Merge pull request #153986 from abbradar/prosody-filer

prosody-filer: init at unstable-2021-05-24
2025-01-19 03:14:03 +00:00 · 2022-01-12 13:18:25 +03:00 · 2022-01-12 13:18:25 +03:00 · d042d834af
commit d042d834af
parent dfbf064a13 8956803ade
6 changed files with 125 additions and 0 deletions
--- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
@ -135,6 +135,13 @@
          <link linkend="opt-services.baget.enable">services.baget</link>.
        </para>
      </listitem>
+      <listitem>
+        <para>
+          <link xlink:href="https://github.com/ThomasLeister/prosody-filer">prosody-filer</link>,
+          a server for handling XMPP HTTP Upload requests. Available at
+          <link linkend="opt-services.prosody-filer.enable">services.prosody-filer</link>.
+        </para>
+      </listitem>
    </itemizedlist>
  </section>
  <section xml:id="sec-release-22.05-incompatibilities">
--- a/nixos/doc/manual/release-notes/rl-2205.section.md
+++ b/nixos/doc/manual/release-notes/rl-2205.section.md
@ -41,6 +41,8 @@ In addition to numerous new and upgraded packages, this release has the followin

 - [BaGet](https://loic-sharma.github.io/BaGet/), a lightweight NuGet and symbol server. Available at [services.baget](#opt-services.baget.enable).

+- [prosody-filer](https://github.com/ThomasLeister/prosody-filer), a server for handling XMPP HTTP Upload requests. Available at [services.prosody-filer](#opt-services.prosody-filer.enable).
+
 ## Backward Incompatibilities {#sec-release-22.05-incompatibilities}

 - `pkgs.ghc` now refers to `pkgs.targetPackages.haskellPackages.ghc`.
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@ -1032,6 +1032,7 @@
  ./services/web-apps/plausible.nix
  ./services/web-apps/pgpkeyserver-lite.nix
  ./services/web-apps/powerdns-admin.nix
+  ./services/web-apps/prosody-filer.nix
  ./services/web-apps/matomo.nix
  ./services/web-apps/openwebrx.nix
  ./services/web-apps/restya-board.nix
--- a/nixos/modules/services/web-apps/prosody-filer.nix
+++ b/nixos/modules/services/web-apps/prosody-filer.nix
@ -0,0 +1,88 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+
+  cfg = config.services.prosody-filer;
+
+  settingsFormat = pkgs.formats.toml { };
+  configFile = settingsFormat.generate "prosody-filer.toml" cfg.settings;
+in {
+
+  options = {
+    services.prosody-filer = {
+      enable = mkEnableOption "Prosody Filer XMPP upload file server";
+
+      settings = mkOption {
+        description = ''
+          Configuration for Prosody Filer.
+          Refer to <link xlink:href="https://github.com/ThomasLeister/prosody-filer#configure-prosody-filer"/> for details on supported values.
+        '';
+
+        type = settingsFormat.type;
+
+        example = literalExample ''
+          {
+            secret = "mysecret";
+            storeDir = "/srv/http/nginx/prosody-upload";
+          }
+        '';
+
+        defaultText = literalExpression ''
+          {
+            listenport = mkDefault "127.0.0.1:5050";
+            uploadSubDir = mkDefault "upload/";
+          }
+        '';
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.prosody-filer.settings = {
+      listenport = mkDefault "127.0.0.1:5050";
+      uploadSubDir = mkDefault "upload/";
+    };
+
+    users.users.prosody-filer = {
+      group = "prosody-filer";
+      isSystemUser = true;
+    };
+
+    users.groups.prosody-filer = { };
+
+    systemd.services.prosody-filer = {
+      description = "Prosody file upload server";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+
+      serviceConfig = {
+        User = "prosody-filer";
+        Group = "prosody-filer";
+        ExecStart = "${pkgs.prosody-filer}/bin/prosody-filer -config ${configFile}";
+        Restart = "on-failure";
+        CapabilityBoundingSet = "";
+        NoNewPrivileges = true;
+        PrivateDevices = true;
+        PrivateTmp = true;
+        PrivateMounts = true;
+        ProtectHome = true;
+        ProtectClock = true;
+        ProtectProc = "noaccess";
+        ProcSubset = "pid";
+        ProtectKernelLogs = true;
+        ProtectKernelModules = true;
+        ProtectKernelTunables = true;
+        ProtectControlGroups = true;
+        ProtectHostname = true;
+        RestrictSUIDSGID = true;
+        RestrictRealtime = true;
+        RestrictNamespaces = true;
+        LockPersonality = true;
+        RemoveIPC = true;
+        RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
+        SystemCallFilter = [ "@system-service" "~@privileged" "~@resources" ];
+      };
+    };
+  };
+}
--- a/pkgs/servers/xmpp/prosody-filer/default.nix
+++ b/pkgs/servers/xmpp/prosody-filer/default.nix
@ -0,0 +1,25 @@
+{ stdenv, lib, buildGoModule, fetchFromGitHub }:
+
+buildGoModule rec {
+  pname = "prosody-filer";
+  version = "unstable-2021-05-24";
+
+  vendorSha256 = "05spkks77x88kc31c1zdg1cbf9ijymjs7qzmhg4c6lql5p2h5fbd";
+
+  src = fetchFromGitHub {
+    owner = "ThomasLeister";
+    repo = "prosody-filer";
+    rev = "c65edd199b47dc505366c85b3702230fda797cd6";
+    sha256 = "0h6vp5flgy4wwmzhs6pf6qkk2j4ah8w919dwhfsq4wdpqs78kc0y";
+  };
+
+  doCheck = false;
+
+  meta = with lib; {
+    homepage = "https://github.com/ThomasLeister/prosody-filer";
+    maintainers = with maintainers; [ abbradar ];
+    license = licenses.mit;
+    platforms = platforms.linux;
+    description = "A simple file server for handling XMPP http_upload requests";
+ };
+}
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -20945,6 +20945,8 @@ with pkgs;
    withExtraLibs = [];
  };

+  prosody-filer = callPackage ../servers/xmpp/prosody-filer { };
+
  biboumi = callPackage ../servers/xmpp/biboumi { };

  elasticmq-server-bin = callPackage ../servers/elasticmq-server-bin {