nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-22 06:53:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

nixos/filesender: init module

Browse Source
This commit is contained in:
nhnn 2024-05-21 19:27:45 +03:00
parent b56286db09
commit 3d47565193
No known key found for this signature in database
8 changed files with 458 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/doc/manual/release-notes/rl-2405.section.md
View File

@ -197,6 +197,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
- [your_spotify](https://github.com/Yooooomi/your_spotify), a self hosted Spotify tracking dashboard. Available as [services.your_spotify](#opt-services.your_spotify.enable)
- [FileSender](https://filesender.org/), a file sharing software. Available as [services.filesender](#opt-services.filesender.enable).
## Backward Incompatibilities {#sec-release-24.05-incompatibilities}
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->

1
nixos/modules/module-list.nix
View File

@ -1353,6 +1353,7 @@
./services/web-apps/dolibarr.nix
./services/web-apps/engelsystem.nix
./services/web-apps/ethercalc.nix
./services/web-apps/filesender.nix
./services/web-apps/firefly-iii.nix
./services/web-apps/flarum.nix
./services/web-apps/fluidd.nix

49
nixos/modules/services/web-apps/filesender.md Normal file
View File

@ -0,0 +1,49 @@
# FileSender {#module-services-filesender}
[FileSender](https://filesender.org/software/) is a software that makes it easy to send and receive big files.
## Quickstart {#module-services-filesender-quickstart}
FileSender uses [SimpleSAMLphp](https://simplesamlphp.org/) for authentication, which needs to be configured separately.
Minimal working instance of FileSender that uses password-authentication would look like this:
```nix
{
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.filesender = {
enable = true;
localDomain = "filesender.example.com";
configureNginx = true;
database.createLocally = true;
settings = {
auth_sp_saml_authentication_source = "default";
auth_sp_saml_uid_attribute = "uid";
storage_filesystem_path = "<STORAGE PATH FOR UPLOADED FILES>";
admin = "admin";
admin_email = "admin@example.com";
email_reply_to = "noreply@example.com";
};
};
services.simplesamlphp.filesender = {
settings = {
"module.enable".exampleauth = true;
};
authSources = {
admin = [ "core:AdminPassword" ];
default = format.lib.mkMixedArray [ "exampleauth:UserPass" ] {
"admin:admin123" = {
uid = [ "admin" ];
cn = [ "admin" ];
mail = [ "admin@example.com" ];
};
};
};
};
}
```
::: {.warning}
Example above uses hardcoded clear-text password, in production you should use other authentication method like LDAP. You can check supported authentication methods [in SimpleSAMLphp documentation](https://simplesamlphp.org/docs/stable/simplesamlphp-idp.html).
:::

