task/key.pem";
@@ -246,15 +245,15 @@ in {
246 system.activationScripts.taskwarrior-web = { 245 system.activationScripts.taskwarrior-web = {
247 deps = [ "users" ]; 246 deps = [ "users" ];
248 text = '' 247 text = ''
249 install -m 0755 -o ${user} -g ${group} -d ${taskwarrior-web.socketsDir} 248 install -m 0755 -o ${user} -g ${group} -d ${socketsDir}
250 install -m 0750 -o ${user} -g ${group} -d ${taskwarrior-web.varDir} 249 install -m 0750 -o ${user} -g ${group} -d ${varDir}
251 ${builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList 250 ${builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList
252 (k: v: "install -m 0750 -o ${user} -g ${group} -d ${taskwarrior-web.varDir}/${k}") 251 (k: v: "install -m 0750 -o ${user} -g ${group} -d ${varDir}/${k}")
253 env.taskwarrior-web 252 env.taskwarrior-web
254 )} 253 )}
255 if [ ! -f ${vardir}/userkeys/taskwarrior-web.cert.pem ]; then 254 if [ ! -f ${server_vardir}/userkeys/taskwarrior-web.cert.pem ]; then
256 ${taskserver-user-certs}/bin/taskserver-user-certs taskwarrior-web 255 ${taskserver-user-certs}/bin/taskserver-user-certs taskwarrior-web
257 chown taskd:taskd ${vardir}/userkeys/taskwarrior-web.cert.pem ${vardir}/userkeys/taskwarrior-web.key.pem 256 chown taskd:taskd ${server_vardir}/userkeys/taskwarrior-web.cert.pem ${server_vardir}/userkeys/taskwarrior-web.key.pem
258 fi 257 fi
259 ''; 258 '';
260 }; 259 };
@@ -264,9 +263,9 @@ in {
264 credentials = "${userConfig.org}/${name}/${userConfig.key}"; 263 credentials = "${userConfig.org}/${name}/${userConfig.key}";
265 dateFormat = userConfig.date; 264 dateFormat = userConfig.date;
266 taskrc = pkgs.writeText "taskrc" '' 265 taskrc = pkgs.writeText "taskrc" ''
267 data.location=${taskwarrior-web.varDir}/${name} 266 data.location=${varDir}/${name}
268 taskd.certificate=${vardir}/userkeys/taskwarrior-web.cert.pem 267 taskd.certificate=${server_vardir}/userkeys/taskwarrior-web.cert.pem
269 taskd.key=${vardir}/userkeys/taskwarrior-web.key.pem 268 taskd.key=${server_vardir}/userkeys/taskwarrior-web.key.pem
270 # IdenTrust DST Root CA X3 269 # IdenTrust DST Root CA X3
271 # obtained here: https://letsencrypt.org/fr/certificates/ 270 # obtained here: https://letsencrypt.org/fr/certificates/
272 taskd.ca=${pkgs.writeText "ca.cert" '' 271 taskd.ca=${pkgs.writeText "ca.cert" ''
@@ -306,7 +305,7 @@ in {
306 environment.LC_ALL = "fr_FR.UTF-8"; 305 environment.LC_ALL = "fr_FR.UTF-8";
307 306
308 script = '' 307 script = ''
309 exec ${taskwarrior-web.gems}/${taskwarrior-web.gems.ruby.gemPath}/bin/bundle exec thin start -R config.ru -S ${taskwarrior-web.socketsDir}/${name}.sock 308 exec ${taskwarrior-web.gems}/${taskwarrior-web.gems.ruby.gemPath}/bin/bundle exec thin start -R config.ru -S ${socketsDir}/${name}.sock
310 ''; 309 '';
311 310
312 serviceConfig = { 311 serviceConfig = {
@@ -315,14 +314,14 @@ in {
315 Restart = "always"; 314 Restart = "always";
316 TimeoutSec = 60; 315 TimeoutSec = 60;
317 Type = "simple"; 316 Type = "simple";
318 WorkingDirectory = taskwarrior-web.rubyRoot; 317 WorkingDirectory = taskwarrior-web;
319 }; 318 };
320 319
321 unitConfig.RequiresMountsFor = taskwarrior-web.varDir; 320 unitConfig.RequiresMountsFor = varDir;
322 }) env.taskwarrior-web) // { 321 }) env.taskwarrior-web) // {
323 taskserver-ca.postStart = '' 322 taskserver-ca.postStart = ''
324 chown :${group} "${vardir}/keys/ca.key" 323 chown :${group} "${server_vardir}/keys/ca.key"
325 chmod g+r "${vardir}/keys/ca.key" 324 chmod g+r "${server_vardir}/keys/ca.key"
326 ''; 325 '';
