shiori upgrade to 1.7.0

modules/servers/shiori.nix

@@ -4,12 +4,13 @@
   options.my.servers.shiori.enable = lib.mkEnableOption "enable";
   config = lib.mkIf
     (config.my.servers.shiori.enable && config.my.servers.postgres.enable) {
+      sops.secrets.shiori.sopsFile = ../../secrets/env.yaml;
       services = {
         shiori = {
           enable = true;
           port = 4368;
           package = pkgs.callPackage ../../pkgs/shiori/shiori.nix { };
-          httpSecretKey = "password";
+          environmentFile = config.sops.secrets.shiori.path;
           databaseUrl = "postgres:///shiori?host=${config.my.postgresSocket}";
         };
         nginx = {

pkgs/shiori/shiori-service.nix

@@ -1,16 +1,15 @@
 { config, lib, pkgs, ... }:
 
-with lib;
 let cfg = config.services.shiori;
 in {
   options = {
     services.shiori = {
-      enable = mkEnableOption "Shiori simple bookmarks manager";
+      enable = lib.mkEnableOption "Shiori simple bookmarks manager";
 
-      package = mkPackageOption pkgs "shiori" { };
+      package = lib.mkPackageOption pkgs "shiori" { };
 
-      address = mkOption {
+      address = lib.mkOption {
-        type = types.str;
+        type = lib.types.str;
         default = "";
         description = ''
           The IP address on which Shiori will listen.
@@ -18,53 +17,55 @@ in {
         '';
       };
 
-      port = mkOption {
+      port = lib.mkOption {
-        type = types.port;
+        type = lib.types.port;
         default = 8080;
         description = "The port of the Shiori web application";
       };
 
-      webRoot = mkOption {
+      webRoot = lib.mkOption {
-        type = types.str;
+        type = lib.types.str;
         default = "/";
         example = "/shiori";
         description = "The root of the Shiori web application";
       };
 
-      httpSecretKey = mkOption {
+      environmentFile = lib.mkOption {
-        type = types.str;
+        type = lib.types.null or lib.types.path;
-        example = "SuperSecretPassword";
+        default = null;
-        description =
+        example = "/path/to/environmentFile";
-          "When empty all sessions will be invalidated on server restart";
+        description = ''
+          Path to file containing environment variables.
+          Useful for passing down secrets.
+          <https://github.com/go-shiori/shiori/blob/master/docs/Configuration.md#overall-configuration>
+        '';
       };
 
-      databaseUrl = mkOption {
+      databaseUrl = lib.mkOption {
-        type = types.str;
+        type = lib.types.null or lib.types.str;
-        default = "";
+        default = null;
         example = "postgresql:///shiori?host=/run/postgresql";
         description = "The connection URL to connect to MySQL or PostgreSQL";
       };
     };
   };
 
-  config = mkIf cfg.enable {
+  config = lib.mkIf cfg.enable {
-    systemd.services.shiori = with cfg; {
+    systemd.services.shiori = {
       description = "Shiori simple bookmarks manager";
       wantedBy = [ "multi-user.target" ];
-
+      after = [ "postgresql.service" "mysql.service" ];
       environment = {
         SHIORI_DIR = "/var/lib/shiori";
-      } // lib.optionalAttrs (cfg.databaseUrl != "") {
+      } // lib.optionalAttrs (cfg.databaseUrl != null) {
         SHIORI_DATABASE_URL = cfg.databaseUrl;
-      } // lib.optionalAttrs (cfg.httpSecretKey != "") {
-        SHIORI_HTTP_SECRET_KEY = cfg.httpSecretKey;
       };
 
       serviceConfig = {
         ExecStart =
-          "${package}/bin/shiori server --address '${address}' --port '${
+          "${cfg.package}/bin/shiori server --address '${cfg.address}' --port '${
-            toString port
+            toString cfg.port
-          }' --webroot '${webRoot}'";
+          }' --webroot '${cfg.webRoot}'";
 
         DynamicUser = true;
         StateDirectory = "shiori";
@@ -72,16 +73,17 @@ in {
         RuntimeDirectory = "shiori";
 
         # Security options
-
+        EnvironmentFile =
+          lib.optional (cfg.environmentFile != null) cfg.environmentFile;
         BindReadOnlyPaths = [
           "/nix/store"
 
           # For SSL certificates, and the resolv.conf
           "/etc"
-        ] ++ lib.optional (lib.strings.hasInfix "postgres" cfg.databaseUrl)
+        ] ++ lib.optional (lib.strings.hasInfix "postgres" cfg.databaseUrl
-          "/run/postgresql"
+          && config.services.postgresql.enable) "/run/postgresql"
-          ++ lib.optional (lib.strings.hasInfix "mysql" cfg.databaseUrl)
+          ++ lib.optional (lib.strings.hasInfix "mysql" cfg.databaseUrl
-          "/var/run/mysqld";
+            && config.services.mysql.enable) "/var/run/mysqld";
 
