1 files changed, 227 insertions, 0 deletions
diff --git a/flakes/etherpad-lite/flake.nix b/flakes/etherpad-lite/flake.nix
new file mode 100644
index 0000000..6e0d7db
--- /dev/null
+++ b/flakes/etherpad-lite/flake.nix
@@ -0,0 +1,227 @@
+{
+  description = "Your self-hosted, globally interconnected microblogging community";
+  inputs.flake-utils.url = "github:numtide/flake-utils";
+  inputs.nixpkgs = {
+    url = "github:NixOS/nixpkgs/840c782d507d60aaa49aa9e3f6d0b0e780912742";
+    flake = false;
+  };
+  inputs.etherpad-lite = {
+    url = "github:ether/etherpad-lite/1.8.3";
+    flake = false;
+  };
+  inputs.mypackages.url = "path:../mypackages";
+  outputs = { self, nixpkgs, etherpad-lite, flake-utils, mypackages }: flake-utils.lib.eachSystem ["x86_64-linux"] (system:
+    let
+      pkgs = import nixpkgs { inherit system; overlays = []; };
+      version = (builtins.fromJSON (builtins.readFile ./flake.lock)).nodes.etherpad-lite.original.ref;
+      inherit (pkgs) callPackage;
+    in rec {
+      packages.etherpad-lite = callPackage ./. { inherit (mypackages.mylibs) nodeEnv; src = etherpad-lite // { inherit version; }; };
+      defaultPackage = packages.etherpad-lite;
+      legacyPackages.etherpad-lite = packages.etherpad-lite;
+      checks = {
+        build = defaultPackage;
+      };
+    }
+  ) // rec {
+    overlays = {
+      etherpad-lite = final: prev: {
+        etherpad-lite = self.defaultPackage."${final.system}";
+      };
+    };
+    overlay = overlays.etherpad-lite;
+    nixosModule = { lib, pkgs, config, ... }:
+      let
+        name = "etherpad-lite";
+        cfg = config.services.etherpad-lite;
+      in
+        {
+          options.services.etherpad-lite = {
+            enable = lib.mkEnableOption "Enable Etherpad lite’s service";
+            user = lib.mkOption {
+              type = lib.types.str;
+              default = name;
+              description = "User account under which Etherpad lite runs";
+            };
+            group = lib.mkOption {
+              type = lib.types.str;
+              default = name;
+              description = "Group under which Etherpad lite runs";
+            };
+            dataDir = lib.mkOption {
+              type = lib.types.path;
+              default = "/var/lib/${name}";
+              description = ''
+                The directory where Etherpad lite stores its data.
+              '';
+            };
+            socketsDir = lib.mkOption {
+              type = lib.types.path;
+              default = "/run/${name}";
+              description = ''
+                The directory where Etherpad lite stores its sockets.
+              '';
+            };
+            configFile = lib.mkOption {
+              type = lib.types.path;
+              description = ''
+                The config file path for Etherpad lite.
+                '';
+            };
+            sessionKeyFile = lib.mkOption {
+              type = lib.types.path;
+              description = ''
+                The Session key file path for Etherpad lite.
+                '';
+            };
+            apiKeyFile = lib.mkOption {
+              type = lib.types.path;
+              description = ''
+                The API key file path for Etherpad lite.
+                '';
+            };
+            package = lib.mkOption {
+              type = lib.types.package;
+              default = pkgs.etherpad-lite;
+              description = ''
+                Etherpad lite package to use.
+                '';
+              example = lib.literalExample ''
+                pkgs.webapps.etherpad-lite.withModules (p: [ p.ep_align ]);
+              '';
+            };
+            modules = lib.mkOption {
+              type = lib.types.listOf lib.types.package;
+              default = [];
+              description = ''
+                Etherpad lite modules to use.