253
nixos/modules/services/web-apps/filesender.nix Normal file
View File

@ -0,0 +1,253 @@
{
config,
lib,
pkgs,
...
}:
let
format = pkgs.formats.php { finalVariable = "config"; };
cfg = config.services.filesender;
simpleSamlCfg = config.services.simplesamlphp.filesender;
fpm = config.services.phpfpm.pools.filesender;
filesenderConfigDirectory = pkgs.runCommand "filesender-config" { } ''
mkdir $out
cp ${format.generate "config.php" cfg.settings} $out/config.php
'';
in
{
meta = {
maintainers = with lib.maintainers; [ nhnn ];
doc = ./filesender.md;
};
options.services.filesender = with lib; {
enable = mkEnableOption "FileSender";
package = mkPackageOption pkgs "filesender" { };
user = mkOption {
description = "User under which filesender runs.";
type = types.str;
default = "filesender";
};
database = {
createLocally = mkOption {
type = types.bool;
default = true;
description = ''
Create the PostgreSQL database and database user locally.
'';
};
hostname = mkOption {
type = types.str;
default = "/run/postgresql";
description = "Database hostname.";
};
port = mkOption {
type = types.port;
default = 5432;
description = "Database port.";
};
name = mkOption {
type = types.str;
default = "filesender";
description = "Database name.";
};
user = mkOption {
type = types.str;
default = "filesender";
description = "Database user.";
};
passwordFile = mkOption {
type = types.nullOr types.path;
default = null;
example = "/run/keys/filesender-dbpassword";
description = ''
A file containing the password corresponding to
[](#opt-services.filesender.database.user).
'';
};
};
settings = mkOption {
type = types.submodule {
freeformType = format.type;
options = {
site_url = mkOption {
type = types.str;
description = "Site URL. Used in emails, to build URLs for logging in, logging out, build URL for upload endpoint for web workers, to include scripts etc.";
};
admin = mkOption {
type = types.commas;
description = ''
UIDs (as per the configured saml_uid_attribute) of FileSender administrators.
Accounts with these UIDs can access the Admin page through the web UI.
'';
};
admin_email = mkOption {
type = types.commas;
description = ''
Email address of FileSender administrator(s).
Emails regarding disk full etc. are sent here.
You should use a role-address here.
'';
};
storage_filesystem_path = mkOption {
type = types.nullOr types.str;
description = "When using storage type filesystem this is the absolute path to the file system where uploaded files are stored until they expire. Your FileSender storage root.";
};
log_facilities = mkOption {
type = format.type;
default = [ { type = "error_log"; } ];
description = "Defines where FileSender logging is sent. You can sent logging to a file, to syslog or to the default PHP log facility (as configured through your webserver's PHP module). The directive takes an array of one or more logging targets. Logging can be sent to multiple targets simultaneously. Each logging target is a list containing the name of the logging target and a number of attributes which vary per log target. See below for the exact definiation of each log target.";
};
};
};
default = { };
description = ''
Configuration options used by FileSender.
See [](https://docs.filesender.org/filesender/v2.0/admin/configuration/)
for available options.
'';
};
configureNginx = mkOption {
