From dc7ed066152f88ca5f9928db6165f62bf4f957b5 Mon Sep 17 00:00:00 2001 From: dadada Date: Sun, 29 Mar 2020 22:39:14 +0200 Subject: [PATCH 1/9] nixos/dokuwiki: add option Enables multi-site configurations. This break compatibility with prior configurations that expect options for a single dokuwiki instance in `services.dokuwiki`. --- nixos/modules/services/web-apps/dokuwiki.nix | 152 ++++++++++++------- nixos/tests/dokuwiki.nix | 49 +++--- 2 files changed, 125 insertions(+), 76 deletions(-) diff --git a/nixos/modules/services/web-apps/dokuwiki.nix b/nixos/modules/services/web-apps/dokuwiki.nix index 07af7aa0dfec..df0a5787f154 100644 --- a/nixos/modules/services/web-apps/dokuwiki.nix +++ b/nixos/modules/services/web-apps/dokuwiki.nix @@ -3,13 +3,15 @@ let inherit (lib) mkEnableOption mkForce mkIf mkMerge mkOption optionalAttrs recursiveUpdate types; + inherit (lib) flatten mapAttrs mapAttrs' mapAttrsToList nameValuePair; - cfg = config.services.dokuwiki; + eachSite = config.services.dokuwiki; + stateDir = cfg: "/var/lib/dokuwiki/${cfg.hostName}"; user = config.services.nginx.user; group = config.services.nginx.group; - dokuwikiAclAuthConfig = pkgs.writeText "acl.auth.php" '' + dokuwikiAclAuthConfig = cfg: pkgs.writeText "acl.auth.php" '' # acl.auth.php # # @@ -18,24 +20,50 @@ let ${toString cfg.acl} ''; - dokuwikiLocalConfig = pkgs.writeText "local.php" '' + dokuwikiLocalConfig = cfg: pkgs.writeText "local.php" '' (cfg.acl != null || cfg.aclFile != null); - message = "Either services.dokuwiki.acl or services.dokuwiki.aclFile is mandatory when aclUse is true"; - } - { - assertion = cfg.usersFile != null -> cfg.aclUse != false; - message = "services.dokuwiki.aclUse must be true when usersFile is not null"; - } - ]; + assertions = flatten (mapAttrsToList (hostName: cfg: + [{ + assertion = cfg.aclUse -> (cfg.acl != null || cfg.aclFile != null); + message = "Either services.dokuwiki.${hostName}.acl or services.dokuwiki.${hostName}.aclFile is mandatory when aclUse is true"; + } + { + assertion = cfg.usersFile != null -> cfg.aclUse != false; + message = "services.dokuwiki.${hostName}.aclUse must be true when usersFile is not null"; + }]) eachSite); - services.phpfpm.pools.dokuwiki = { - inherit user; - inherit group; - phpEnv = { - DOKUWIKI_LOCAL_CONFIG = "${dokuwikiLocalConfig}"; - DOKUWIKI_PLUGINS_LOCAL_CONFIG = "${dokuwikiPluginsLocalConfig}"; - } //optionalAttrs (cfg.usersFile != null) { - DOKUWIKI_USERS_AUTH_CONFIG = "${cfg.usersFile}"; - } //optionalAttrs (cfg.aclUse) { - DOKUWIKI_ACL_AUTH_CONFIG = if (cfg.acl != null) then "${dokuwikiAclAuthConfig}" else "${toString cfg.aclFile}"; - }; - - settings = { - "listen.mode" = "0660"; - "listen.owner" = user; - "listen.group" = group; - } // cfg.poolConfig; - }; + services.phpfpm.pools = mapAttrs' (hostName: cfg: ( + nameValuePair "dokuwiki-${hostName}" { + inherit user; + inherit group; + phpEnv = { + DOKUWIKI_LOCAL_CONFIG = "${dokuwikiLocalConfig cfg}"; + DOKUWIKI_PLUGINS_LOCAL_CONFIG = "${dokuwikiPluginsLocalConfig cfg}"; + } //optionalAttrs (cfg.usersFile != null) { + DOKUWIKI_USERS_AUTH_CONFIG = "${cfg.usersFile}"; + } //optionalAttrs (cfg.aclUse) { + DOKUWIKI_ACL_AUTH_CONFIG = if (cfg.acl != null) then "${dokuwikiAclAuthConfig cfg}" else "${toString cfg.aclFile}"; + }; + + settings = { + "listen.mode" = "0660"; + "listen.owner" = user; + "listen.group" = group; + } // cfg.poolConfig; + })) eachSite; services.nginx = { enable = true; - virtualHosts = { - ${cfg.hostName} = mkMerge [ cfg.nginx { - root = mkForce "${pkgs.dokuwiki}/share/dokuwiki/"; + virtualHosts = mapAttrs (hostName: cfg: mkMerge [ cfg.nginx { + root = mkForce "${pkg hostName cfg}/share/dokuwiki/"; extraConfig = "fastcgi_param HTTPS on;"; locations."