alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity

nixos/limesurvey: init module to replace apache subservice

Browse source
This commit is contained in:
Aaron Andersen 2019-03-06 07:41:18 -05:00
parent d8fd3cf602
commit 5cf98d29e7
4 changed files with 312 additions and 196 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
nixos/doc/manual/release-notes/rl-1909.xml
View file

@ -107,6 +107,29 @@
</itemizedlist>
</section>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-release-19.09-incompatibilities">
<title>Backward Incompatibilities</title>
<para>
When upgrading from a previous release, please be aware of the following
incompatible changes:
</para>
<itemizedlist>
<listitem>
<para>
The limesurvey apache subservice was replaced with a full NixOS module.
One can configure it using the <option>services.limesurvey.enable</option>
and <option>services.limesurvey.virtualHost</option> options.
</para>
</listitem>
</itemizedlist>
</section>
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"

1
nixos/modules/module-list.nix
View file

@ -760,6 +760,7 @@
./services/web-apps/frab.nix
./services/web-apps/icingaweb2/icingaweb2.nix
./services/web-apps/icingaweb2/module-monitoring.nix
./services/web-apps/limesurvey.nix
./services/web-apps/mattermost.nix
./services/web-apps/miniflux.nix
./services/web-apps/nextcloud.nix

288
nixos/modules/services/web-apps/limesurvey.nix Normal file
View file

@ -0,0 +1,288 @@
{ config, lib, pkgs, ... }:
let
inherit (lib) mkDefault mkEnableOption mkForce mkIf mkMerge mkOption;
inherit (lib) mapAttrs optional optionalString types;
cfg = config.services.limesurvey;
user = "limesurvey";
group = config.services.httpd.group;
stateDir = "/var/lib/limesurvey";
php = pkgs.php;
pkg = pkgs.limesurvey;
configType = with types; either (either (attrsOf configType) str) (either int bool) // {
description = "limesurvey config type (str, int, bool or attribute set thereof)";
};
limesurveyConfig = pkgs.writeText "config.php" ''
<?php
return json_decode('${builtins.toJSON cfg.config}', true);
?>
'';
mysqlLocal = cfg.database.createLocally && cfg.database.type == "mysql";
pgsqlLocal = cfg.database.createLocally && cfg.database.type == "pgsql";
in
{
# interface
options.services.limesurvey = {
enable = mkEnableOption "Limesurvey web application.";
database = {
type = mkOption {
type = types.enum [ "mysql" "pgsql" "odbc" "mssql" ];
example = "pgsql";
default = "mysql";
description = "Database engine to use.";
};
host = mkOption {
type = types.str;
default = "localhost";
description = "Database host address.";
};
port = mkOption {
type = types.int;
default = if cfg.database.type == "pgsql" then 5442 else 3306;
defaultText = "3306";
description = "Database host port.";
};
name = mkOption {
type = types.str;
default = "limesurvey";
description = "Database name.";
};
user = mkOption {
type = types.str;
default = "limesurvey";
description = "Database user.";
};
passwordFile = mkOption {
type = types.nullOr types.path;
default = null;
example = "/run/keys/limesurvey-dbpassword";
description = ''
A file containing the password corresponding to
<option>database.user</option>.
'';
};
socket = mkOption {
type = types.nullOr types.path;
default =
if mysqlLocal then "/run/mysqld/mysqld.sock"
else if pgsqlLocal then "/run/postgresql"
else null
;
defaultText = "/run/mysqld/mysqld.sock";
description = "Path to the unix socket file to use for authentication.";
};
createLocally = mkOption {
type = types.bool;
default = cfg.database.type == "mysql";
defaultText = "true";
description = ''
Create the database and database user locally.
This currently only applies if database type "mysql" is selected.
'';
};
};
virtualHost = mkOption {
type = types.submodule ({
options = import ../web-servers/apache-httpd/per-server-options.nix {
inherit lib;
forMainServer = false;
};
});
example = {
hostName = "survey.example.org";
enableSSL = true;
adminAddr = "webmaster@example.org";
sslServerCert = "/var/lib/acme/survey.example.org/full.pem";
sslServerKey = "/var/lib/acme/survey.example.org/key.pem";
};
description = ''
Apache configuration can be done by adapting <literal>services.httpd.virtualHosts.&lt;name&gt;</literal>.
See <xref linkend="opt-services.httpd.virtualHosts"/> for further information.
'';
};
poolConfig = mkOption {
type = types.lines;
default = ''
pm = dynamic
pm.max_children = 32
pm.start_servers = 2
pm.min_spare_servers = 2
pm.max_spare_servers = 4
pm.max_requests = 500
'';
description = ''
