diff --git a/nixos/modules/services/web-apps/shiori.nix b/nixos/modules/services/web-apps/shiori.nix index 022bb5e43881..208b5432ef8a 100644 --- a/nixos/modules/services/web-apps/shiori.nix +++ b/nixos/modules/services/web-apps/shiori.nix @@ -1,17 +1,15 @@ { config, lib, pkgs, ... }: -with lib; -let - cfg = config.services.shiori; +let cfg = config.services.shiori; in { options = { services.shiori = { - enable = mkEnableOption "Shiori simple bookmarks manager"; + enable = lib.mkEnableOption "Shiori simple bookmarks manager"; - package = mkPackageOption pkgs "shiori" { }; + package = lib.mkPackageOption pkgs "shiori" { }; - address = mkOption { - type = types.str; + address = lib.mkOption { + type = lib.types.str; default = ""; description = '' The IP address on which Shiori will listen. @@ -19,30 +17,55 @@ in { ''; }; - port = mkOption { - type = types.port; + port = lib.mkOption { + type = lib.types.port; default = 8080; description = "The port of the Shiori web application"; }; - webRoot = mkOption { - type = types.str; + webRoot = lib.mkOption { + type = lib.types.str; default = "/"; example = "/shiori"; description = "The root of the Shiori web application"; }; + + environmentFile = lib.mkOption { + type = lib.types.null or lib.types.path; + default = null; + example = "/path/to/environmentFile"; + description = '' + Path to file containing environment variables. + Useful for passing down secrets. + + ''; + }; + + databaseUrl = lib.mkOption { + type = lib.types.null or lib.types.str; + default = null; + example = "postgresql:///shiori?host=/run/postgresql"; + description = "The connection URL to connect to MySQL or PostgreSQL"; + }; }; }; - config = mkIf cfg.enable { - systemd.services.shiori = with cfg; { + config = lib.mkIf cfg.enable { + systemd.services.shiori = { description = "Shiori simple bookmarks manager"; wantedBy = [ "multi-user.target" ]; - - environment.SHIORI_DIR = "/var/lib/shiori"; + after = [ "postgresql.service" "mysql.service" ]; + environment = { + SHIORI_DIR = "/var/lib/shiori"; + } // lib.optionalAttrs (cfg.databaseUrl != null) { + SHIORI_DATABASE_URL = cfg.databaseUrl; + }; serviceConfig = { - ExecStart = "${package}/bin/shiori serve --address '${address}' --port '${toString port}' --webroot '${webRoot}'"; + ExecStart = + "${cfg.package}/bin/shiori server --address '${cfg.address}' --port '${ + toString cfg.port + }' --webroot '${cfg.webRoot}'"; DynamicUser = true; StateDirectory = "shiori"; @@ -50,15 +73,20 @@ in { RuntimeDirectory = "shiori"; # Security options - + EnvironmentFile = + lib.optional (cfg.environmentFile != null) cfg.environmentFile; BindReadOnlyPaths = [ "/nix/store" # For SSL certificates, and the resolv.conf "/etc" - ]; + ] ++ lib.optional (lib.strings.hasInfix "postgres" cfg.databaseUrl + && config.services.postgresql.enable) "/run/postgresql" + ++ lib.optional (lib.strings.hasInfix "mysql" cfg.databaseUrl + && config.services.mysql.enable) "/var/run/mysqld"; CapabilityBoundingSet = ""; + AmbientCapabilities = "CAP_NET_BIND_SERVICE"; DeviceAllow = ""; @@ -78,7 +106,7 @@ in { ProtectKernelTunables = true; RestrictNamespaces = true; - RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; + RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ]; RestrictRealtime = true; RestrictSUIDSGID = true; @@ -88,11 +116,17 @@ in { SystemCallErrorNumber = "EPERM"; SystemCallFilter = [ "@system-service" - "~@cpu-emulation" "~@debug" "~@keyring" "~@memlock" "~@obsolete" "~@privileged" "~@setuid" + "~@cpu-emulation" + "~@debug" + "~@keyring" + "~@memlock" + "~@obsolete" + "~@privileged" + "~@setuid" ]; }; }; }; - meta.maintainers = with maintainers; [ minijackson ]; + meta.maintainers = with lib.maintainers; [ minijackson CaptainJawZ ]; } diff --git a/nixos/tests/shiori.nix b/nixos/tests/shiori.nix index d0f68b903f8c..99c1301cc3f8 100644 --- a/nixos/tests/shiori.nix +++ b/nixos/tests/shiori.nix @@ -1,80 +1,79 @@ -import ./make-test-python.nix ({ pkgs, lib, ...}: +import ./make-test-python.nix ({ pkgs, lib, ... }: -{ - name = "shiori"; - meta.maintainers = with lib.maintainers; [ minijackson ]; + { + name = "shiori"; + meta.maintainers = with lib.maintainers; [ minijackson ]; - nodes.machine = - { ... }: - { services.shiori.enable = true; }; + nodes.machine = { ... }: { services.shiori.enable = true; }; - testScript = let - authJSON = pkgs.writeText "auth.json" (builtins.toJSON { - username = "shiori"; - password = "gopher"; - owner = true; - }); + testScript = let + authJSON = pkgs.writeText "auth.json" (builtins.toJSON { + username = "shiori"; + password = "gopher"; + owner = true; + }); - insertBookmark = { - url = "http://example.org"; - title = "Example Bookmark"; - }; + insertBookmark = { + url = "http://example.org"; + title = "Example Bookmark"; + }; - insertBookmarkJSON = pkgs.writeText "insertBookmark.json" (builtins.toJSON