+                DEPRECATED: use package directly
+                '';
+            };
+            # Output variables
+            workdir = lib.mkOption {
+              type = lib.types.package;
+              default = cfg.package.withModules (_: cfg.modules);
+              description = ''
+              Adjusted Etherpad lite package with plugins
+              '';
+              readOnly = true;
+            };
+            systemdStateDirectory = lib.mkOption {
+              type = lib.types.str;
+              # Use ReadWritePaths= instead if varDir is outside of /var/lib
+              default = assert lib.strings.hasPrefix "/var/lib/" cfg.dataDir;
+                lib.strings.removePrefix "/var/lib/" cfg.dataDir;
+              description = ''
+              Adjusted Etherpad lite data directory for systemd
+              '';
+              readOnly = true;
+            };
+            systemdRuntimeDirectory = lib.mkOption {
+              type = lib.types.str;
+              # Use ReadWritePaths= instead if socketsDir is outside of /run
+              default = assert lib.strings.hasPrefix "/run/" cfg.socketsDir;
+                lib.strings.removePrefix "/run/" cfg.socketsDir;
+              description = ''
+              Adjusted Etherpad lite sockets directory for systemd
+              '';
+              readOnly = true;
+            };
+            sockets = lib.mkOption {
+              type = lib.types.attrsOf lib.types.path;
+              default = {
+                node  = "${cfg.socketsDir}/etherpad-lite.sock";
+              };
+              readOnly = true;
+              description = ''
+                Etherpad lite sockets
+                '';
+            };
+          };
+          config = lib.mkIf cfg.enable {
+            nixpkgs.overlays = [ self.overlay ];
+            systemd.services.etherpad-lite-cleanup = {
+              description = "Etherpad-lite cleanup old mypads";
+              after = [ "network.target" "postgresql.service" ];
+              wants = [ "postgresql.service" ];
+              environment.NODE_ENV = "production";
+              environment.HOME = cfg.workdir;
+              path = [ cfg.workdir.nodejs ];
+              script = ''
+                exec ${cfg.workdir.nodejs}/bin/node ${cfg.workdir}/node_modules/ep_mypads/scripts/mypads-jobqueue-minion.js \
+                  --settings ${cfg.configFile} \
+                  --oneshot
+              '';
+              serviceConfig = {
+                DynamicUser = true;
+                User = cfg.user;
+                Group = cfg.group;
+                WorkingDirectory = "%T";
+                PrivateTmp = true;
+                NoNewPrivileges = true;
+                PrivateDevices = true;
+                ProtectHome = true;
+                ProtectControlGroups = true;
+                ProtectKernelModules = true;
+                Type = "oneshot";
+              };
+            };
+            systemd.services.etherpad-lite = {
+              description = "Etherpad-lite";
+              wantedBy = [ "multi-user.target" ];
+              after = [ "network.target" "postgresql.service" ];
+              wants = [ "postgresql.service" ];
+              environment.NODE_ENV = "production";
+              environment.HOME = cfg.workdir;
+              path = [ cfg.workdir.nodejs ];
+              script = ''
+                exec ${cfg.workdir.nodejs}/bin/node ${cfg.workdir}/src/node/server.js \
+                  --sessionkey ${cfg.sessionKeyFile} \
+                  --apikey ${cfg.apiKeyFile} \
+                  --settings ${cfg.configFile}
+              '';
+              postStart = ''
+                while [ ! -S ${cfg.sockets.node} ]; do
+                  sleep 0.5
+                done
+                chmod a+w ${cfg.sockets.node}
+                '';
+              serviceConfig = {
+                DynamicUser = true;
+                User = cfg.user;
+                Group = cfg.group;
+                WorkingDirectory = cfg.workdir;