Options for LimeSurvey's PHP pool. See the documentation on <literal>php-fpm.conf</literal> for details on configuration directives.
'';
};
config = mkOption {
type = configType;
default = {};
description = ''
LimeSurvey configuration. Refer to
<link xlink:href="https://manual.limesurvey.org/Optional_settings"/>
for details on supported values.
'';
};
};
# implementation
config = mkIf cfg.enable {
assertions = [
{ assertion = cfg.database.createLocally -> cfg.database.type == "mysql";
message = "services.limesurvey.createLocally is currently only supported for database type 'mysql'";
}
{ assertion = cfg.database.createLocally -> cfg.database.user == user;
message = "services.limesurvey.database.user must be set to ${user} if services.limesurvey.database.createLocally is set true";
}
{ assertion = cfg.database.createLocally -> cfg.database.socket != null;
message = "services.limesurvey.database.socket must be set if services.limesurvey.database.createLocally is set to true";
}
{ assertion = cfg.database.createLocally -> cfg.database.passwordFile == null;
message = "a password cannot be specified if services.limesurvey.database.createLocally is set to true";
}
];
services.limesurvey.config = mapAttrs (name: mkDefault) {
runtimePath = "${stateDir}/tmp/runtime";
components = {
db = {
connectionString = "${cfg.database.type}:dbname=${cfg.database.name};host=${if pgsqlLocal then cfg.database.socket else cfg.database.host};port=${toString cfg.database.port}" +
optionalString mysqlLocal ";socket=${cfg.database.socket}";
username = cfg.database.user;
password = mkIf (cfg.database.passwordFile != null) "file_get_contents(\"${toString cfg.database.passwordFile}\");";
tablePrefix = "limesurvey_";
};
assetManager.basePath = "${stateDir}/tmp/assets";
urlManager = {
urlFormat = "path";
showScriptName = false;
};
};
config = {
tempdir = "${stateDir}/tmp";
uploaddir = "${stateDir}/upload";
force_ssl = mkIf cfg.virtualHost.enableSSL "on";
config.defaultlang = "en";
};
};
services.mysql = mkIf mysqlLocal {
enable = true;
package = mkDefault pkgs.mariadb;
ensureDatabases = [ cfg.database.name ];
ensureUsers = [
{ name = cfg.database.user;
ensurePermissions = {
"${cfg.database.name}.*" = "SELECT, CREATE, INSERT, UPDATE, DELETE, ALTER, DROP, INDEX";
};
}
];
};
services.phpfpm.pools.limesurvey = {
phpPackage = php;
listen = "/run/phpfpm/limesurvey.sock";
extraConfig = ''
listen.owner = ${config.services.httpd.user};
listen.group = ${config.services.httpd.group};
user = ${user};
group = ${group};
env[LIMESURVEY_CONFIG] = ${limesurveyConfig}
${cfg.poolConfig}
'';
};
services.httpd = {
enable = true;
adminAddr = mkDefault cfg.virtualHost.adminAddr;
extraModules = [ "proxy_fcgi" ];
virtualHosts = [
(cfg.virtualHost // {
documentRoot = mkForce "${pkg}/share/limesurvey";
extraConfig = ''
Alias "/tmp" "${stateDir}/tmp"
<Directory "${stateDir}">
AllowOverride all
Require all granted
Options -Indexes +FollowSymlinks
</Directory>
Alias "/upload" "${stateDir}/upload"
<Directory "${stateDir}/upload">
AllowOverride all
Require all granted
Options -Indexes
</Directory>
<Directory "${pkg}/share/limesurvey">
<FilesMatch "\.php$">
<If "-f %{REQUEST_FILENAME}">
SetHandler "proxy:unix:/run/phpfpm/limesurvey.sock|fcgi://localhost/"
</If>
</FilesMatch>
AllowOverride all
Options -Indexes
DirectoryIndex index.php
</Directory>
'';
})
];
};
systemd.tmpfiles.rules = [
"d ${stateDir} 0750 ${user} ${group} - -"
"d ${stateDir}/tmp 0750 ${user} ${group} - -"
"d ${stateDir}/tmp/assets 0750 ${user} ${group} - -"
"d ${stateDir}/tmp/runtime 0750 ${user} ${group} - -"
"d ${stateDir}/tmp/upload 0750 ${user} ${group} - -"
"C ${stateDir}/upload 0750 ${user} ${group} - ${pkg}/share/limesurvey/upload"
];
systemd.services.limesurvey-init = {
wantedBy = [ "multi-user.target" ];
before = [ "phpfpm-limesurvey.service" ];
after = optional mysqlLocal "mysql.service" ++ optional pgsqlLocal "postgresql.service";
environment.LIMESURVEY_CONFIG = limesurveyConfig;
script = ''
# update or install the database as required
${php}/bin/php ${pkg}/share/limesurvey/application/commands/console.php updatedb || \
${php}/bin/php ${pkg}/share/limesurvey/application/commands/console.php install admin password admin admin@example.com verbose
'';
serviceConfig = {
User = user;
Group = group;
Type = "oneshot";
};
};
systemd.services.httpd.after = optional mysqlLocal "mysql.service" ++ optional pgsqlLocal "postgresql.service";
users.users."${user}".group = group;
};
}

