jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

shiori upgrade to 1.7.0

Browse Source
This commit is contained in:
Danilo Reyes 2024-06-29 15:40:27 -06:00
parent 520646bdd4
commit b88a195eda
5 changed files with 57 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
modules/servers/shiori.nix
View File

@ -4,12 +4,13 @@
options.my.servers.shiori.enable = lib.mkEnableOption "enable";
config = lib.mkIf
(config.my.servers.shiori.enable && config.my.servers.postgres.enable) {
sops.secrets.shiori.sopsFile = ../../secrets/env.yaml;
services = {
shiori = {
enable = true;
port = 4368;
package = pkgs.callPackage ../../pkgs/shiori/shiori.nix { };
httpSecretKey = "password";
environmentFile = config.sops.secrets.shiori.path;
databaseUrl = "postgres:///shiori?host=${config.my.postgresSocket}";
};
nginx = {

66
pkgs/shiori/shiori-service.nix
View File

@ -1,16 +1,15 @@
{ config, lib, pkgs, ... }:
with lib;
let cfg = config.services.shiori;
in {
options = {
services.shiori = {
enable = mkEnableOption "Shiori simple bookmarks manager";
enable = lib.mkEnableOption "Shiori simple bookmarks manager";
package = mkPackageOption pkgs "shiori" { };
package = lib.mkPackageOption pkgs "shiori" { };
address = mkOption {
type = types.str;
address = lib.mkOption {
type = lib.types.str;
default = "";
description = ''
The IP address on which Shiori will listen.
@ -18,53 +17,55 @@ in {
'';
};
port = mkOption {
type = types.port;
port = lib.mkOption {
type = lib.types.port;
default = 8080;
description = "The port of the Shiori web application";
};
webRoot = mkOption {
type = types.str;
webRoot = lib.mkOption {
type = lib.types.str;
default = "/";
example = "/shiori";
description = "The root of the Shiori web application";
};
httpSecretKey = mkOption {
type = types.str;
example = "SuperSecretPassword";
description =
"When empty all sessions will be invalidated on server restart";
environmentFile = lib.mkOption {
type = lib.types.null or lib.types.path;
default = null;
example = "/path/to/environmentFile";
description = ''
Path to file containing environment variables.
Useful for passing down secrets.
<https://github.com/go-shiori/shiori/blob/master/docs/Configuration.md#overall-configuration>
'';
};
databaseUrl = mkOption {
type = types.str;
default = "";
databaseUrl = lib.mkOption {
type = lib.types.null or lib.types.str;
default = null;
example = "postgresql:///shiori?host=/run/postgresql";
description = "The connection URL to connect to MySQL or PostgreSQL";
};
};
};
config = mkIf cfg.enable {
systemd.services.shiori = with cfg; {
config = lib.mkIf cfg.enable {
systemd.services.shiori = {
description = "Shiori simple bookmarks manager";
wantedBy = [ "multi-user.target" ];
after = [ "postgresql.service" "mysql.service" ];
environment = {
SHIORI_DIR = "/var/lib/shiori";
} // lib.optionalAttrs (cfg.databaseUrl != "") {
} // lib.optionalAttrs (cfg.databaseUrl != null) {
SHIORI_DATABASE_URL = cfg.databaseUrl;
} // lib.optionalAttrs (cfg.httpSecretKey != "") {
SHIORI_HTTP_SECRET_KEY = cfg.httpSecretKey;
};
serviceConfig = {
ExecStart =
"${package}/bin/shiori server --address '${address}' --port '${
toString port
}' --webroot '${webRoot}'";
"${cfg.package}/bin/shiori server --address '${cfg.address}' --port '${
toString cfg.port
}' --webroot '${cfg.webRoot}'";
DynamicUser = true;
StateDirectory = "shiori";
@ -72,16 +73,17 @@ in {
RuntimeDirectory = "shiori";
# Security options
EnvironmentFile =
lib.optional (cfg.environmentFile != null) cfg.environmentFile;
BindReadOnlyPaths = [
"/nix/store"
# For SSL certificates, and the resolv.conf
"/etc"
] ++ lib.optional (lib.strings.hasInfix "postgres" cfg.databaseUrl)
"/run/postgresql"
++ lib.optional (lib.strings.hasInfix "mysql" cfg.databaseUrl)
"/var/run/mysqld";
] ++ lib.optional (lib.strings.hasInfix "postgres" cfg.databaseUrl
&& config.services.postgresql.enable) "/run/postgresql"
++ lib.optional (lib.strings.hasInfix "mysql" cfg.databaseUrl
&& config.services.mysql.enable) "/var/run/mysqld";
CapabilityBoundingSet = "";
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
@ -126,5 +128,5 @@ in {
};
};
meta.maintainers = with maintainers; [ minijackson CaptainJawZ ];
meta.maintainers = with lib.maintainers; [ minijackson CaptainJawZ ];
}