insertBookmark); - in '' - import json + insertBookmarkJSON = + pkgs.writeText "insertBookmark.json" (builtins.toJSON insertBookmark); + in '' + import json - machine.wait_for_unit("shiori.service") - machine.wait_for_open_port(8080) - machine.succeed("curl --fail http://localhost:8080/") - machine.succeed("curl --fail --location http://localhost:8080/ | grep -i shiori") + machine.wait_for_unit("shiori.service") + machine.wait_for_open_port(8080) + machine.succeed("curl --fail http://localhost:8080/") + machine.succeed("curl --fail --location http://localhost:8080/ | grep -i shiori") - with subtest("login"): - auth_json = machine.succeed( - "curl --fail --location http://localhost:8080/api/login " - "-X POST -H 'Content-Type:application/json' -d @${authJSON}" - ) - auth_ret = json.loads(auth_json) - session_id = auth_ret["session"] + with subtest("login"): + auth_json = machine.succeed( + "curl --fail --location http://localhost:8080/api/login " + "-X POST -H 'Content-Type:application/json' -d @${authJSON}" + ) + auth_ret = json.loads(auth_json) + session_id = auth_ret["session"] - with subtest("bookmarks"): - with subtest("first use no bookmarks"): - bookmarks_json = machine.succeed( - ( - "curl --fail --location http://localhost:8080/api/bookmarks " - "-H 'X-Session-Id:{}'" - ).format(session_id) - ) + with subtest("bookmarks"): + with subtest("first use no bookmarks"): + bookmarks_json = machine.succeed( + ( + "curl --fail --location http://localhost:8080/api/bookmarks " + "-H 'X-Session-Id:{}'" + ).format(session_id) + ) - if json.loads(bookmarks_json)["bookmarks"] != []: - raise Exception("Shiori have a bookmark on first use") + if json.loads(bookmarks_json)["bookmarks"] != []: + raise Exception("Shiori have a bookmark on first use") - with subtest("insert bookmark"): - machine.succeed( - ( - "curl --fail --location http://localhost:8080/api/bookmarks " - "-X POST -H 'X-Session-Id:{}' " - "-H 'Content-Type:application/json' -d @${insertBookmarkJSON}" - ).format(session_id) - ) + with subtest("insert bookmark"): + machine.succeed( + ( + "curl --fail --location http://localhost:8080/api/bookmarks " + "-X POST -H 'X-Session-Id:{}' " + "-H 'Content-Type:application/json' -d @${insertBookmarkJSON}" + ).format(session_id) + ) - with subtest("get inserted bookmark"): - bookmarks_json = machine.succeed( - ( - "curl --fail --location http://localhost:8080/api/bookmarks " - "-H 'X-Session-Id:{}'" - ).format(session_id) - ) + with subtest("get inserted bookmark"): + bookmarks_json = machine.succeed( + ( + "curl --fail --location http://localhost:8080/api/bookmarks " + "-H 'X-Session-Id:{}'" + ).format(session_id) + ) - bookmarks = json.loads(bookmarks_json)["bookmarks"] - if len(bookmarks) != 1: - raise Exception("Shiori didn't save the bookmark") + bookmarks = json.loads(bookmarks_json)["bookmarks"] + if len(bookmarks) != 1: + raise Exception("Shiori didn't save the bookmark") - bookmark = bookmarks[0] - if ( - bookmark["url"] != "${insertBookmark.url}" - or bookmark["title"] != "${insertBookmark.title}" - ): - raise Exception("Inserted bookmark doesn't have same URL or title") - ''; -}) + bookmark = bookmarks[0] + if ( + bookmark["url"] != "${insertBookmark.url}" + or bookmark["title"] != "${insertBookmark.title}" + ): + raise Exception("Inserted bookmark doesn't have same URL or title") + ''; + }) diff --git a/pkgs/servers/web-apps/shiori/default.nix b/pkgs/servers/web-apps/shiori/default.nix index 8a9fc7973f98..bd6a22287e5f 100644 --- a/pkgs/servers/web-apps/shiori/default.nix +++ b/pkgs/servers/web-apps/shiori/default.nix @@ -1,10 +1,10 @@ -{ lib, buildGoModule, fetchFromGitHub, nixosTests }: +{ lib, buildGoModule, fetchFromGitHub, nixosTests, installShellFiles }: buildGoModule rec { pname = "shiori"; - version = "1.5.5"; + version = "1.7.0"; - vendorHash = "sha256-suWdtqf5IZntEVD+NHGD6RsL1tjcGH9vh5skISW+aCc="; + vendorHash = "sha256-fakRqgoEcdzw9WZuubaxfGfvVrMvb8gV/IwPikMnfRQ="; doCheck = false; @@ -12,18 +12,24 @@ buildGoModule rec { owner = "go-shiori"; repo = pname; rev = "v${version}"; - sha256 = "sha256-kGPvCYvLLixEH9qih/F3StUyGPqlKukTWLSw41+Mq8E="; + sha256 = "sha256-5+hTtvBnj3Nh5HitReVkLift9LTiMYVuuYx5EirN0SA="; }; - passthru.tests = { - smoke-test = nixosTests.shiori; - }; + nativeBuildInputs = [ installShellFiles ]; + postInstall = '' + installShellCompletion --cmd shiori \ + --bash <($out/bin/shiori completion bash) \ + --fish <($out/bin/shiori completion fish) \ + --zsh <($out/bin/shiori completion zsh) + ''; + + # passthru.tests.smoke-test = nixosTests.shiori; # test broken meta = with lib; { description = "Simple bookmark manager built with Go"; mainProgram = "shiori"; homepage = "https://github.com/go-shiori/shiori"; license = licenses.mit; - maintainers = with maintainers; [ minijackson ]; + maintainers = with maintainers; [ minijackson CaptainJawZ ]; }; }