234 lines
6.7 KiB
Nix
234 lines
6.7 KiB
Nix
{ lib
|
|
, config
|
|
, pkgs
|
|
, ...
|
|
}:
|
|
|
|
let
|
|
cfg = config.services.wallabag;
|
|
inherit (builtins) toJSON;
|
|
inherit (lib) mkOption mkEnableOption types mkIf;
|
|
wallabag = pkgs.wallabag.overrideAttrs (old: {
|
|
patches = builtins.filter (patch: builtins.baseNameOf patch != "wallabag-data.patch") old.patches ++ [
|
|
# https://github.com/jtojnar/nixfiles/commit/662ac88e3358e9b50468c4bbf124aa821e22cae4
|
|
./wallabag-data-location.patch
|
|
];
|
|
});
|
|
wallabagConfig = toJSON {
|
|
parameters = {
|
|
database_driver = "pdo_sqlite";
|
|
database_driver_class = "~";
|
|
database_host = "127.0.0.1";
|
|
database_port = "~";
|
|
database_name = "wallabag";
|
|
database_user = "root";
|
|
database_password = "~";
|
|
database_table_prefix = "wallabag_";
|
|
database_socket = "~";
|
|
database_path = "${cfg.dataDir}/data/db/wallabag.sqlite";
|
|
database_charset = "utf8";
|
|
|
|
domain_name = "https://${cfg.domain}";
|
|
server_name = "Wallabag";
|
|
|
|
mailer_dsn = "smtp://127.0.0.1";
|
|
|
|
locale = "en";
|
|
|
|
"env(SECRET_FILE)" = "${cfg.secretPath}";
|
|
secret = "%env(file:resolve:SECRET_FILE)%";
|
|
|
|
twofactor_auth = true;
|
|
twofactor_sender = "no-reply@${cfg.domain}";
|
|
|
|
fosuser_registration = false;
|
|
fosuser_confirmation = false;
|
|
|
|
# how long the access token should live in seconds for the API
|
|
fos_oauth_server_access_token_lifetime = 3600;
|
|
# how long the refresh token should life in seconds for the API
|
|
fos_oauth_server_refresh_token_lifetime = 1209600;
|
|
|
|
from_email = "no-reply@${cfg.domain}";
|
|
|
|
# rss_limit = 50;
|
|
|
|
# TODO: RabbitMQ processing
|
|
rabbitmq_host = null;
|
|
rabbitmq_port = null;
|
|
rabbitmq_user = null;
|
|
rabbitmq_password = null;
|
|
rabbitmq_prefetch_count = null;
|
|
|
|
redis_scheme = "tcp";
|
|
redis_host = "127.0.0.1";
|
|
redis_port = 6380;
|
|
redis_path = null;
|
|
redis_password = null;
|
|
|
|
# sentry logging
|
|
sentry_dsn = null;
|
|
};
|
|
};
|
|
php = pkgs.php.withExtensions ({ enabled, all }: enabled ++ (with all; [
|
|
imagick
|
|
tidy
|
|
]));
|
|
wallabagServiceConfig = {
|
|
CacheDirectory = "wallabag";
|
|
CacheDirectoryMode = "700";
|
|
|
|
ConfigurationDirectory = "wallabag";
|
|
ConfigurationDirectoryMode = "700";
|
|
|
|
LogsDirectory = "wallabag";
|
|
|
|
StateDirectory = "wallabag";
|
|
StateDirectoryMode = "700";
|
|
#DynamicUser = false;
|
|
};
|
|
in
|
|
{
|
|
options.services.wallabag = {
|
|
enable = mkEnableOption "Enable Wallabag";
|
|
domain = mkOption {
|
|
type = types.str;
|
|
default = "";
|
|
description = "Domain wallabag will run on";
|
|
};
|
|
secretPath = mkOption {
|
|
type = types.path;
|
|
default = "";
|
|
description = "Path to file containing the wallabag secret";
|
|
};
|
|
dataDir = mkOption {
|
|
type = types.path;
|
|
default = "/var/lib/wallabag";
|
|
description = "wallabag data directory";
|
|
};
|
|
|
|
socket = mkOption {
|
|
type = types.path;
|
|
default = config.services.phpfpm.pools.wallabag.socket;
|
|
description = "wallabag data directory";
|
|
};
|
|
user = mkOption {
|
|
type = with types; oneOf [ str int ];
|
|
default = "wallabag";
|
|
description = "The user wallabag will run as.";
|
|
};
|
|
|