type = types.bool;
default = true;
description = "Configure nginx as a reverse proxy for FileSender.";
};
localDomain = mkOption {
type = types.str;
example = "filesender.example.org";
description = "The domain serving your FileSender instance.";
};
poolSettings = mkOption {
type =
with types;
attrsOf (oneOf [
str
int
bool
]);
default = {
"pm" = "dynamic";
"pm.max_children" = "32";
"pm.start_servers" = "2";
"pm.min_spare_servers" = "2";
"pm.max_spare_servers" = "4";
"pm.max_requests" = "500";
};
description = ''
Options for FileSender's PHP pool. See the documentation on `php-fpm.conf` for details on configuration directives.
'';
};
};
config = lib.mkIf cfg.enable {
services.simplesamlphp.filesender = {
phpfpmPool = "filesender";
localDomain = cfg.localDomain;
settings.baseurlpath = lib.mkDefault "https://${cfg.localDomain}/saml";
};
services.phpfpm = {
pools.filesender = {
user = cfg.user;
group = config.services.nginx.group;
phpEnv = {
FILESENDER_CONFIG_DIR = toString filesenderConfigDirectory;
SIMPLESAMLPHP_CONFIG_DIR = toString simpleSamlCfg.configDir;
};
settings = {
"listen.owner" = config.services.nginx.user;
"listen.group" = config.services.nginx.group;
} // cfg.poolSettings;
};
};
services.nginx = lib.mkIf cfg.configureNginx {
enable = true;
virtualHosts.${cfg.localDomain} = {
root = "${cfg.package}/www";
extraConfig = ''
index index.php;
'';
locations = {
"/".extraConfig = ''
try_files $uri $uri/ /index.php?args;
'';
"~ [^/]\\.php(/|$)" = {
extraConfig = ''
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:${fpm.socket};
include ${pkgs.nginx}/conf/fastcgi.conf;
fastcgi_intercept_errors on;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
'';
};
"~ /\\.".extraConfig = "deny all;";
};
};
};
services.postgresql = lib.mkIf cfg.database.createLocally {
enable = true;
ensureDatabases = [ cfg.database.name ];
ensureUsers = [
{
name = cfg.database.user;
ensureDBOwnership = true;
}
];
};
services.filesender.settings = lib.mkMerge [
(lib.mkIf cfg.database.createLocally {
db_host = "/run/postgresql";
db_port = "5432";
db_password = "."; # FileSender requires it even when on UNIX socket auth.
})
(lib.mkIf (!cfg.database.createLocally) {
db_host = cfg.database.hostname;
db_port = toString cfg.database.port;
db_password = format.lib.mkRaw "file_get_contents('${cfg.database.passwordFile}')";
})
{
site_url = lib.mkDefault "https://${cfg.localDomain}";
db_type = "pgsql";
db_username = cfg.database.user;
db_database = cfg.database.name;
"auth_sp_saml_simplesamlphp_url" = "/saml";
"auth_sp_saml_simplesamlphp_location" = "${simpleSamlCfg.libDir}";
}
];
systemd.services.filesender-initdb = {
description = "Init filesender DB";
wantedBy = [
"multi-user.target"
"phpfpm-filesender.service"
];
after = [ "postgresql.service" ];
restartIfChanged = true;
serviceConfig = {
Environment = [
"FILESENDER_CONFIG_DIR=${toString filesenderConfigDirectory}"
"SIMPLESAMLPHP_CONFIG_DIR=${toString simpleSamlCfg.configDir}"
];
Type = "oneshot";
Group = config.services.nginx.group;
User = "filesender";
ExecStart = "${fpm.phpPackage}/bin/php ${cfg.package}/scripts/upgrade/database.php";
};
};
users.extraUsers.filesender = lib.mkIf (cfg.user == "filesender") {
home = "/var/lib/filesender";
group = config.services.nginx.group;
createHome = true;
isSystemUser = true;
};
};
}

