WIP: Build new nix {module,package,flake}. Adapt to new config variables

Co-authored-by: h7x4 <h7x4@nani.wtf>
This commit is contained in:
Felix Albrigtsen 2024-03-23 21:03:21 +01:00
parent 968048496a
commit 21d6c41149
15 changed files with 1552 additions and 96 deletions

1
.gitignore vendored
View File

@ -1,3 +1,4 @@
/result
/config.php
*.sqlite
/test.sql

11
dev.bat
View File

@ -1,11 +0,0 @@
REM php og sqlite3 må være tilgjengelig i PATH
IF EXIST "sql_config.php" goto config_end
cp sql_config_example.php sql_config.php
:config_end
IF EXIST "pvv.sqlite" goto sqlite_end
sqlite3 pvv.sqlite < pvv.sql
:sqlite_end
php -S [::1]:1080 -t www/ -c php.ini

18
dev.sh
View File

@ -1,18 +0,0 @@
#!/bin/sh
which sqlite3 > /dev/null 2>&1 || (echo ERROR: sqlite not found; false) || exit 1
test ! -e pvv.sqlite && sqlite3 pvv.sqlite < dist/pvv.sql
test ! -e sql_config.php && cp -v dist/sql_config_example.php sql_config.php
test -e composer.phar || curl -O https://getcomposer.org/composer.phar
if test ! -d vendor; then
php composer.phar install || exit $?
cp -v dist/authsources_example.php vendor/simplesamlphp/simplesamlphp/config/authsources.php
cp -v dist/saml20-idp-remote.php vendor/simplesamlphp/simplesamlphp/metadata/saml20-idp-remote.php
cp -v vendor/simplesamlphp/simplesamlphp/config-templates/config.php vendor/simplesamlphp/simplesamlphp/config/config.php
sed -e "s/'trusted.url.domains' => array()/'trusted.url.domains' => array('localhost:1080')/g" < vendor/simplesamlphp/simplesamlphp/config-templates/config.php > vendor/simplesamlphp/simplesamlphp/config/config.php
ln -s ../vendor/simplesamlphp/simplesamlphp/www/ www/simplesaml
fi
php -S ${DOCKER_HOST:-[::1]}:${DOCKER_PORT:-1080} -d error_reporting=E_ALL -d display_errors=1 -t www/

View File

@ -1,15 +0,0 @@
<?php
$DB_DSN = 'sqlite:'.__DIR__.DIRECTORY_SEPARATOR.'pvv.sqlite';
$DB_USER = null;
$DB_PASSWORD = null;
$DOOR_SECRET = "changeme";
$GALLERY_DIR = __DIR__.DIRECTORY_SEPARATOR.'www'.DIRECTORY_SEPARATOR.'gallery'.DIRECTORY_SEPARATOR.'pics';
$GALLERY_SERVER_PATH = '/images/gallery/';
$SLIDESHOW_DIR = __DIR__.DIRECTORY_SEPARATOR.'www'.DIRECTORY_SEPARATOR.'gallery'.DIRECTORY_SEPARATOR.'pics';
$SLIDSHOW_SERVER_PATH = '/images/slideshow/';
?>

20
dist/config.local.php vendored Normal file
View File

@ -0,0 +1,20 @@
<?php
$DB_DSN = 'sqlite:'.__DIR__.DIRECTORY_SEPARATOR.'pvv.sqlite';
$DB_USER = null;
$DB_PASS = null;
$DOOR_SECRET = "changeme";
$GALLERY_DIR = __DIR__.DIRECTORY_SEPARATOR.'www'.DIRECTORY_SEPARATOR.'galleri'.DIRECTORY_SEPARATOR.'bilder'.DIRECTORY_SEPARATOR.'gallery';
$GALLERY_SERVER_PATH = '/images/gallery/';
$SLIDESHOW_DIR = __DIR__.DIRECTORY_SEPARATOR.'www'.DIRECTORY_SEPARATOR.'galleri'.DIRECTORY_SEPARATOR.'bilder'.DIRECTORY_SEPARATOR.'slideshow';
$SLIDESHOW_SERVER_PATH = '/images/slideshow/';
$SAML_COOKIE_SALT = 'changeme';
$SAML_COOKIE_SECURE = false;
$SAML_TRUSTED_DOMAINS = array("localhost:1080");
$SAML_ADMIN_PASSWORD = "changeme";
?>