23
pkgs/shiori/shiori.nix
View File

@ -1,10 +1,10 @@
{ lib, buildGoModule, fetchFromGitHub, nixosTests }:
{ lib, buildGoModule, fetchFromGitHub, nixosTests, installShellFiles }:
buildGoModule rec {
pname = "shiori";
version = "1.6.2";
version = "1.7.0";
vendorHash = "sha256-LLiBRsh9HsadeHQh4Yvops1r2GfjtvQKt5ZelQnPGdI=";
vendorHash = "sha256-fakRqgoEcdzw9WZuubaxfGfvVrMvb8gV/IwPikMnfRQ=";
doCheck = false;
@ -12,17 +12,24 @@ buildGoModule rec {
owner = "go-shiori";
repo = pname;
rev = "v${version}";
sha256 = "sha256-1ZZpQXlAHs5MTowCv3sWS3L7X5FTnU/b4trvHPiz+uE=";
sha256 = "sha256-5+hTtvBnj3Nh5HitReVkLift9LTiMYVuuYx5EirN0SA=";
};
passthru.tests = {
smoke-test = nixosTests.shiori;
};
nativeBuildInputs = [ installShellFiles ];
postInstall = ''
installShellCompletion --cmd shiori \
--bash <($out/bin/shiori completion bash) \
--fish <($out/bin/shiori completion fish) \
--zsh <($out/bin/shiori completion zsh)
'';
# passthru.tests.smoke-test = nixosTests.shiori; # test broken
meta = with lib; {
description = "Simple bookmark manager built with Go";
mainProgram = "shiori";
homepage = "https://github.com/go-shiori/shiori";
license = licenses.mit;
maintainers = with maintainers; [ minijackson ];
maintainers = with maintainers; [ minijackson CaptainJawZ ];
};
}

5
secrets/env.yaml
View File

@ -1,3 +1,4 @@
shiori: ENC[AES256_GCM,data:tV7+1GusZvcli8dM86xOD71dc2mzcyfQwMeTh//LDb0=,iv:ED9wR6QjQgwd9Ll/UC5FK3CyYK3b0RniC/D6Y0nGEOI=,tag:X/aopMc2vhnRW2iTphFflQ==,type:str]
flame: ENC[AES256_GCM,data:XsYRsA2xs+juWje2Od2Yl2xIvU0OS8xMrtwtcK/0NyyRrg==,iv:FR8lHsNQNCaOy4P+7BsIjNCz+H38i5RlwLYQ4fpB2+w=,tag:61EV7H04pcr1bSX4nSvlpw==,type:str]
ryot: ENC[AES256_GCM,data:Vlo6pv2+LuQxvdprI53BoQpngRfUWhqE07o+9ZKLZiaJBC6FCdFbeu37mo7QqGUJ34bHDP87PGU2IDPC69XURbVLy3QpgSqKiQlM56XoXr4Yz+B4MGVkVr384r5bQ6eMoSpIJ25UgMotuYWNgdyixKS+Nu/+pGLtVS/YtQ==,iv:YZs3zAlHuK9fz0OGAX9vQxoaYbzojwXpY++LwIxF6Ig=,tag:t2n8F1ll2ZN44AYDOjmhLQ==,type:str]
mealie: ENC[AES256_GCM,data:RjKqDs70lWhGN0LXPp3feQfW/WtfJlR6vX++0hwGtqcA3iepEh2Ab/36YRKbsVRBkglp0u18MusTmP0LSHUpzgCn/c/5ZzzRLGL83K3aQRlg8JtdTvzvEnLQSdE=,iv:GEfa8LwpOhkqWtLk0I5F14zkHcnFjVhVaHeLSFlDkN4=,tag:lkGcFn91hVxraMHCKF7rXQ==,type:str]
@ -46,8 +47,8 @@ sops:
QXRUYWtGcWZCVW11U3VYRktuUjlCbDgKsTK4WhUza/JuoDTU3uATa6fq/8eYzxtb
9BUK1ddzx9Mghea9XBMS17YGtGmW800OsLBomb3SINnOFvejcnKf8Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-25T07:00:26Z"
mac: ENC[AES256_GCM,data:P7jAExu1yUpZejZ7E5XBGoxax8B17QjHzYcwiNjduTv5qi+8bsRVXcwp2LQOkR0kBW2RZMiTTWgMwfNuBL7BKigyuvuFvqQeatRUqCofVFDIaYzm7LZRNOu4+wsjpEV5Zjxhlzv4qWPxB/iaobQSCEp9Ii/T3/TUkP++xSS5M8Q=,iv:GGOrnxOuBKkeR9nUXBTJlDdeNP8My83PRtl7Pdxazt0=,tag:EeoYLrF2yDC8yquiQbYUzA==,type:str]
lastmodified: "2024-06-29T21:28:08Z"
mac: ENC[AES256_GCM,data:uVxwOOVOSeBsiVLXbOGo4cudGoJjn7yVYvWW7WZqPRu5FO32LA1rbZObN0RT4Y8OWFdv297rewTiC3KiGIPAZav91yiwlrXX/koEa4OhwQfkKiPNyPvmJ6e2h+M3gck75wbt1sbT8qnMtsHUjkfNZQiInC5hJyikalTusILke8w=,iv:IhOvHRYgkYP0BEZ60f66/nLU1x8Qk/YwZiNbcXDFOeQ=,tag:gcqBy9HxaX1W7osQHyNzOA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