~ /(conf/|bin/|inc/|install.php)" = { @@ -246,27 +284,25 @@ in include ${pkgs.nginx}/conf/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param REDIRECT_STATUS 200; - fastcgi_pass unix:${config.services.phpfpm.pools.dokuwiki.socket}; + fastcgi_pass unix:${config.services.phpfpm.pools."dokuwiki-${hostName}".socket}; fastcgi_param HTTPS on; ''; }; - }]; + }]) eachSite; }; - }; - - systemd.tmpfiles.rules = [ - "d ${cfg.stateDir}/attic 0750 ${user} ${group} - -" - "d ${cfg.stateDir}/cache 0750 ${user} ${group} - -" - "d ${cfg.stateDir}/index 0750 ${user} ${group} - -" - "d ${cfg.stateDir}/locks 0750 ${user} ${group} - -" - "d ${cfg.stateDir}/media 0750 ${user} ${group} - -" - "d ${cfg.stateDir}/media_attic 0750 ${user} ${group} - -" - "d ${cfg.stateDir}/media_meta 0750 ${user} ${group} - -" - "d ${cfg.stateDir}/meta 0750 ${user} ${group} - -" - "d ${cfg.stateDir}/pages 0750 ${user} ${group} - -" - "d ${cfg.stateDir}/tmp 0750 ${user} ${group} - -" - ]; + systemd.tmpfiles.rules = flatten (mapAttrsToList (hostName: cfg: [ + "d ${stateDir cfg}/attic 0750 ${user} ${group} - -" + "d ${stateDir cfg}/cache 0750 ${user} ${group} - -" + "d ${stateDir cfg}/index 0750 ${user} ${group} - -" + "d ${stateDir cfg}/locks 0750 ${user} ${group} - -" + "d ${stateDir cfg}/media 0750 ${user} ${group} - -" + "d ${stateDir cfg}/media_attic 0750 ${user} ${group} - -" + "d ${stateDir cfg}/media_meta 0750 ${user} ${group} - -" + "d ${stateDir cfg}/meta 0750 ${user} ${group} - -" + "d ${stateDir cfg}/pages 0750 ${user} ${group} - -" + "d ${stateDir cfg}/tmp 0750 ${user} ${group} - -" + ]) eachSite); }; } diff --git a/nixos/tests/dokuwiki.nix b/nixos/tests/dokuwiki.nix index 38bde10f47ed..65d2677dd3ab 100644 --- a/nixos/tests/dokuwiki.nix +++ b/nixos/tests/dokuwiki.nix @@ -1,29 +1,42 @@ -import ./make-test-python.nix ({ lib, ... }: - -with lib; +import ./make-test-python.nix ({ pkgs, ... }: { name = "dokuwiki"; - meta.maintainers = with maintainers; [ maintainers."1000101" ]; + meta.maintainers = with pkgs.lib.maintainers; [ "1000101" ]; - nodes.machine = - { pkgs, ... }: - { services.dokuwiki = { - enable = true; - acl = " "; - superUser = null; - nginx = { - forceSSL = false; - enableACME = false; - }; - }; + machine = { ... }: { + services.dokuwiki."site1.local" = { + acl = " "; + superUser = null; + nginx = { + forceSSL = false; + enableACME = false; + }; }; + services.dokuwiki."site2.local" = { + acl = " "; + superUser = null; + nginx = { + forceSSL = false; + enableACME = false; + }; + }; + networking.hosts."127.0.0.1" = [ "site1.local" "site2.local" ]; + }; testScript = '' - machine.start() - machine.wait_for_unit("phpfpm-dokuwiki.service") + site_names = ["site1.local", "site2.local"] + + start_all() + + machine.wait_for_unit("phpfpm-dokuwiki-site1.local.service") + machine.wait_for_unit("phpfpm-dokuwiki-site2.local.service") + machine.wait_for_unit("nginx.service") + machine.wait_for_open_port(80) - machine.succeed("curl -sSfL http://localhost/ | grep 'DokuWiki'") + + machine.succeed("curl -sSfL http://site1.local/ | grep 'DokuWiki'") + machine.succeed("curl -sSfL http://site2.local/ | grep 'DokuWiki'") ''; }) From 71baf4801c6918bcbac976bd68e502d89d90ddfc Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 30 Mar 2020 13:00:35 +0200 Subject: [PATCH 2/9] nixos/dokuwiki: refactor --- nixos/modules/services/web-apps/dokuwiki.nix | 321 +++++++++---------- 1 file changed, 159 insertions(+), 162 deletions(-) diff --git a/nixos/modules/services/web-apps/dokuwiki.nix b/nixos/modules/services/web-apps/dokuwiki.nix index df0a5787f154..6378cf6507c4 100644 --- a/nixos/modules/services/web-apps/dokuwiki.nix +++ b/nixos/modules/services/web-apps/dokuwiki.nix @@ -53,148 +53,147 @@ let ''; }; - siteOpts = {lib, name, ...}: - { - options = { - enable = mkEnableOption "DokuWiki web application."; + siteOpts = {lib, name, ...}: { + options = { + enable = mkEnableOption "DokuWiki web application."; - package = mkOption { - type = types.package; - default = pkgs.dokuwiki; - description = "Which dokuwiki package to use."; - }; + package = mkOption { + type = types.package; + default = pkgs.dokuwiki; + description = "Which dokuwiki package to use."; + }; - hostName = mkOption { - type = types.str; - default = "localhost"; - description = "FQDN for the instance."; - }; + hostName = mkOption { + type = types.str; + default = "localhost"; + description = "FQDN for the instance."; + }; - stateDir = mkOption { - type = types.path; - default = "/var/lib/dokuwiki/${name}/data"; - description = "Location of the dokuwiki state directory."; - }; + stateDir = mkOption { + type = types.path; + default = "/var/lib/dokuwiki/${name}/data"; + description = "Location of the dokuwiki state directory."; + }; - acl = mkOption { - type = types.nullOr types.lines; - default = null; - example = "* @ALL 8"; - description = '' - Access Control Lists: see - Mutually exclusive with