6
dist/config.source-env.php vendored Normal file
View File

@ -0,0 +1,6 @@
<?php
$configFile = getenv('PVV_CONFIG_FILE');
require_once($configFile);
?>

1226
dist/simplesamlphp-config.php vendored Normal file

File diff suppressed because it is too large Load Diff

View File

@ -12,62 +12,30 @@
"aarch64-linux"
"aarch64-darwin"
];
forAllSystems = f: nixpkgs.lib.genAttrs systems (system: f system);
in {
packages = forAllSystems (system: let
forAllSystems = f: nixpkgs.lib.genAttrs systems (system: let
pkgs = nixpkgs.legacyPackages.${system};
php = pkgs.php83;
in {
in f system pkgs);
in {
packages = forAllSystems (system: pkgs: {
default = self.packages.${system}.pvv-nettsiden;
pvv-nettsiden = php.buildComposerProject (finalAttrs: {
src = ./.;
pname = "pvv-nettsiden";
version = "0.0.1";
vendorHash = "sha256-DSn0ifj7Hjjia1SF/1wfziD/IdsiOES8XNDVz3F/cTI=";
});
pvv-nettsiden = pkgs.callPackage ./nix/package.nix { php = pkgs.php82; };
});
devShells = forAllSystems (system: rec {
pkgs = import nixpkgs { inherit system; };
default = pkgs.mkShellNoCC {
buildInputs = with pkgs; [
php82
(with php82Extensions; [
iconv
mbstring
pdo_mysql
pdo_sqlite
])
sqlite
git
];
shellHook = ''
export PHPHOST=localhost
export PHPPORT=1080
alias runDev='php -S $PHPHOST:$PHPPORT -d error_reporting=E_ALL -d display_errors=1 -t www/'
# Prepare dev environment with sqlite and config files
test -e pvv.sqlite || sqlite3 pvv.sqlite < dist/pvv.sql
test -e sql_config.php || cp -v dist/sql_config_example.php sql_config.php
test -e composer.phar || curl -O https://getcomposer.org/composer.phar
if [ ! -d vendor ] ; then
php composer.phar install || exit $?
cp -v dist/authsources_example.php vendor/simplesamlphp/simplesamlphp/config/authsources.php
cp -v dist/saml20-idp-remote.php vendor/simplesamlphp/simplesamlphp/metadata/saml20-idp-remote.php
cp -v vendor/simplesamlphp/simplesamlphp/config-templates/config.php vendor/simplesamlphp/simplesamlphp/config/config.php
sed -e "s/'trusted.url.domains' => array()/'trusted.url.domains' => array(\"$PHPHOST:$PHPPORT\")/g" < vendor/simplesamlphp/simplesamlphp/config-templates/config.php > vendor/simplesamlphp/simplesamlphp/config/config.php
ln -s ../vendor/simplesamlphp/simplesamlphp/www/ www/simplesaml
fi
'';
# TODO:
# - Make "trusted.url.domains" dynamic based on the current host:port
# - Do not download composer.phar with curl(!)
# - Relicense the project to GPL or something
# - Write a module for the project
overlays = forAllSystems (system: pkgs: {
default = prev: final: {
inherit (self.packages.${system}) pvv-nettsiden;
formats = final.formats // { php = import ./nix/php-generator.nix { pkgs = final; lib = final.lib; }; };
};
});
nixosModules.default = nix/module.nix;
devShells = forAllSystems (system: pkgs: {
default = pkgs.callPackage ./nix/shell.nix { inherit pkgs; };
});
# TODO:
# - Relicense the project to GPL or something
# - Write a module for the project
};
}