         CapabilityBoundingSet = "";
         AmbientCapabilities = "CAP_NET_BIND_SERVICE";
@@ -126,5 +128,5 @@ in {
     };
   };
 
-  meta.maintainers = with maintainers; [ minijackson CaptainJawZ ];
+  meta.maintainers = with lib.maintainers; [ minijackson CaptainJawZ ];
 }

pkgs/shiori/shiori.nix

@@ -1,10 +1,10 @@
-{ lib, buildGoModule, fetchFromGitHub, nixosTests }:
+{ lib, buildGoModule, fetchFromGitHub, nixosTests, installShellFiles }:
 
 buildGoModule rec {
   pname = "shiori";
-  version = "1.6.2";
+  version = "1.7.0";
 
-  vendorHash = "sha256-LLiBRsh9HsadeHQh4Yvops1r2GfjtvQKt5ZelQnPGdI=";
+  vendorHash = "sha256-fakRqgoEcdzw9WZuubaxfGfvVrMvb8gV/IwPikMnfRQ=";
 
   doCheck = false;
 
@@ -12,17 +12,24 @@ buildGoModule rec {
     owner = "go-shiori";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-1ZZpQXlAHs5MTowCv3sWS3L7X5FTnU/b4trvHPiz+uE=";
+    sha256 = "sha256-5+hTtvBnj3Nh5HitReVkLift9LTiMYVuuYx5EirN0SA=";
   };
 
-  passthru.tests = {
+  nativeBuildInputs = [ installShellFiles ];
-    smoke-test = nixosTests.shiori;
+  postInstall = ''
-  };
+    installShellCompletion --cmd shiori \
+      --bash <($out/bin/shiori completion bash) \
+      --fish <($out/bin/shiori completion fish) \
+      --zsh <($out/bin/shiori completion zsh)
+  '';
+
+  # passthru.tests.smoke-test = nixosTests.shiori; # test broken
 
   meta = with lib; {
     description = "Simple bookmark manager built with Go";
+    mainProgram = "shiori";
     homepage = "https://github.com/go-shiori/shiori";
     license = licenses.mit;
-    maintainers = with maintainers; [ minijackson ];
+    maintainers = with maintainers; [ minijackson CaptainJawZ ];
   };
 }

secrets/env.yaml

@@ -1,3 +1,4 @@
+shiori: ENC[AES256_GCM,data:tV7+1GusZvcli8dM86xOD71dc2mzcyfQwMeTh//LDb0=,iv:ED9wR6QjQgwd9Ll/UC5FK3CyYK3b0RniC/D6Y0nGEOI=,tag:X/aopMc2vhnRW2iTphFflQ==,type:str]
 flame: ENC[AES256_GCM,data:XsYRsA2xs+juWje2Od2Yl2xIvU0OS8xMrtwtcK/0NyyRrg==,iv:FR8lHsNQNCaOy4P+7BsIjNCz+H38i5RlwLYQ4fpB2+w=,tag:61EV7H04pcr1bSX4nSvlpw==,type:str]
 ryot: ENC[AES256_GCM,data:Vlo6pv2+LuQxvdprI53BoQpngRfUWhqE07o+9ZKLZiaJBC6FCdFbeu37mo7QqGUJ34bHDP87PGU2IDPC69XURbVLy3QpgSqKiQlM56XoXr4Yz+B4MGVkVr384r5bQ6eMoSpIJ25UgMotuYWNgdyixKS+Nu/+pGLtVS/YtQ==,iv:YZs3zAlHuK9fz0OGAX9vQxoaYbzojwXpY++LwIxF6Ig=,tag:t2n8F1ll2ZN44AYDOjmhLQ==,type:str]
 mealie: ENC[AES256_GCM,data:RjKqDs70lWhGN0LXPp3feQfW/WtfJlR6vX++0hwGtqcA3iepEh2Ab/36YRKbsVRBkglp0u18MusTmP0LSHUpzgCn/c/5ZzzRLGL83K3aQRlg8JtdTvzvEnLQSdE=,iv:GEfa8LwpOhkqWtLk0I5F14zkHcnFjVhVaHeLSFlDkN4=,tag:lkGcFn91hVxraMHCKF7rXQ==,type:str]
@@ -46,8 +47,8 @@ sops:
             QXRUYWtGcWZCVW11U3VYRktuUjlCbDgKsTK4WhUza/JuoDTU3uATa6fq/8eYzxtb
             9BUK1ddzx9Mghea9XBMS17YGtGmW800OsLBomb3SINnOFvejcnKf8Q==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-06-25T07:00:26Z"
+    lastmodified: "2024-06-29T21:28:08Z"
-    mac: ENC[AES256_GCM,data:P7jAExu1yUpZejZ7E5XBGoxax8B17QjHzYcwiNjduTv5qi+8bsRVXcwp2LQOkR0kBW2RZMiTTWgMwfNuBL7BKigyuvuFvqQeatRUqCofVFDIaYzm7LZRNOu4+wsjpEV5Zjxhlzv4qWPxB/iaobQSCEp9Ii/T3/TUkP++xSS5M8Q=,iv:GGOrnxOuBKkeR9nUXBTJlDdeNP8My83PRtl7Pdxazt0=,tag:EeoYLrF2yDC8yquiQbYUzA==,type:str]
+    mac: ENC[AES256_GCM,data:uVxwOOVOSeBsiVLXbOGo4cudGoJjn7yVYvWW7WZqPRu5FO32LA1rbZObN0RT4Y8OWFdv297rewTiC3KiGIPAZav91yiwlrXX/koEa4OhwQfkKiPNyPvmJ6e2h+M3gck75wbt1sbT8qnMtsHUjkfNZQiInC5hJyikalTusILke8w=,iv:IhOvHRYgkYP0BEZ60f66/nLU1x8Qk/YwZiNbcXDFOeQ=,tag:gcqBy9HxaX1W7osQHyNzOA==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1