1
nixos/tests/all-tests.nix
View File

@ -312,6 +312,7 @@ in {
fenics = handleTest ./fenics.nix {};
ferm = handleTest ./ferm.nix {};
ferretdb = handleTest ./ferretdb.nix {};
filesender = handleTest ./filesender.nix {};
filesystems-overlayfs = runTest ./filesystems-overlayfs.nix;
firefly-iii = handleTest ./firefly-iii.nix {};
firefox = handleTest ./firefox.nix { firefoxPackage = pkgs.firefox; };

137
nixos/tests/filesender.nix Normal file
View File

@ -0,0 +1,137 @@
import ./make-test-python.nix ({ pkgs, lib, ... }: {
name = "filesender";
meta = {
maintainers = with lib.maintainers; [ nhnn ];
broken = pkgs.stdenv.isAarch64; # selenium.common.exceptions.WebDriverException: Message: Unsupported platform/architecture combination: linux/aarch64
};
nodes.filesender = { ... }: let
format = pkgs.formats.php { };
in {
networking.firewall.allowedTCPPorts = [ 80 ];
services.filesender.enable = true;
services.filesender.localDomain = "filesender";
services.filesender.settings = {
auth_sp_saml_authentication_source = "default";
auth_sp_saml_uid_attribute = "uid";
storage_filesystem_path = "/tmp";
site_url = "http://filesender";
force_ssl = false;
admin = "";
admin_email = "admin@localhost";
email_reply_to = "noreply@localhost";
};
services.simplesamlphp.filesender = {
settings = {
baseurlpath = "http://filesender/saml";
"module.enable".exampleauth = true;
};
authSources = {
admin = [ "core:AdminPassword" ];
default = format.lib.mkMixedArray [ "exampleauth:UserPass" ] {
"user:password" = {
uid = [ "user" ];
cn = [ "user" ];
mail = [ "user@nixos.org" ];
};
};
};
};
};
nodes.client =
{ pkgs
, nodes
, ...
}:
let
filesenderIP = (builtins.head (nodes.filesender.networking.interfaces.eth1.ipv4.addresses)).address;
in
{
networking.hosts.${filesenderIP} = [ "filesender" ];
environment.systemPackages =
let
username = "user";
password = "password";
browser-test =
pkgs.writers.writePython3Bin "browser-test"
{
libraries = [ pkgs.python3Packages.selenium ];
flakeIgnore = [ "E124" "E501" ];
} ''
from selenium.webdriver.common.by import By
from selenium.webdriver import Firefox
from selenium.webdriver.firefox.options import Options
from selenium.webdriver.firefox.firefox_profile import FirefoxProfile
from selenium.webdriver.firefox.service import Service
from selenium.webdriver.support.ui import WebDriverWait
from selenium.webdriver.support import expected_conditions as EC
from subprocess import STDOUT
import string
import random
import logging
import time
selenium_logger = logging.getLogger("selenium")
selenium_logger.setLevel(logging.DEBUG)
selenium_logger.addHandler(logging.StreamHandler())
profile = FirefoxProfile()
profile.set_preference("browser.download.folderList", 2)
profile.set_preference("browser.download.manager.showWhenStarting", False)
profile.set_preference("browser.download.dir", "/tmp/firefox")
profile.set_preference("browser.helperApps.neverAsk.saveToDisk", "text/plain;text/txt")
options = Options()
options.profile = profile
options.add_argument('--headless')
service = Service(log_output=STDOUT)
driver = Firefox(options=options)
driver.set_window_size(1024, 768)
driver.implicitly_wait(30)
driver.get('http://filesender/')
wait = WebDriverWait(driver, 20)
wait.until(EC.title_contains("FileSender"))
driver.find_element(By.ID, "btn_logon").click()
wait.until(EC.title_contains("Enter your username and password"))
driver.find_element(By.ID, 'username').send_keys(
'${username}'
)
driver.find_element(By.ID, 'password').send_keys(
'${password}'
)
driver.find_element(By.ID, "submit_button").click()
wait.until(EC.title_contains("FileSender"))
wait.until(EC.presence_of_element_located((By.ID, "topmenu_logoff")))
test_string = "".join(random.choices(string.ascii_uppercase + string.digits, k=20))
with open("/tmp/test_file.txt", "w") as file:
file.write(test_string)
driver.find_element(By.ID, "files").send_keys("/tmp/test_file.txt")
time.sleep(2)
driver.find_element(By.CSS_SELECTOR, '.start').click()
wait.until(EC.presence_of_element_located((By.CSS_SELECTOR, ".download_link")))
download_link = driver.find_element(By.CSS_SELECTOR, '.download_link > textarea').get_attribute('value').strip()
driver.get(download_link)
wait.until(EC.presence_of_element_located((By.CSS_SELECTOR, ".download")))
driver.find_element(By.CSS_SELECTOR, '.download').click()
wait.until(EC.presence_of_element_located((By.CSS_SELECTOR, ".ui-dialog-buttonset > button:nth-child(2)")))
driver.find_element(By.CSS_SELECTOR, ".ui-dialog-buttonset > button:nth-child(2)").click()
driver.close()
driver.quit()
'';
in
[
pkgs.firefox-unwrapped
pkgs.geckodriver
browser-test
];
};
testScript = ''
start_all()
filesender.wait_for_file("/run/phpfpm/filesender.sock")
filesender.wait_for_open_port(80)
if "If you have received an invitation to access this site as a guest" not in client.wait_until_succeeds("curl -sS -f http://filesender"):
raise Exception("filesender returned invalid html")
client.succeed("browser-test")
'';
})

10
pkgs/by-name/fi/filesender/package.nix
View File

@ -4,14 +4,14 @@
lib,
nixosTests,
}:
stdenv.mkDerivation rec {
stdenv.mkDerivation (finalAttrs: {
pname = "filesender";
version = "2.48";
src = fetchFromGitHub {
owner = "filesender";
repo = "filesender";
rev = "filesender-${version}";
rev = "filesender-${finalAttrs.version}";
hash = "sha256-lXA9XZ5gbfut2EQ5bF2w8rhAEM++8rQseWviKwfRWGk=";
};
@ -22,8 +22,12 @@ stdenv.mkDerivation rec {
];
installPhase = ''
runHook preInstall
mkdir -p $out/
cp -R . $out/
runHook postInstall
'';
passthru.tests = {
@ -36,4 +40,4 @@ stdenv.mkDerivation rec {
license = lib.licenses.bsd3;
maintainers = with lib.maintainers; [ nhnn ];
};
}
})