327 }; 326 };
328 327
diff --git a/pkgs/webapps/default.nix b/pkgs/webapps/default.nix
index 74f9550..0ef6736 100644
--- a/pkgs/webapps/default.nix
+++ b/pkgs/webapps/default.nix
@@ -86,6 +86,8 @@ rec {
86 lib.attrsets.genAttrs names 86 lib.attrsets.genAttrs names
87 (name: callPackage (./roundcubemail/plugins + "/${name}") { buildPlugin = roundcubemail.buildPlugin; }); 87 (name: callPackage (./roundcubemail/plugins + "/${name}") { buildPlugin = roundcubemail.buildPlugin; });
88 88
89 taskwarrior-web = callPackage ./taskwarrior-web { inherit mylibs; };
90
89 ttrss = callPackage ./ttrss { inherit mylibs; }; 91 ttrss = callPackage ./ttrss { inherit mylibs; };
90 ttrss-with-plugins = ttrss.withPlugins (builtins.attrValues ttrss-plugins); 92 ttrss-with-plugins = ttrss.withPlugins (builtins.attrValues ttrss-plugins);
91 ttrss-plugins = let 93 ttrss-plugins = let
diff --git a/nixops/modules/task/Gemfile.lock b/pkgs/webapps/taskwarrior-web/Gemfile.lock
index 1b2f5ba..1b2f5ba 100644
--- a/nixops/modules/task/Gemfile.lock
+++ b/pkgs/webapps/taskwarrior-web/Gemfile.lock
diff --git a/nixops/modules/task/taskwarrior-web.nix b/pkgs/webapps/taskwarrior-web/default.nix
index e38ada4..d5368c5 100644
--- a/nixops/modules/task/taskwarrior-web.nix
+++ b/pkgs/webapps/taskwarrior-web/default.nix
@@ -1,24 +1,22 @@
1{ env, ruby_2_6, bundlerEnv, defaultGemConfig, fetchedGithub, stdenv, writeText, pkgs }: 1{ ruby_2_6, bundlerEnv, mylibs, stdenv }:
2let 2let
3 varDir = "/var/lib/taskwarrior-web";
4 socketsDir = "/run/taskwarrior-web";
5 rubyRoot = stdenv.mkDerivation (fetchedGithub ./taskwarrior-web.json // rec {
6 phases = [ "unpackPhase" "patchPhase" "installPhase" ];
7 patches = [ ./fixes.patch ./thin.patch ];
8 installPhase = ''
9 cp -a . $out
10 cp ${./Gemfile.lock} $out/Gemfile.lock
11 '';
12 });
13 gems = bundlerEnv { 3 gems = bundlerEnv {
14 name = "taskwarrior-web-env"; 4 name = "taskwarrior-web-env";
15 ruby = ruby_2_6; 5 ruby = ruby_2_6;
16 pname = "taskwarrior-web"; 6 pname = "taskwarrior-web";
17 gemset = ./gemset.nix; 7 gemset = ./gemset.nix;
18 gemdir = rubyRoot.out; 8 gemdir = package.out;
19 groups = [ "default" "local" "development" ]; 9 groups = [ "default" "local" "development" ];
20 }; 10 };
21in 11 package = stdenv.mkDerivation (mylibs.fetchedGithub ./taskwarrior-web.json // rec {
22 { 12 phases = [ "unpackPhase" "patchPhase" "installPhase" ];
23 inherit gems varDir socketsDir rubyRoot; 13 patches = [ ./fixes.patch ./thin.patch ];
24 } 14 installPhase = ''
15 cp -a . $out
16 cp ${./Gemfile.lock} $out/Gemfile.lock
17 '';
18 passthru = {
19 inherit gems;
20 };
21 });
22in package
diff --git a/nixops/modules/task/fixes.patch b/pkgs/webapps/taskwarrior-web/fixes.patch
index 851f9f0..851f9f0 100644
--- a/nixops/modules/task/fixes.patch
+++ b/pkgs/webapps/taskwarrior-web/fixes.patch
diff --git a/nixops/modules/task/gemset.nix b/pkgs/webapps/taskwarrior-web/gemset.nix
index 35d13c6..35d13c6 100644
--- a/nixops/modules/task/gemset.nix
+++ b/pkgs/webapps/taskwarrior-web/gemset.nix
diff --git a/nixops/modules/task/taskwarrior-web.json b/pkgs/webapps/taskwarrior-web/taskwarrior-web.json
index 70f396d..70f396d 100644
--- a/nixops/modules/task/taskwarrior-web.json
+++ b/pkgs/webapps/taskwarrior-web/taskwarrior-web.json
diff --git a/nixops/modules/task/thin.patch b/pkgs/webapps/taskwarrior-web/thin.patch
index a7df3e3..a7df3e3 100644
--- a/nixops/modules/task/thin.patch
+++ b/pkgs/webapps/taskwarrior-web/thin.patch
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-23 08:22:02 +0000