secrets/secrets.yaml

@@ -1,6 +1,7 @@
 jawz-password: ENC[AES256_GCM,data:j5qya2z9bDESQopcBpLBktyBvIuplbq3Ql4TovdAF1BIJHcf4CAjFuCStW0axFEOST6bgJwhcZZvK4rWUyoS47eaFDp2lkiQnQ==,iv:GNEA8v0NR+PGe4yvlm4V6tTJD5NmlswRPH7JnQJUyLk=,tag:dpxDK88cAJSk+XdFF2mDww==,type:str]
 smtp-password: ENC[AES256_GCM,data:KAIn6lp6JXY39SgMPGP3tQ==,iv:Mgmo9bLT3iIGXw6THqJO6+IuPV65VXo1+vE3PrmS44Y=,tag:8urcnZtccaPJSOuHiZAp5A==,type:str]
 nextcloud-adminpass: ENC[AES256_GCM,data:g0bnifEbMykPBVwMF14EhT/RWGsnEzJ6sXXmxSJ6kIVDeRr8XVRbFzusxlxAOOlseVwPT6e4Ad8=,iv:Gy0LwUNCw8gnqlwk91qguSEeufIJDtaqNNLX1vZp7vA=,tag:y8H42B1rue0X7/4nG/Whsw==,type:str]
+firefly-iii-keyfile: ENC[AES256_GCM,data:HTifd3/5apa9f0RiOh33aRRoVkRskgo/2FV9S01wQSEmKFLg2M9gNNFm6gv2/WCQvNc1,iv:4yLIQQkfqhLixQtAOsbQePNlKOrU2p6Dqw9aLPDoJrM=,tag:uSbAMCy4FWRMU+QhExAE2w==,type:str]
 resilio:
     host: ENC[AES256_GCM,data:iITbrqpJSdM52A==,iv:8sahhsUA9iIXNlJYKAkakllQDbYVOsGuwBulK9FyvTU=,tag:zKKHwrEFUkl3Fcd0RJcIjw==,type:str]
     user: ENC[AES256_GCM,data:31s2ihj2cN9C5Lyr2w==,iv:2MzKiRoDosawbeQ04LUKbfbSVFUUD6uUYynB6B0WNWw=,tag:GR0lXvLZAPof6WE3Verimg==,type:str]
@@ -48,8 +49,8 @@ sops:
             RmRyZldlMjUwMEdUUEpDS2JSa2tDTTAKp/pT+0cNnCuKVL+Z0fEMiw1PL9PB/nSM
             QWVTo0Mt8Y6X0Xt0EAi9G5AYxADZ/mmEWPxB7RFgVAiMKtor5Gy1zw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-06-25T00:47:48Z"
+    lastmodified: "2024-06-29T21:27:25Z"
-    mac: ENC[AES256_GCM,data:410HyLmJ4FhCp6pFqAG9Mf7cwIQdalsh6bZ5feAu8P1vcJrTLefZskWIbjD6aQNKucDjS5CMPJd/7oP8wyc2XHKRqFO9CLSJ7wi6OmNaw/qevQxy4PSj5w44gd5/OI5aE2nN+X1R03PYSYEIs5SImwHBxN/fYR+WprAsbO1Ygrw=,iv:fgG5i3+rNtN4YzIL97+6cHP4cL2xXf0pgfsYbetGE2g=,tag:qu7vzzDnhDpW1dwu8TYCXg==,type:str]
+    mac: ENC[AES256_GCM,data:ZmUuxDXxfr6eJcjoC0F2A/JnU+/33jWXjCRWvkWZfduxFayF8bRZNOLgTzXeV//TGNEY38ba/VsTDqOiu0YWRFE7VaQd8xk9uKmzeCi8Djv2fI+TAwXUorrZJ2bUJQ/WCCm7hOQ2OEE1c7icr6YsPTtYC652Itm10FF4PrF+VpI=,iv:vKC/B0cfODXMZ1l2wA0iUaxwZgDwjKPVBekmc/6lSvU=,tag:tE3dmwDjtEEBTPtNM01JQA==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1