+                PrivateTmp = true;
+                NoNewPrivileges = true;
+                PrivateDevices = true;
+                ProtectHome = true;
+                ProtectControlGroups = true;
+                ProtectKernelModules = true;
+                Restart = "always";
+                Type = "simple";
+                TimeoutSec = 60;
+                RuntimeDirectory = cfg.systemdRuntimeDirectory;
+                StateDirectory= cfg.systemdStateDirectory;
+                ExecStartPre = [
+                  "+${pkgs.coreutils}/bin/install -d -m 0755 -o ${cfg.user} -g ${cfg.group} ${cfg.dataDir}/var ${cfg.dataDir}/ep_initialized"
+                  "+${pkgs.coreutils}/bin/chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir} ${cfg.configFile} ${cfg.sessionKeyFile} ${cfg.apiKeyFile}"
+                ];
+              };
+            };
+          };
+        };
+      };
+}

diff --git a/flakes/etherpad-lite/flake.nix b/flakes/etherpad-lite/flake.nix new file mode 100644 index 0000000..6e0d7db --- /dev/null +++ b/flakes/etherpad-lite/flake.nix
@@ -0,0 +1,227 @@
	1	{
	2	description = "Your self-hosted, globally interconnected microblogging community";
	3	inputs.flake-utils.url = "github:numtide/flake-utils";
	4	inputs.nixpkgs = {
	5	url = "github:NixOS/nixpkgs/840c782d507d60aaa49aa9e3f6d0b0e780912742";
	6	flake = false;
	7	};
	8	inputs.etherpad-lite = {
	9	url = "github:ether/etherpad-lite/1.8.3";
	10	flake = false;
	11	};
	12	inputs.mypackages.url = "path:../mypackages";
	13
	14	outputs = { self, nixpkgs, etherpad-lite, flake-utils, mypackages }: flake-utils.lib.eachSystem ["x86_64-linux"] (system:
	15	let
	16	pkgs = import nixpkgs { inherit system; overlays = []; };
	17	version = (builtins.fromJSON (builtins.readFile ./flake.lock)).nodes.etherpad-lite.original.ref;
	18	inherit (pkgs) callPackage;
	19	in rec {
	20	packages.etherpad-lite = callPackage ./. { inherit (mypackages.mylibs) nodeEnv; src = etherpad-lite // { inherit version; }; };
	21	defaultPackage = packages.etherpad-lite;
	22	legacyPackages.etherpad-lite = packages.etherpad-lite;
	23	checks = {
	24	build = defaultPackage;
	25	};
	26	}
	27	) // rec {
	28	overlays = {
	29	etherpad-lite = final: prev: {
	30	etherpad-lite = self.defaultPackage."${final.system}";
	31	};
	32	};
	33	overlay = overlays.etherpad-lite;
	34	nixosModule = { lib, pkgs, config, ... }:
	35	let
	36	name = "etherpad-lite";
	37	cfg = config.services.etherpad-lite;
	38	in
	39	{
	40	options.services.etherpad-lite = {
	41	enable = lib.mkEnableOption "Enable Etherpad lite’s service";
	42	user = lib.mkOption {
	43	type = lib.types.str;
	44	default = name;
	45	description = "User account under which Etherpad lite runs";
	46	};
	47	group = lib.mkOption {
	48	type = lib.types.str;
	49	default = name;
	50	description = "Group under which Etherpad lite runs";
	51	};
	52	dataDir = lib.mkOption {
	53	type = lib.types.path;
	54	default = "/var/lib/${name}";
	55	description = ''
	56	The directory where Etherpad lite stores its data.
	57	'';
	58	};
	59	socketsDir = lib.mkOption {
	60	type = lib.types.path;
	61	default = "/run/${name}";
	62	description = ''
	63	The directory where Etherpad lite stores its sockets.
	64	'';
	65	};
	66	configFile = lib.mkOption {
	67	type = lib.types.path;
	68	description = ''
	69	The config file path for Etherpad lite.
	70	'';
	71	};
	72	sessionKeyFile = lib.mkOption {
	73	type = lib.types.path;
	74	description = ''
	75	The Session key file path for Etherpad lite.
	76	'';
	77	};
	78	apiKeyFile = lib.mkOption {
	79	type = lib.types.path;
	80	description = ''
	81	The API key file path for Etherpad lite.
	82	'';
	83	};
	84	package = lib.mkOption {
	85	type = lib.types.package;
	86	default = pkgs.etherpad-lite;
	87	description = ''
	88	Etherpad lite package to use.
	89	'';
	90	example = lib.literalExample ''
	91	pkgs.webapps.etherpad-lite.withModules (p: [ p.ep_align ]);
	92	'';
	93	};
	94	modules = lib.mkOption {
	95	type = lib.types.listOf lib.types.package;
	96	default = [];
	97	description = ''