161
nix/module.nix Normal file
View File

@ -0,0 +1,161 @@
{ config, lib, pkgs, ... }:
let
cfg = config.services.pvv-nettsiden;
inherit (lib) mkDefault mkEnableOption mkPackageOption mkIf mkOption types mdDoc;
format = pkgs.formats.php { };
in
{
options.services.pvv-nettsiden = {
enable = mkEnableOption (lib.mdDoc "Enable pvv-nettsiden");
package = mkPackageOption pkgs "pvv-nettsiden" { };
user = mkOption {
type = types.str;
default = "pvv-nettsiden";
description = mdDoc "User to run php-fpm and own the image directories";
};
group = mkOption {
type = types.str;
default = "pvv-nettsiden";
description = mdDoc "Group to run php-fpm and own the image directories";
};
domainName = mkOption {
type = types.str;
default = "www.pvv.no";
description = mdDoc "Domain name for the website";
};
enableNginx = mkEnableOption "nginx" // { default = true; };
useSSL = mkEnableOption "secure cookies" // { default = true; };
settings = mkOption {
description = "Settings for the website";
default = { };
type = types.submodule {
freeformType = format.type;
options = lib.mapAttrsRecursiveCond
(attrs: !(attrs ? "type"))
(_: option: option // { type = types.either option.type format.lib.types.raw; })
{
GALLERY = {
DIR = mkOption {
type = types.path;
default = "/var/lib/pvv-nettsiden/gallery";
description = mdDoc "Directory where the gallery is located. See documentation at TODO";
};
SERVER_PATH = mkOption {
type = types.str;
default = "/static/gallery";
description = mdDoc "Path to the gallery on the server";
};
};
SLIDESHOW = {
DIR = mkOption {
type = types.path;
default = "/var/lib/pvv-nettsiden/slideshow";
description = mdDoc "Directory where the slideshow is located. See documentation at TODO";
};
SERVER_PATH = mkOption {
type = types.str;
default = "/static/slideshow";
description = mdDoc "Path to the slideshow on the server";
};
};
DB = {
DSN = mkOption {
type = types.str;
default = "sqlite:/var/lib/pvv-nettsiden/pvv-nettsiden.db";
example = "pgsql:host=localhost;port=5432;dbname=testdb;user=bruce;password=mypass";
description = mdDoc "Database connection string, see https://www.php.net/manual/en/pdo.construct.php";
};
USER = mkOption {
type = with types; nullOr str;
default = null;
example = "pvv-nettsiden";
description = mdDoc "Database user";
};
PASS = mkOption {
type = with types; nullOr str;
default = null;
description = mdDoc "Database password. Recommends: null, set in extraConfig";
};
};
};
};
};
};
config = mkIf cfg.enable {
users.users = mkIf (cfg.user == "pvv-nettsiden") {
"pvv-nettsiden" = {
description = "PVV Website Service User";
group = cfg.group;
createHome = false;
isSystemUser = true;
};
};
users.groups = mkIf (cfg.group == "pvv-nettsiden") {
"pvv-nettsiden" = { };
};
services.nginx = mkIf cfg.enableNginx {
enable = true;
recommendedGzipSettings = mkDefault true;
recommendedProxySettings = mkDefault true;
virtualHosts."${cfg.domainName}" = {
forceSSL = mkDefault cfg.useSSL;
enableACME = mkDefault true;
locations = {
"/" = {
root = "${cfg.package}/share/php/pvv-nettsiden/www/";
index = "index.php";
};
"~ \\.php$".extraConfig = ''
include ${pkgs.nginx}/conf/fastcgi_params;
fastcgi_param SCRIPT_FILENAME ${cfg.package}/share/php/pvv-nettsiden/www$fastcgi_script_name;
fastcgi_pass unix:${config.services.phpfpm.pools."pvv-nettsiden".socket};
'';
${cfg.settings.GALLERY.SERVER_PATH} = {
root = cfg.settings.GALLERY.DIR;
};
${cfg.settings.SLIDESHOW.SERVER_PATH} = {
root = cfg.settings.SLIDESHOW.DIR;
};
};
};
};
services.phpfpm.pools.pvv-nettsiden = {
user = cfg.user;
group = cfg.group;
phpEnv.PVV_CONFIG_FILE = toString (format.generate "pvv-nettsiden-conf.php" cfg.settings);
settings = {
"listen.owner" = config.services.nginx.user;
"listen.group" = config.services.nginx.group;
"pm" = mkDefault "ondemand";
"pm.max_children" = mkDefault 32;
"pm.process_idle_timeout" = mkDefault "10s";
"pm.max_requests" = mkDefault 500;
};
};
};
}