|
group = mkOption {
|
|
type = with types; oneOf [ str int ];
|
|
default = "wallabag";
|
|
description = "The group wallabag will run with.";
|
|
};
|
|
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
|
|
environment.etc."wallabag/parameters.yml" = {
|
|
source = pkgs.writeTextFile {
|
|
name = "wallabag-config";
|
|
text = wallabagConfig;
|
|
};
|
|
};
|
|
|
|
users.groups.${cfg.group} = { };
|
|
users.users.${cfg.user} = {
|
|
isSystemUser = true;
|
|
inherit (cfg) group;
|
|
description = "Wallabag daemon user";
|
|
home = cfg.dataDir;
|
|
createHome = true;
|
|
};
|
|
|
|
services.nginx.virtualHosts.${cfg.domain} = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
root = "${wallabag}/web";
|
|
extraConfig = ''
|
|
add_header X-Frame-Options SAMEORIGIN;
|
|
add_header X-Content-Type-Options nosniff;
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
'';
|
|
locations = {
|
|
"/".extraConfig = "try_files $uri /app.php$is_args$args;";
|
|
"/assets".root = "${wallabag}/app/web";
|
|
"~ ^/app\\.php(/|$)".extraConfig = ''
|
|
fastcgi_pass unix:${cfg.socket};
|
|
include ${config.services.nginx.package}/conf/fastcgi.conf;
|
|
fastcgi_param PATH_INFO $fastcgi_path_info;
|
|
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
|
|
fastcgi_param SCRIPT_FILENAME ${wallabag}/web/$fastcgi_script_name;
|
|
fastcgi_param DOCUMENT_ROOT ${wallabag}/web;
|
|
fastcgi_param REMOTE_USER $remote_user;
|
|
fastcgi_read_timeout 120;
|
|
internal;
|
|
'';
|
|
"~ /(?!app)\\.php$".extraConfig = "return 404;";
|
|
};
|
|
};
|
|
|
|
services.phpfpm = {
|
|
pools.wallabag = {
|
|
inherit (cfg) user;
|
|
phpPackage = php;
|
|
settings = {
|
|
"listen.owner" = "nginx";
|
|
"listen.group" = "nginx";
|
|
pm = "dynamic";
|
|
"pm.max_children" = 5;
|
|
"pm.start_servers" = 2;
|
|
"pm.min_spare_servers" = 1;
|
|
"pm.max_spare_servers" = 3;
|
|
clear_env = false;
|
|
catch_workers_output = true;
|
|
};
|
|
phpOptions = ''
|
|
; Set up $_ENV superglobal.
|
|
; http://php.net/request-order
|
|
variables_order = "EGPCS"
|
|
# Wallabag will crash on start-up.
|
|
# https://github.com/wallabag/wallabag/issues/6042
|
|
error_reporting = E_ALL & ~E_USER_DEPRECATED & ~E_DEPRECATED
|
|
'';
|
|
};
|
|
};
|
|
|
|
systemd.services.phpfpm-wallabag.serviceConfig = wallabagServiceConfig;
|
|
|
|
systemd.services.wallabag-install = {
|
|
description = "Wallabag install service";
|
|
wantedBy = [ "multi-user.target" ];
|
|
before = [ "phpfpm-wallabag.service" ];
|
|
after = [ "postgresql.service" ];
|
|
path = with pkgs; [ coreutils php phpPackages.composer ];
|
|
serviceConfig = {
|
|
User = cfg.user;
|
|
Type = "oneshot";
|
|
} // wallabagServiceConfig;
|
|
preStart = ''
|
|
mkdir -p "${cfg.dataDir}/data/db"
|
|
'';
|
|
script = ''
|
|
if [ ! -f "$STATE_DIRECTORY/installed" ]; then
|
|
if php ${wallabag}/bin/console --env=prod wallabag:install; then
|
|
echo "Wallabag initial config complete"
|
|
touch "$STATE_DIRECTORY/installed"
|
|
else
|
|
echo "failed to install!"
|
|
exit 1
|
|
fi
|
|
else
|
|
echo "Running wallabag migrations"
|
|
php ${wallabag}/bin/console --env=prod doctrine:migrations:migrate --no-interaction
|
|
fi
|
|
echo "Starting Wallabag"
|
|
php ${wallabag}/bin/console --env=prod cache:clear
|
|
'';
|
|
};
|
|
};
|
|
}
|