services.dokuwiki.aclFile - Set this to a value other than null to take precedence over aclFile option. - ''; - }; - - aclFile = mkOption { - type = types.nullOr types.path; - default = null; - description = '' - Location of the dokuwiki acl rules. Mutually exclusive with services.dokuwiki.acl - Mutually exclusive with services.dokuwiki.acl which is preferred. - Consult documentation for further instructions. - Example: - ''; - }; - - aclUse = mkOption { - type = types.bool; - default = true; - description = '' - Necessary for users to log in into the system. - Also limits anonymous users. When disabled, - everyone is able to create and edit content. - ''; - }; - - pluginsConfig = mkOption { - type = types.lines; - default = '' - $plugins['authad'] = 0; - $plugins['authldap'] = 0; - $plugins['authmysql'] = 0; - $plugins['authpgsql'] = 0; - ''; - description = '' - List of the dokuwiki (un)loaded plugins. - ''; - }; - - superUser = mkOption { - type = types.nullOr types.str; - default = "@admin"; - description = '' - You can set either a username, a list of usernames (“admin1,admin2”), - or the name of a group by prepending an @ char to the groupname - Consult documentation for further instructions. - ''; - }; - - usersFile = mkOption { - type = types.nullOr types.path; - default = null; - description = '' - Location of the dokuwiki users file. List of users. Format: - login:passwordhash:Real Name:email:groups,comma,separated - Create passwordHash easily by using:$ mkpasswd -5 password `pwgen 8 1` - Example: + acl = mkOption { + type = types.nullOr types.lines; + default = null; + example = "* @ALL 8"; + description = '' + Access Control Lists: see + Mutually exclusive with services.dokuwiki.aclFile + Set this to a value other than null to take precedence over aclFile option. ''; - }; - - extraConfig = mkOption { - type = types.nullOr types.lines; - default = null; - example = '' - $conf['title'] = 'My Wiki'; - $conf['userewrite'] = 1; - ''; - description = '' - DokuWiki configuration. Refer to - - for details on supported values. - ''; - }; - - poolConfig = mkOption { - type = with types; attrsOf (oneOf [ str int bool ]); - default = { - "pm" = "dynamic"; - "pm.max_children" = 32; - "pm.start_servers" = 2; - "pm.min_spare_servers" = 2; - "pm.max_spare_servers" = 4; - "pm.max_requests" = 500; }; - description = '' - Options for the dokuwiki PHP pool. See the documentation on php-fpm.conf - for details on configuration directives. - ''; - }; - nginx = mkOption { - type = types.submodule ( - recursiveUpdate - (import ../web-servers/nginx/vhost-options.nix { inherit config lib; }) - { - # Enable encryption by default, - options.forceSSL.default = true; - options.enableACME.default = true; - } - ); - default = {forceSSL = true; enableACME = true;}; - example = { - serverAliases = [ - "wiki.\${config.networking.domain}" - ]; - enableACME = false; + aclFile = mkOption { + type = types.nullOr types.path; + default = null; + description = '' + Location of the dokuwiki acl rules. Mutually exclusive with services.dokuwiki.acl + Mutually exclusive with services.dokuwiki.acl which is preferred. + Consult documentation for further instructions. + Example: + ''; + }; + + aclUse = mkOption { + type = types.bool; + default = true; + description = '' + Necessary for users to log in into the system. + Also limits anonymous users. When disabled, + everyone is able to create and edit content. + ''; + }; + + pluginsConfig = mkOption { + type = types.lines; + default = '' + $plugins['authad'] = 0; + $plugins['authldap'] = 0; + $plugins['authmysql'] = 0; + $plugins['authpgsql'] = 0; + ''; + description = '' + List of the dokuwiki (un)loaded plugins. + ''; + }; + + superUser = mkOption { + type = types.nullOr types.str; + default = "@admin"; + description = '' + You can set either a username, a list of usernames (“admin1,admin2”), + or the name of a group by prepending an @ char to the groupname + Consult documentation for further instructions. + ''; + }; + + usersFile = mkOption { + type = types.nullOr types.path; + default = null; + description = '' + Location of the dokuwiki users file. List of users. Format: + login:passwordhash:Real Name:email:groups,comma,separated + Create passwordHash easily by using:$ mkpasswd -5 password `pwgen 8 1` + Example: + ''; + }; + + extraConfig = mkOption { + type = types.nullOr types.lines; + default = null; + example = '' + $conf['title'] = 'My Wiki'; + $conf['userewrite'] = 1; + ''; + description = '' + DokuWiki configuration. Refer to + + for details on supported values. + ''; + }; + + poolConfig = mkOption { + type = with types; attrsOf (oneOf [ str int bool ]); + default = { + "pm" = "dynamic"; + "pm.max_children" = 32; + "pm.start_servers" = 2; + "pm.min_spare_servers" = 2; + "pm.max_spare_servers" = 4; + "pm.max_requests" = 500; + }; + description = '' + Options for the dokuwiki PHP pool. See the documentation on php-fpm.conf + for details on configuration directives. + ''; + }; + + nginx = mkOption { + type = types.submodule ( + recursiveUpdate + (import ../web-servers/nginx/vhost-options.nix { inherit config lib; }) + { + # Enable encryption by default, + options.forceSSL.default = true; + options.enableACME.default = true; + } + ); + default = {forceSSL = true; enableACME = true;}; + example = { + serverAliases = [ + "wiki.\${config.networking.domain}" + ]; + enableACME = false; + }; + description = '' + With this option, you can customize the nginx virtualHost which already has sensible defaults for DokuWiki. + ''; }; - description = '' - With this option, you can customize the nginx virtualHost which already has sensible defaults for DokuWiki. - ''; }; }; - }; in { # interface @@ -244,52 +243,51 @@ in services.nginx = { enable = true; - - virtualHosts = mapAttrs (hostName: cfg: mkMerge [ cfg.nginx { - root = mkForce "${pkg hostName cfg}/share/dokuwiki/"; - extraConfig = "fastcgi_param HTTPS on;"; + virtualHosts = mapAttrs (hostName: cfg: mkMerge [ cfg.nginx { + root = mkForce "${pkg hostName cfg}/share/dokuwiki/"; + extraConfig = "fastcgi_param HTTPS on;"; - locations."~ /(conf/|bin/|inc/|install.php)" = { - extraConfig = "deny all;"; - }; + locations."~ /(conf/|bin/|inc/|install.php)" = { + extraConfig = "deny all;"; + }; - locations."~ ^/data/" = { - root = "${cfg.stateDir}"; - extraConfig = "internal;"; - }; + locations."~ ^/data/" = { + root = "${cfg.stateDir}"; + extraConfig = "internal;"; + }; - locations."~ ^/lib.*\.(js|css|gif|png|ico|jpg|jpeg)$" = { - extraConfig = "expires 365d;"; - }; + locations."~ ^/lib.*\.(js|css|gif|png|ico|jpg|jpeg)$" = { + extraConfig = "expires 365d;"; + }; - locations."/" = { - priority = 1; - index = "doku.php"; - extraConfig = ''try_files $uri $uri/ @dokuwiki;''; - }; + locations."/" = { + priority = 1; + index = "doku.php"; + extraConfig = ''try_files $uri $uri/ @dokuwiki;''; + }; - locations."@dokuwiki" = { - extraConfig = '' + locations."@dokuwiki" = { + extraConfig = '' # rewrites "doku.php/" out of the URLs if you set the userwrite setting to .htaccess in dokuwiki config page rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; rewrite ^/(.*) /doku.php?id=$1&$args last; - ''; - }; + ''; + }; - locations."~ \.php$" = { - extraConfig = '' + locations."~ \.php$" = { + extraConfig = '' try_files $uri $uri/ /doku.php; include ${pkgs.nginx}/conf/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param REDIRECT_STATUS 200; fastcgi_pass unix:${config.services.phpfpm.pools."dokuwiki-${hostName}".socket}; fastcgi_param HTTPS on; - ''; - }; - }]) eachSite; - }; + ''; + }; + }]) eachSite; + }; systemd.tmpfiles.rules = flatten (mapAttrsToList (hostName: cfg: [ "d ${stateDir cfg}/attic 0750 ${user} ${group} - -" @@ -303,6 +301,5 @@ in "d ${stateDir cfg}/pages 0750 ${user} ${group} - -" "d ${stateDir cfg}/tmp 0750 ${user} ${group} - -" ]) eachSite); - }; } From af6a7a04869889b470c4dad6e0adc57482818d3a Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 30 Mar 2020 13:08:16 +0200 Subject: [PATCH 3/9] nixos/dokuwiki: add plugins and templates options Adds support for additional plugins and templates similarly to how wordpress.nix does it. Plugins and templates need to be packaged as in the example. --- nixos/modules/services/web-apps/dokuwiki.nix | 61 +++++++++++++++++++- nixos/tests/dokuwiki.nix | 38 +++++++++++- 2 files changed, 95 insertions(+), 4 deletions(-) diff --git a/nixos/modules/services/web-apps/dokuwiki.nix b/nixos/modules/services/web-apps/dokuwiki.nix index 6378cf6507c4..7587c744ad51 100644 --- a/nixos/modules/services/web-apps/dokuwiki.nix +++ b/nixos/modules/services/web-apps/dokuwiki.nix @@ -3,7 +3,7 @@ let