23
nix/package.nix Normal file
View File

@ -0,0 +1,23 @@
{ php }:
php.buildComposerProject {
src = ./..;
pname = "pvv-nettsiden";
version = "0.0.1";
vendorHash = "sha256-DSn0ifj7Hjjia1SF/1wfziD/IdsiOES8XNDVz3F/cTI=";
postInstall = ''
simplesamlphp="$out/share/php/pvv-nettsiden/vendor/simplesamlphp/simplesamlphp"
mkdir -p $simplesamlphp/config
mkdir -p $simplesamlphp/metadata
cp dist/simplesamlphp-config.php $simplesamlphp/config/config.php
cp dist/simplesamlphp-authsources.php $simplesamlphp/config/authsources.php
cp dist/simplesamlphp-idp.php $simplesamlphp/metadata/saml20-idp-remote.php
cp dist/config.source-env.php $out/share/php/pvv-nettsiden/config.php
ln -s $simplesamlphp/www $out/share/php/pvv-nettsiden/www/simplesaml
'';
}

60
nix/php-generator.nix Normal file
View File

@ -0,0 +1,60 @@
{ pkgs, lib }:
with lib;
{ }: {
inherit (pkgs.formats.json { }) type;
generate = name: value: let
valueToString = val:
if val == null then
"null"
else if isString val then
builtins.toJSON val
else if isBool val then
boolToString val
else if isInt val || isFloat val then
toString val
else if isList val then
"array(${concatMapStringsSep ", " valueToString val})"
else if isAttrs val && val ? value && (val._type or "") == "raw" then
val.value
else if isAttrs val then
throw "Found unexpected attrs, that were not created by mkRaw. Have you put attrs in an array?\n${val}"
else throw "unsupported :')";
flattenStructuredSettings = attrs: let
partitionAttrs = pred: attrs: lib.pipe attrs [
attrsToList
(partition ({ name, value }: pred name value))
(mapAttrs (_: listToAttrs))
];
partitionedAttrs = partitionAttrs (_: v: isAttrs v && !(v ? value && (v._type or "") == "raw")) attrs;
flattenedAttrs = lib.pipe partitionedAttrs.right [
(mapAttrs (n1: mapAttrs' (n2: v2: nameValuePair "${n1}_${n2}" v2)))
attrValues
(map flattenStructuredSettings)
(foldl recursiveUpdate { })
];
in recursiveUpdate flattenedAttrs partitionedAttrs.wrong;
content = lib.pipe value [
flattenStructuredSettings
(mapAttrs (_: valueToString))
(mapAttrsToList (n: v: ''''$${n} = ${v};''))
(concatStringsSep "\n")
(content: "<?php\n${content}\n?>")
];
in pkgs.writeText name content;
lib = {
mkRaw = value: {
inherit value;
_type = "raw";
};
types.raw = lib.types.attrs;
};
}

35
nix/shell.nix Normal file
View File

@ -0,0 +1,35 @@
{ pkgs }:
let
phpEnv = pkgs.php82.buildEnv {
extensions = { enabled, all }: enabled ++ (with all; [ iconv mbstring pdo_mysql pdo_sqlite ]);
};
in
pkgs.mkShellNoCC {
buildInputs = with pkgs; [
phpEnv
php82Packages.composer
sqlite
git
];
shellHook = ''
alias runDev='php -S localhost:1080 -d error_reporting=E_ALL -d display_errors=1 -t www/'
# Prepare dev environment with sqlite and config files
test -e pvv.sqlite || sqlite3 pvv.sqlite < dist/pvv.sql
test -e config.php || cp -v dist/config.local.php config.php
if [ ! -d vendor ] ; then
composer install || exit $?
cp dist/simplesamlphp-authsources.php vendor/simplesamlphp/simplesamlphp/config/authsources.php
cp dist/simplesamlphp-idp.php vendor/simplesamlphp/simplesamlphp/metadata/saml20-idp-remote.php
cp dist/simplesamlphp-config.php vendor/simplesamlphp/simplesamlphp/config/config.php
cp dist/config.local.php config.php
ln -s ../vendor/simplesamlphp/simplesamlphp/www/ www/simplesaml
fi
'';
}

View File

@ -8,7 +8,7 @@ $serverPath = $SLIDSHOW_SERVER_PATH;
$splashImg = "/PNG/PVV-logo-big-bluebg.png";
// Note: This does not support nested directories
$filenames = sCaNdIr(__DIR__ . $searchDir);
$filenames = sCaNdIr($searchDir);
//Remove the expected non-images
foreach($filenames as $k => $value) {