5
secrets/secrets.yaml
View File

@ -1,6 +1,7 @@
jawz-password: ENC[AES256_GCM,data:j5qya2z9bDESQopcBpLBktyBvIuplbq3Ql4TovdAF1BIJHcf4CAjFuCStW0axFEOST6bgJwhcZZvK4rWUyoS47eaFDp2lkiQnQ==,iv:GNEA8v0NR+PGe4yvlm4V6tTJD5NmlswRPH7JnQJUyLk=,tag:dpxDK88cAJSk+XdFF2mDww==,type:str]
smtp-password: ENC[AES256_GCM,data:KAIn6lp6JXY39SgMPGP3tQ==,iv:Mgmo9bLT3iIGXw6THqJO6+IuPV65VXo1+vE3PrmS44Y=,tag:8urcnZtccaPJSOuHiZAp5A==,type:str]
nextcloud-adminpass: ENC[AES256_GCM,data:g0bnifEbMykPBVwMF14EhT/RWGsnEzJ6sXXmxSJ6kIVDeRr8XVRbFzusxlxAOOlseVwPT6e4Ad8=,iv:Gy0LwUNCw8gnqlwk91qguSEeufIJDtaqNNLX1vZp7vA=,tag:y8H42B1rue0X7/4nG/Whsw==,type:str]
firefly-iii-keyfile: ENC[AES256_GCM,data:HTifd3/5apa9f0RiOh33aRRoVkRskgo/2FV9S01wQSEmKFLg2M9gNNFm6gv2/WCQvNc1,iv:4yLIQQkfqhLixQtAOsbQePNlKOrU2p6Dqw9aLPDoJrM=,tag:uSbAMCy4FWRMU+QhExAE2w==,type:str]
resilio:
host: ENC[AES256_GCM,data:iITbrqpJSdM52A==,iv:8sahhsUA9iIXNlJYKAkakllQDbYVOsGuwBulK9FyvTU=,tag:zKKHwrEFUkl3Fcd0RJcIjw==,type:str]
user: ENC[AES256_GCM,data:31s2ihj2cN9C5Lyr2w==,iv:2MzKiRoDosawbeQ04LUKbfbSVFUUD6uUYynB6B0WNWw=,tag:GR0lXvLZAPof6WE3Verimg==,type:str]
@ -48,8 +49,8 @@ sops:
RmRyZldlMjUwMEdUUEpDS2JSa2tDTTAKp/pT+0cNnCuKVL+Z0fEMiw1PL9PB/nSM
QWVTo0Mt8Y6X0Xt0EAi9G5AYxADZ/mmEWPxB7RFgVAiMKtor5Gy1zw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-25T00:47:48Z"
mac: ENC[AES256_GCM,data:410HyLmJ4FhCp6pFqAG9Mf7cwIQdalsh6bZ5feAu8P1vcJrTLefZskWIbjD6aQNKucDjS5CMPJd/7oP8wyc2XHKRqFO9CLSJ7wi6OmNaw/qevQxy4PSj5w44gd5/OI5aE2nN+X1R03PYSYEIs5SImwHBxN/fYR+WprAsbO1Ygrw=,iv:fgG5i3+rNtN4YzIL97+6cHP4cL2xXf0pgfsYbetGE2g=,tag:qu7vzzDnhDpW1dwu8TYCXg==,type:str]
lastmodified: "2024-06-29T21:27:25Z"
mac: ENC[AES256_GCM,data:ZmUuxDXxfr6eJcjoC0F2A/JnU+/33jWXjCRWvkWZfduxFayF8bRZNOLgTzXeV//TGNEY38ba/VsTDqOiu0YWRFE7VaQd8xk9uKmzeCi8Djv2fI+TAwXUorrZJ2bUJQ/WCCm7hOQ2OEE1c7icr6YsPTtYC652Itm10FF4PrF+VpI=,iv:vKC/B0cfODXMZ1l2wA0iUaxwZgDwjKPVBekmc/6lSvU=,tag:tE3dmwDjtEEBTPtNM01JQA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1