196
nixos/modules/services/web-servers/apache-httpd/limesurvey.nix
View file

@ -1,196 +0,0 @@
{ config, lib, pkgs, serverInfo, ... }:
with lib;
let
httpd = serverInfo.serverConfig.package;
version24 = !versionOlder httpd.version "2.4";
allGranted = if version24 then ''
Require all granted
'' else ''
Order allow,deny
Allow from all
'';
limesurveyConfig = pkgs.writeText "config.php" ''
<?php
$config = array();
$config['name'] = "${config.siteName}";
$config['runtimePath'] = "${config.dataDir}/tmp/runtime";
$config['components'] = array();
$config['components']['db'] = array();
$config['components']['db']['connectionString'] = '${config.dbType}:host=${config.dbHost};port=${toString config.dbPort};user=${config.dbUser};password=${config.dbPassword};dbname=${config.dbName};';
$config['components']['db']['username'] = '${config.dbUser}';
$config['components']['db']['password'] = '${config.dbPassword}';
$config['components']['db']['charset'] = 'utf-8';
$config['components']['db']['tablePrefix'] = "prefix_";
$config['components']['assetManager'] = array();
$config['components']['assetManager']['basePath'] = '${config.dataDir}/tmp/assets';
$config['config'] = array();
$config['config']['debug'] = 1;
$config['config']['tempdir'] = "${config.dataDir}/tmp";
$config['config']['tempdir'] = "${config.dataDir}/tmp";
$config['config']['uploaddir'] = "${config.dataDir}/upload";
$config['config']['force_ssl'] = '${if config.forceSSL then "on" else ""}';
$config['config']['defaultlang'] = '${config.defaultLang}';
return $config;
?>
'';
limesurveyRoot = "${pkgs.limesurvey}/share/limesurvey/";
in rec {
extraConfig = ''
Alias ${config.urlPrefix}/tmp ${config.dataDir}/tmp
<Directory ${config.dataDir}/tmp>
${allGranted}
Options -Indexes +FollowSymlinks
</Directory>
Alias ${config.urlPrefix}/upload ${config.dataDir}/upload
<Directory ${config.dataDir}/upload>
${allGranted}
Options -Indexes
</Directory>
${if config.urlPrefix != "" then ''
Alias ${config.urlPrefix} ${limesurveyRoot}
'' else ''
RewriteEngine On
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-d
''}
<Directory ${limesurveyRoot}>
DirectoryIndex index.php
</Directory>
'';
globalEnvVars = [
{ name = "LIMESURVEY_CONFIG"; value = limesurveyConfig; }
];
documentRoot = if config.urlPrefix == "" then limesurveyRoot else null;
enablePHP = true;
options = {
id = mkOption {
default = "main";
description = ''
A unique identifier necessary to keep multiple Limesurvey server
instances on the same machine apart. This is used to
disambiguate the administrative scripts, which get names like
mediawiki-$id-change-password.
'';
};
urlPrefix = mkOption {
default = "";
description = "Url prefix for site.";
type = types.str;
};
dbType = mkOption {
default = "pgsql";
description = "Type of database for limesurvey, for now, only pgsql.";
type = types.enum ["pgsql"];
};
dbName = mkOption {
default = "limesurvey";
description = "Name of the database that holds the limesurvey data.";
type = types.str;
};
dbHost = mkOption {
default = "localhost";
description = "Limesurvey database host.";
type = types.str;
};
dbPort = mkOption {
default = 5432;
description = "Limesurvey database port.";
type = types.int;
};
dbUser = mkOption {
default = "limesurvey";
description = "Limesurvey database user.";
type = types.str;
};
dbPassword = mkOption {
example = "foobar";
description = "Limesurvey database password.";
type = types.str;
};
adminUser = mkOption {
description = "Limesurvey admin username.";
default = "admin";
type = types.str;
};
adminPassword = mkOption {
description = "Default limesurvey admin password.";
default = "admin";
type = types.str;
};
adminEmail = mkOption {
description = "Limesurvey admin email.";
default = "admin@admin.com";
type = types.str;
};
forceSSL = mkOption {
default = false;
description = "Force use of HTTPS connection.";
type = types.bool;
};
siteName = mkOption {
default = "LimeSurvey";
description = "LimeSurvey name of the site.";
type = types.str;
};
defaultLang = mkOption {
default = "en";
description = "LimeSurvey default language.";
type = types.str;
};
dataDir = mkOption {
default = "/var/lib/limesurvey";
description = "LimeSurvey data directory.";
type = types.path;
};
};
startupScript = pkgs.writeScript "limesurvey_startup.sh" ''
if [ ! -f ${config.dataDir}/.created ]; then
mkdir -p ${config.dataDir}/{tmp/runtime,tmp/assets,tmp/upload,upload}
chmod -R ug+rw ${config.dataDir}
chmod -R o-rwx ${config.dataDir}
chown -R wwwrun:wwwrun ${config.dataDir}
${pkgs.postgresql}/bin/createuser --no-superuser --no-createdb --no-createrole "${config.dbUser}" || true
${pkgs.postgresql}/bin/createdb "${config.dbName}" -O "${config.dbUser}" || true
${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/psql -U postgres -d postgres -c "alter user ${config.dbUser} with password '${config.dbPassword}';" || true
${pkgs.limesurvey}/bin/limesurvey-console install '${config.adminUser}' '${config.adminPassword}' '${config.adminUser}' '${config.adminEmail}'
touch ${config.dataDir}/.created
fi
'';
}