inherit (lib) mkEnableOption mkForce mkIf mkMerge mkOption optionalAttrs recursiveUpdate types; - inherit (lib) flatten mapAttrs mapAttrs' mapAttrsToList nameValuePair; + inherit (lib) concatMapStringsSep flatten mapAttrs mapAttrs' mapAttrsToList nameValuePair concatMapStringSep; eachSite = config.services.dokuwiki; stateDir = cfg: "/var/lib/dokuwiki/${cfg.hostName}"; @@ -50,6 +50,10 @@ let # symlink acl ln -s ${dokuwikiAclAuthConfig cfg} $out/share/dokuwiki/acl.auth.php + + # symlink additional plugin(s) and templates(s) + ${concatMapStringsSep "\n" (template: "ln -s ${template} $out/share/dokuwiki/lib/tpl/${template.name}") cfg.templates} + ${concatMapStringsSep "\n" (plugin: "ln -s ${plugin} $out/share/dokuwiki/lib/plugins/${plugin.name}") cfg.plugins} ''; }; @@ -155,6 +159,61 @@ let ''; }; + plugins = mkOption { + type = types.listOf types.path; + default = []; + description = '' + List of path(s) to respective plugin(s) which are copied from the 'plugin' directory. + These plugins need to be packaged before use, see example. + ''; + example = '' + # Let's package the icalevents plugin + plugin-icalevents = pkgs.stdenv.mkDerivation { + name = "icalevents"; + # Download the plugin from the dokuwiki site + src = pkgs.fetchurl { + url = https://github.com/real-or-random/dokuwiki-plugin-icalevents/releases/download/2017-06-16/dokuwiki-plugin-icalevents-2017-06-16.zip; + sha256 = "e40ed7dd6bbe7fe3363bbbecb4de481d5e42385b5a0f62f6a6ce6bf3a1f9dfa8"; + }; + sourceRoot = "."; + # We need unzip to build this package + buildInputs = [ pkgs.unzip ]; + # Installing simply means copying all files to the output directory + installPhase = "mkdir -p $out; cp -R * $out/"; + }; + + # And then pass this theme to the plugin list like this: + plugins = [ plugin-icalevents ]; + ''; + }; + + templates = mkOption { + type = types.listOf types.path; + default = []; + description = '' + List of path(s) to respective template(s) which are copied from the 'tpl' directory. + These templates need to be packaged before use, see example. + ''; + example = '' + # Let's package the bootstrap3 theme + template-bootstrap3 = pkgs.stdenv.mkDerivation { + name = "bootstrap3"; + # Download the theme from the dokuwiki site + src = pkgs.fetchurl { + url = https://github.com/giterlizzi/dokuwiki-template-bootstrap3/archive/v2019-05-22.zip; + sha256 = "4de5ff31d54dd61bbccaf092c9e74c1af3a4c53e07aa59f60457a8f00cfb23a6"; + }; + # We need unzip to build this package + buildInputs = [ pkgs.unzip ]; + # Installing simply means copying all files to the output directory + installPhase = "mkdir -p $out; cp -R * $out/"; + }; + + # And then pass this theme to the template list like this: + templates = [ template-bootstrap3 ]; + ''; + }; + poolConfig = mkOption { type = with types; attrsOf (oneOf [ str int bool ]); default = { diff --git a/nixos/tests/dokuwiki.nix b/nixos/tests/dokuwiki.nix index 65d2677dd3ab..62d8ec9f0b1c 100644 --- a/nixos/tests/dokuwiki.nix +++ b/nixos/tests/dokuwiki.nix @@ -1,13 +1,43 @@ import ./make-test-python.nix ({ pkgs, ... }: -{ +let + template-bootstrap3 = pkgs.stdenv.mkDerivation { + name = "bootstrap3"; + # Download the theme from the dokuwiki site + src = pkgs.fetchurl { + url = https://github.com/giterlizzi/dokuwiki-template-bootstrap3/archive/v2019-05-22.zip; + sha256 = "4de5ff31d54dd61bbccaf092c9e74c1af3a4c53e07aa59f60457a8f00cfb23a6"; + }; + # We need unzip to build this package + buildInputs = [ pkgs.unzip ]; + # Installing simply means copying all files to the output directory + installPhase = "mkdir -p $out; cp -R * $out/"; + }; + + + # Let's package the icalevents plugin + plugin-icalevents = pkgs.stdenv.mkDerivation { + name = "icalevents"; + # Download the plugin from the dokuwiki site + src = pkgs.fetchurl { + url = https://github.com/real-or-random/dokuwiki-plugin-icalevents/releases/download/2017-06-16/dokuwiki-plugin-icalevents-2017-06-16.zip; + sha256 = "e40ed7dd6bbe7fe3363bbbecb4de481d5e42385b5a0f62f6a6ce6bf3a1f9dfa8"; + }; + # We need unzip to build this package + buildInputs = [ pkgs.unzip ]; + sourceRoot = "."; + # Installing simply means copying all files to the output directory + installPhase = "mkdir -p $out; cp -R * $out/"; + }; + +in { name = "dokuwiki"; meta.maintainers = with pkgs.lib.maintainers; [ "1000101" ]; machine = { ... }: { services.dokuwiki."site1.local" = { acl = " "; - superUser = null; + superUser = "admin"; nginx = { forceSSL = false; enableACME = false; @@ -15,11 +45,13 @@ import ./make-test-python.nix ({ pkgs, ... }: }; services.dokuwiki."site2.local" = { acl = " "; - superUser = null; + superUser = "admin"; nginx = { forceSSL = false; enableACME = false; }; + templates = [ template-bootstrap3 ]; + plugins = [ plugin-icalevents ]; }; networking.hosts."127.0.0.1" = [ "site1.local" "site2.local" ]; }; From 0228046eec7ce930d6532e205ad92435a2983f98 Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 30 Mar 2020 20:50:32 +0200 Subject: [PATCH 4/9] nixos/dokuwiki: add assertion for usersFile --- nixos/modules/services/web-apps/dokuwiki.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/nixos/modules/services/web-apps/dokuwiki.nix b/nixos/modules/services/web-apps/dokuwiki.nix index 7587c744ad51..fa7462a97bdb 100644 --- a/nixos/modules/services/web-apps/dokuwiki.nix +++ b/nixos/modules/services/web-apps/dokuwiki.nix @@ -278,6 +278,10 @@ in { assertion = cfg.usersFile != null -> cfg.aclUse != false; message = "services.dokuwiki.${hostName}.aclUse must be true when usersFile is not null"; + } + { + assertion = cfg.aclUse -> cfg.usersFile != null; + message = "services.dokuwiki.${hostName}.usersFile must be set if aclUse is true"; }]) eachSite); services.phpfpm.pools = mapAttrs' (hostName: cfg: ( From a58dc30d34ebcb2a85e45a0d827497e85339970b Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 30 Mar 2020 22:04:52 +0200 Subject: [PATCH 5/9] nixos/dokuwiki: set default value for usersFile If usersFile is not set, a file is created along the stateDir that can hold the users and supports dynamically adding users using the web GUI. --- nixos/modules/services/web-apps/dokuwiki.nix | 32 +++++++++----------- 1 file changed, 14 insertions(+), 18 deletions(-) diff --git a/nixos/modules/services/web-apps/dokuwiki.nix b/nixos/modules/services/web-apps/dokuwiki.nix index fa7462a97bdb..6670f32c16ac 100644 --- a/nixos/modules/services/web-apps/dokuwiki.nix +++ b/nixos/modules/services/web-apps/dokuwiki.nix @@ -6,7 +6,6 @@ let inherit (lib) concatMapStringsSep flatten mapAttrs mapAttrs' mapAttrsToList nameValuePair concatMapStringSep; eachSite = config.services.dokuwiki; - stateDir = cfg: "/var/lib/dokuwiki/${cfg.hostName}"; user = config.services.nginx.user; group = config.services.nginx.group; @@ -22,7 +21,7 @@ let dokuwikiLocalConfig = cfg: pkgs.writeText "local.php" '' cfg.aclUse != false; message = "services.dokuwiki.${hostName}.aclUse must be true when usersFile is not null"; } - { - assertion = cfg.aclUse -> cfg.usersFile != null; - message = "services.dokuwiki.${hostName}.usersFile must be set if aclUse is true"; - }]) eachSite); + ]) eachSite); services.phpfpm.pools = mapAttrs' (hostName: cfg: ( nameValuePair "dokuwiki-${hostName}" { @@ -291,7 +287,6 @@ in phpEnv = { DOKUWIKI_LOCAL_CONFIG = "${dokuwikiLocalConfig cfg}"; DOKUWIKI_PLUGINS_LOCAL_CONFIG = "${dokuwikiPluginsLocalConfig cfg}"; - } //optionalAttrs (cfg.usersFile != null) { DOKUWIKI_USERS_AUTH_CONFIG = "${cfg.usersFile}"; } //optionalAttrs (cfg.aclUse) { DOKUWIKI_ACL_AUTH_CONFIG = if (cfg.acl != null) then "${dokuwikiAclAuthConfig cfg}" else "${toString cfg.aclFile}"; @@ -353,16 +348,17 @@ in }; systemd.tmpfiles.rules = flatten (mapAttrsToList (hostName: cfg: [ - "d ${stateDir cfg}/attic 0750 ${user} ${group} - -" - "d ${stateDir cfg}/cache 0750 ${user} ${group} - -" - "d ${stateDir cfg}/index 0750 ${user} ${group} - -" - "d ${stateDir cfg}/locks 0750 ${user} ${group} - -" - "d ${stateDir cfg}/media 0750 ${user} ${group} - -" - "d ${stateDir cfg}/media_attic 0750 ${user} ${group} - -" - "d ${stateDir cfg}/media_meta 0750 ${user} ${group} - -" - "d ${stateDir cfg}/meta 0750 ${user} ${group} - -" - "d ${stateDir cfg}/pages 0750 ${user} ${group} - -" - "d ${stateDir cfg}/tmp 0750 ${user} ${group} - -" + "d ${cfg.stateDir}/attic 0750 ${user} ${group} - -" + "d ${cfg.stateDir}/cache 0750 ${user} ${group} - -" + "d ${cfg.stateDir}/index 0750 ${user} ${group} - -" + "d ${cfg.stateDir}/locks 0750 ${user} ${group} - -" + "d ${cfg.stateDir}/media 0750 ${user} ${group} - -" + "d ${cfg.stateDir}/media_attic 0750 ${user} ${group} - -" + "d ${cfg.stateDir}/media_meta 0750 ${user} ${group} - -" + "d ${cfg.stateDir}/meta 0750 ${user} ${group} - -" + "d ${cfg.stateDir}/pages 0750 ${user} ${group} - -" + "d ${cfg.stateDir}/tmp 0750 ${user} ${group} - -" + "f ${cfg.usersFile} 0640 ${user} ${group} - ${pkg hostName cfg}/conf/users.auth.php.dist" ]) eachSite); }; } From 2e699f1db11ff53ece663d0f7c28e37cfb894fff Mon Sep 17 00:00:00 2001 From: dadada Date: Mon, 30 Mar 2020 22:21:28 +0200 Subject: [PATCH 6/9] nixos/dokuwiki: add option disableActions --- nixos/modules/services/web-apps/dokuwiki.nix | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/nixos/modules/services/web-apps/dokuwiki.nix b/nixos/modules/services/web-apps/dokuwiki.nix index 6670f32c16ac..d6bd2526509b 100644 --- a/nixos/modules/services/web-apps/dokuwiki.nix +++ b/nixos/modules/services/web-apps/dokuwiki.nix @@ -24,6 +24,7 @@ let $conf['savedir'] = '${cfg.stateDir}'; $conf['superuser'] = '${toString cfg.superUser}'; $conf['useacl'] = '${toString cfg.aclUse}'; + $conf['disableactions'] = '${cfg.disableActions}'; ${toString cfg.extraConfig} ''; @@ -144,6 +145,17 @@ let ''; }; + disableActions = mkOption { + type = types.nullOr types.str; + default = ""; + example = "search,register"; + description = '' + Disable individual action modes. Refer to + + for details on supported values. + ''; + }; + extraConfig = mkOption { type = types.nullOr types.lines; default = null; @@ -358,7 +370,7 @@ in "d ${cfg.stateDir}/meta 0750 ${user} ${group} - -" "d ${cfg.stateDir}/pages 0750 ${user} ${group} - -" "d ${cfg.stateDir}/tmp 0750 ${user} ${group} - -" - "f ${cfg.usersFile} 0640 ${user} ${group} - ${pkg hostName cfg}/conf/users.auth.php.dist" + "C ${cfg.usersFile} 0640 ${user} ${group} - ${pkg hostName cfg}/share/dokuwiki/conf/users.auth.php.dist" ]) eachSite); }; } From 2b67a89f2900d5089e2992bce8be2e94c130b107 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 4 Apr 2020 12:46:50 +0200 Subject: [PATCH 7/9] nixos/dokuwiki: dokuwiki user --- nixos/modules/services/web-apps/dokuwiki.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/nixos/modules/services/web-apps/dokuwiki.nix b/nixos/modules/services/web-apps/dokuwiki.nix index d6bd2526509b..c3402ee77fa4 100644 --- a/nixos/modules/services/web-apps/dokuwiki.nix +++ b/nixos/modules/services/web-apps/dokuwiki.nix @@ -7,7 +7,7 @@ let eachSite = config.services.dokuwiki; - user = config.services.nginx.user; + user = "dokuwiki"; group = config.services.nginx.group; dokuwikiAclAuthConfig = cfg: pkgs.writeText "acl.auth.php" '' @@ -372,5 +372,10 @@ in "d ${cfg.stateDir}/tmp 0750 ${user} ${group} - -" "C ${cfg.usersFile} 0640 ${user} ${group} - ${pkg hostName cfg}/share/dokuwiki/conf/users.auth.php.dist" ]) eachSite); + + users.users.${user} = { + group = group; + isSystemUser = true; + }; }; } From 9460fb578880de9a10815001c7587bf211e95562 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 4 Apr 2020 14:01:23 +0200 Subject: [PATCH 8/9] nixos/dokuwiki: modify usersFile and aclFile Use types.str instead of types.path to exclude private information from the derivation. Add a warinig about the contents of acl beeing included in the nix store. --- nixos/modules/services/web-apps/dokuwiki.nix | 23 +++++++++++++------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/nixos/modules/services/web-apps/dokuwiki.nix b/nixos/modules/services/web-apps/dokuwiki.nix index c3402ee77fa4..e3597ef3c39c 100644 --- a/nixos/modules/services/web-apps/dokuwiki.nix +++ b/nixos/modules/services/web-apps/dokuwiki.nix @@ -87,11 +87,14 @@ let Access Control Lists: see Mutually exclusive with services.dokuwiki.aclFile Set this to a value other than null to take precedence over aclFile option. + + Warning: Consider using aclFile instead if you do not + want to store the ACL in the world-readable Nix store. ''; }; aclFile = mkOption { - type = types.nullOr types.path; + type = with types; nullOr str; default = null; description = '' Location of the dokuwiki acl rules. Mutually exclusive with services.dokuwiki.acl @@ -99,6 +102,7 @@ let Consult documentation for further instructions. Example: ''; + example = "/var/lib/dokuwiki/${name}/acl.auth.php"; }; aclUse = mkOption { @@ -135,14 +139,15 @@ let }; usersFile = mkOption { - type = types.nullOr types.path; - default = "/var/lib/dokuwiki/${name}/users.php"; + type = with types; nullOr str; + default = null; description = '' Location of the dokuwiki users file. List of users. Format: login:passwordhash:Real Name:email:groups,comma,separated Create passwordHash easily by using:$ mkpasswd -5 password `pwgen 8 1` Example: ''; + example = "/var/lib/dokuwiki/${name}/users.auth.php"; }; disableActions = mkOption { @@ -284,11 +289,11 @@ in assertions = flatten (mapAttrsToList (hostName: cfg: [{ assertion = cfg.aclUse -> (cfg.acl != null || cfg.aclFile != null); - message = "Either services.dokuwiki.