16
pkgs/by-name/fi/filesender/separate_mutable_paths.patch
View File

@ -1,5 +1,5 @@
diff --git a/classes/utils/Config.class.php b/classes/utils/Config.class.php
index a4d819bc..3c2ed287 100644
index a4d819bc..318defdf 100644
--- a/classes/utils/Config.class.php
+++ b/classes/utils/Config.class.php
@@ -30,7 +30,7 @@
@ -16,7 +16,7 @@ index a4d819bc..3c2ed287 100644
// Check if main config exists
- $main_config_file = FILESENDER_BASE.'/config/config.php';
+ $main_config_file = FILESENDER_CONFIG_DIR.'/config/config.php';
+ $main_config_file = FILESENDER_CONFIG_DIR.'/config.php';
if (!file_exists($main_config_file)) {
throw new ConfigFileMissingException($main_config_file);
}
@ -25,7 +25,7 @@ index a4d819bc..3c2ed287 100644
// load password file if it is there
- $pass_config_file = FILESENDER_BASE.'/config/config-passwords.php';
+ $pass_config_file = FILESENDER_CONFIG_DIR.'/config/config-passwords.php';
+ $pass_config_file = FILESENDER_CONFIG_DIR.'/config-passwords.php';
if (file_exists($pass_config_file)) {
$config = array();
include_once($pass_config_file);
@ -34,7 +34,7 @@ index a4d819bc..3c2ed287 100644
}
- $config_file = FILESENDER_BASE.'/config/'.$virtualhost.'/config.php';
+ $config_file = FILESENDER_CONFIG_DIR.'/config/'.$virtualhost.'/config.php';
+ $config_file = FILESENDER_CONFIG_DIR.$virtualhost.'/config.php';
if (!file_exists($config_file)) {
throw new ConfigFileMissingException($config_file);
} // Should exist even if empty
@ -43,7 +43,7 @@ index a4d819bc..3c2ed287 100644
foreach ($regex_and_configs as $regex => $extra_config_name) {
if (preg_match('`'.$regex.'`', $auth_attrs[$attr])) {
- $extra_config_file = FILESENDER_BASE.'/config/config-' . $extra_config_name . '.php';
+ $extra_config_file = FILESENDER_CONFIG_DIR.'/config/config-' . $extra_config_name . '.php';
+ $extra_config_file = FILESENDER_CONFIG_DIR.'/config-' . $extra_config_name . '.php';
if (file_exists($extra_config_file)) {
$config = array();
include_once($extra_config_file);
@ -52,7 +52,7 @@ index a4d819bc..3c2ed287 100644
$overrides_cfg = self::get('config_overrides');
if ($overrides_cfg) {
- $overrides_file = FILESENDER_BASE.'/config/'.($virtualhost ? $virtualhost.'/' : '').'config_overrides.json';
+ $overrides_file = FILESENDER_CONFIG_DIR.'/config/'.($virtualhost ? $virtualhost.'/' : '').'config_overrides.json';
+ $overrides_file = FILESENDER_CONFIG_DIR.($virtualhost ? $virtualhost.'/' : '').'config_overrides.json';
$overrides = file_exists($overrides_file) ? json_decode(trim(file_get_contents($overrides_file))) : new StdClass();
@ -61,7 +61,7 @@ index a4d819bc..3c2ed287 100644
{
$virtualhosts = array();
- foreach (scandir(FILESENDER_BASE.'/config') as $item) {
+ foreach (scandir(FILESENDER_CONFIG_DIR.'/config') as $item) {
+ foreach (scandir(FILESENDER_CONFIG_DIR) as $item) {
if (!preg_match('`^(.+)\.conf\.php$`', $item, $match)) {
continue;
}
@ -103,7 +103,7 @@ index 5c1e7f61..b1fb57e4 100644
+if(!defined('FILESENDER_BASE') || !defined("FILESENDER_CONFIG_DIR")) die('Missing environment');
-if(!file_exists(FILESENDER_BASE.'/config/config.php'))
++if(!file_exists(FILESENDER_CONFIG_DIR.'/config.php'))
+if(!file_exists(FILESENDER_CONFIG_DIR.'/config.php'))
die('Configuration file not found');
ConfigValidator::addCheck('site_url', 'string');