	98	Etherpad lite modules to use.
	99	DEPRECATED: use package directly
	100	'';
	101	};
	102	# Output variables
	103	workdir = lib.mkOption {
	104	type = lib.types.package;
	105	default = cfg.package.withModules (_: cfg.modules);
	106	description = ''
	107	Adjusted Etherpad lite package with plugins
	108	'';
	109	readOnly = true;
	110	};
	111	systemdStateDirectory = lib.mkOption {
	112	type = lib.types.str;
	113	# Use ReadWritePaths= instead if varDir is outside of /var/lib
	114	default = assert lib.strings.hasPrefix "/var/lib/" cfg.dataDir;
	115	lib.strings.removePrefix "/var/lib/" cfg.dataDir;
	116	description = ''
	117	Adjusted Etherpad lite data directory for systemd
	118	'';
	119	readOnly = true;
	120	};
	121	systemdRuntimeDirectory = lib.mkOption {
	122	type = lib.types.str;
	123	# Use ReadWritePaths= instead if socketsDir is outside of /run
	124	default = assert lib.strings.hasPrefix "/run/" cfg.socketsDir;
	125	lib.strings.removePrefix "/run/" cfg.socketsDir;
	126	description = ''
	127	Adjusted Etherpad lite sockets directory for systemd
	128	'';
	129	readOnly = true;
	130	};
	131	sockets = lib.mkOption {
	132	type = lib.types.attrsOf lib.types.path;
	133	default = {
	134	node = "${cfg.socketsDir}/etherpad-lite.sock";
	135	};
	136	readOnly = true;
	137	description = ''
	138	Etherpad lite sockets
	139	'';
	140	};
	141	};
	142
	143	config = lib.mkIf cfg.enable {
	144	nixpkgs.overlays = [ self.overlay ];
	145	systemd.services.etherpad-lite-cleanup = {
	146	description = "Etherpad-lite cleanup old mypads";
	147	after = [ "network.target" "postgresql.service" ];
	148	wants = [ "postgresql.service" ];
	149
	150	environment.NODE_ENV = "production";
	151	environment.HOME = cfg.workdir;
	152
	153	path = [ cfg.workdir.nodejs ];
	154
	155	script = ''
	156	exec ${cfg.workdir.nodejs}/bin/node ${cfg.workdir}/node_modules/ep_mypads/scripts/mypads-jobqueue-minion.js \
	157	--settings ${cfg.configFile} \
	158	--oneshot
	159	'';
	160
	161	serviceConfig = {
	162	DynamicUser = true;
	163	User = cfg.user;
	164	Group = cfg.group;
	165	WorkingDirectory = "%T";
	166	PrivateTmp = true;
	167	NoNewPrivileges = true;
	168	PrivateDevices = true;
	169	ProtectHome = true;
	170	ProtectControlGroups = true;
	171	ProtectKernelModules = true;
	172	Type = "oneshot";
	173	};
	174	};
	175	systemd.services.etherpad-lite = {
	176	description = "Etherpad-lite";
	177	wantedBy = [ "multi-user.target" ];
	178	after = [ "network.target" "postgresql.service" ];
	179	wants = [ "postgresql.service" ];
	180
	181	environment.NODE_ENV = "production";
	182	environment.HOME = cfg.workdir;
	183
	184	path = [ cfg.workdir.nodejs ];
	185
	186	script = ''
	187	exec ${cfg.workdir.nodejs}/bin/node ${cfg.workdir}/src/node/server.js \
	188	--sessionkey ${cfg.sessionKeyFile} \
	189	--apikey ${cfg.apiKeyFile} \
	190	--settings ${cfg.configFile}
	191	'';
	192
	193	postStart = ''
	194	while [ ! -S ${cfg.sockets.node} ]; do
	195	sleep 0.5
	196	done
	197	chmod a+w ${cfg.sockets.node}
	198	'';
	199	serviceConfig = {
	200	DynamicUser = true;
	201	User = cfg.user;
	202	Group = cfg.group;
	203	WorkingDirectory = cfg.workdir;
	204	PrivateTmp = true;
	205	NoNewPrivileges = true;
	206	PrivateDevices = true;
	207	ProtectHome = true;
	208	ProtectControlGroups = true;
	209	ProtectKernelModules = true;
	210	Restart = "always";
	211	Type = "simple";
	212	TimeoutSec = 60;
	213	RuntimeDirectory = cfg.systemdRuntimeDirectory;
	214	StateDirectory= cfg.systemdStateDirectory;
	215	ExecStartPre = [
	216	"+${pkgs.coreutils}/bin/install -d -m 0755 -o ${cfg.user} -g ${cfg.group} ${cfg.dataDir}/var ${cfg.dataDir}/ep_initialized"
	217	"+${pkgs.coreutils}/bin/chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir} ${cfg.configFile} ${cfg.sessionKeyFile} ${cfg.apiKeyFile}"
	218	];
	219	};
	220	};
	221
	222	};
	223	};
	224	};
	225	}
	226
	227