${hostName}.acl or services.dokuwiki.${hostName}.aclFile is mandatory when aclUse is true"; + message = "Either services.dokuwiki.${hostName}.acl or services.dokuwiki.${hostName}.aclFile is mandatory if aclUse true"; } { assertion = cfg.usersFile != null -> cfg.aclUse != false; - message = "services.dokuwiki.${hostName}.aclUse must be true when usersFile is not null"; + message = "services.dokuwiki.${hostName}.aclUse must must be true if usersFile is not null"; } ]) eachSite); @@ -299,6 +304,7 @@ in phpEnv = { DOKUWIKI_LOCAL_CONFIG = "${dokuwikiLocalConfig cfg}"; DOKUWIKI_PLUGINS_LOCAL_CONFIG = "${dokuwikiPluginsLocalConfig cfg}"; + } // optionalAttrs (cfg.usersFile != null) { DOKUWIKI_USERS_AUTH_CONFIG = "${cfg.usersFile}"; } //optionalAttrs (cfg.aclUse) { DOKUWIKI_ACL_AUTH_CONFIG = if (cfg.acl != null) then "${dokuwikiAclAuthConfig cfg}" else "${toString cfg.aclFile}"; @@ -314,7 +320,7 @@ in services.nginx = { enable = true; virtualHosts = mapAttrs (hostName: cfg: mkMerge [ cfg.nginx { - root = mkForce "${pkg hostName cfg}/share/dokuwiki/"; + root = mkForce "${pkg hostName cfg}/share/dokuwiki"; extraConfig = "fastcgi_param HTTPS on;"; locations."~ /(conf/|bin/|inc/|install.php)" = { @@ -370,8 +376,9 @@ in "d ${cfg.stateDir}/meta 0750 ${user} ${group} - -" "d ${cfg.stateDir}/pages 0750 ${user} ${group} - -" "d ${cfg.stateDir}/tmp 0750 ${user} ${group} - -" - "C ${cfg.usersFile} 0640 ${user} ${group} - ${pkg hostName cfg}/share/dokuwiki/conf/users.auth.php.dist" - ]) eachSite); + ] ++ lib.optional (cfg.aclFile != null) "C ${cfg.aclFile} 0640 ${user} ${group} - ${pkg hostName cfg}/share/dokuwiki/conf/acl.auth.php.dist" + ++ lib.optional (cfg.usersFile != null) "C ${cfg.usersFile} 0640 ${user} ${group} - ${pkg hostName cfg}/share/dokuwiki/conf/users.auth.php.dist" + ) eachSite); users.users.${user} = { group = group; From 2d86cca35edbac2cba329a59c27630a2131cda91 Mon Sep 17 00:00:00 2001 From: dadada Date: Sat, 18 Apr 2020 11:30:19 +0200 Subject: [PATCH 9/9] nixos/dokuwiki: change default of aclFile and usersFile `aclFile` and `usersFile` will be set to a default value if `aclUse` is specified and aclFile is not overriden by `acl`. --- nixos/modules/services/web-apps/dokuwiki.nix | 6 +++--- nixos/tests/dokuwiki.nix | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/nixos/modules/services/web-apps/dokuwiki.nix b/nixos/modules/services/web-apps/dokuwiki.nix index e3597ef3c39c..76e18266a273 100644 --- a/nixos/modules/services/web-apps/dokuwiki.nix +++ b/nixos/modules/services/web-apps/dokuwiki.nix @@ -57,7 +57,7 @@ let ''; }; - siteOpts = {lib, name, ...}: { + siteOpts = { config, lib, name, ...}: { options = { enable = mkEnableOption "DokuWiki web application."; @@ -95,7 +95,7 @@ let aclFile = mkOption { type = with types; nullOr str; - default = null; + default = if (config.aclUse && config.acl == null) then "/var/lib/dokuwiki/${name}/users.auth.php" else null; description = '' Location of the dokuwiki acl rules. Mutually exclusive with services.dokuwiki.acl Mutually exclusive with services.dokuwiki.acl which is preferred. @@ -140,7 +140,7 @@ let usersFile = mkOption { type = with types; nullOr str; - default = null; + default = if config.aclUse then "/var/lib/dokuwiki/${name}/users.auth.php" else null; description = '' Location of the dokuwiki users file. List of users. Format: login:passwordhash:Real Name:email:groups,comma,separated diff --git a/nixos/tests/dokuwiki.nix b/nixos/tests/dokuwiki.nix index 62d8ec9f0b1c..2b907133ed5a 100644 --- a/nixos/tests/dokuwiki.nix +++ b/nixos/tests/dokuwiki.nix @@ -36,7 +36,7 @@ in { machine = { ... }: { services.dokuwiki."site1.local" = { - acl = " "; + aclUse = false; superUser = "admin"; nginx = { forceSSL = false; @@ -44,7 +44,7 @@ in { }; }; services.dokuwiki."site2.local" = { - acl = " "; + aclUse = true; superUser = "admin"; nginx = { forceSSL = false;