diff options
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-1803.xml | 7 | ||||
| -rw-r--r-- | nixos/modules/misc/ids.nix | 4 | ||||
| -rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/services/web-apps/pump.io-configure.js | 23 | ||||
| -rw-r--r-- | nixos/modules/services/web-apps/pump.io.nix | 438 | ||||
| -rw-r--r-- | nixos/release.nix | 1 | ||||
| -rw-r--r-- | nixos/tests/pump.io.nix | 89 |
7 files changed, 9 insertions, 554 deletions
diff --git a/nixos/doc/manual/release-notes/rl-1803.xml b/nixos/doc/manual/release-notes/rl-1803.xml index ee4a54aa46c8..b755245a69fb 100644 --- a/nixos/doc/manual/release-notes/rl-1803.xml +++ b/nixos/doc/manual/release-notes/rl-1803.xml @@ -315,6 +315,13 @@ following incompatible changes:</para> <literal>nodejs-4_x</literal>, <literal>nodejs-slim-4_x</literal> and <literal>nodePackages_4_x</literal> are removed. </para> </listitem> + <listitem> + <para> + The <literal>pump.io</literal> NixOS module was removed. + It is now maintained as an + <link xlink:href="https://github.com/rvl/pump.io-nixos">external module</link>. + </para> + </listitem> </itemizedlist> </section> diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index 8d775ffc82d3..39a24cfecc53 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -233,7 +233,7 @@ calibre-server = 213; heapster = 214; bepasty = 215; - pumpio = 216; + # pumpio = 216; # unused, removed 2018-02-24 nm-openvpn = 217; mathics = 218; ejabberd = 219; @@ -514,7 +514,7 @@ xtreemfs = 212; calibre-server = 213; bepasty = 215; - pumpio = 216; + # pumpio = 216; # unused, removed 2018-02-24 nm-openvpn = 217; mathics = 218; ejabberd = 219; diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 3bb65c6b295a..e7f28c670bed 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -642,7 +642,6 @@ ./services/web-apps/nexus.nix ./services/web-apps/pgpkeyserver-lite.nix ./services/web-apps/matomo.nix - ./services/web-apps/pump.io.nix ./services/web-apps/restya-board.nix ./services/web-apps/tt-rss.nix ./services/web-apps/selfoss.nix diff --git a/nixos/modules/services/web-apps/pump.io-configure.js b/nixos/modules/services/web-apps/pump.io-configure.js deleted file mode 100644 index 1fbf346a34c4..000000000000 --- a/nixos/modules/services/web-apps/pump.io-configure.js +++ /dev/null @@ -1,23 +0,0 @@ -var fs = require('fs'); - -var opts = JSON.parse(fs.readFileSync("/dev/stdin").toString()); -var config = opts.config; - -var readSecret = function(filename) { - return fs.readFileSync(filename).toString().trim(); -}; - -if (opts.secretFile) { - config.secret = readSecret(opts.secretFile); -} -if (opts.dbPasswordFile) { - config.params.dbpass = readSecret(opts.dbPasswordFile); -} -if (opts.smtpPasswordFile) { - config.smtppass = readSecret(opts.smtpPasswordFile); -} -if (opts.spamClientSecretFile) { - config.spamclientsecret = readSecret(opts.opts.spamClientSecretFile); -} - -fs.writeFileSync(opts.outputFile, JSON.stringify(config)); diff --git a/nixos/modules/services/web-apps/pump.io.nix b/nixos/modules/services/web-apps/pump.io.nix deleted file mode 100644 index 27ae68516367..000000000000 --- a/nixos/modules/services/web-apps/pump.io.nix +++ /dev/null @@ -1,438 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - cfg = config.services.pumpio; - dataDir = "/var/lib/pump.io"; - runDir = "/run/pump.io"; - user = "pumpio"; - - optionalSet = condition: value: if condition then value else {}; - - configScript = ./pump.io-configure.js; - configOptions = { - outputFile = "${runDir}/config.json"; - config = - (optionalSet (cfg.driver != "disk") { - driver = cfg.driver; - }) // - { - params = (optionalSet (cfg.driver == "disk") { dir = dataDir; }) // - (optionalSet (cfg.driver == "mongodb" || cfg.driver == "redis") { - host = cfg.dbHost; - port = cfg.dbPort; - dbname = cfg.dbName; - dbuser = cfg.dbUser; - dbpass = cfg.dbPassword; - }) // - (optionalSet (cfg.driver == "memcached") { - host = cfg.dbHost; - port = cfg.dbPort; - }) // cfg.driverParams; - secret = cfg.secret; - - address = cfg.address; - port = cfg.port; - - noweb = false; - urlPort = cfg.urlPort; - hostname = cfg.hostname; - favicon = cfg.favicon; - - site = cfg.site; - owner = cfg.owner; - ownerURL = cfg.ownerURL; - - key = cfg.sslKey; - cert = cfg.sslCert; - bounce = false; - - spamhost = cfg.spamHost; - spamclientid = cfg.spamClientId; - spamclientsecret = cfg.spamClientSecret; - - requireEmail = cfg.requireEmail; - smtpserver = cfg.smtpHost; - smtpport = cfg.smtpPort; - smtpuser = cfg.smtpUser; - smtppass = cfg.smtpPassword; - smtpusessl = cfg.smtpUseSSL; - smtpfrom = cfg.smtpFrom; - - nologger = false; - enableUploads = cfg.enableUploads; - datadir = dataDir; - debugClient = false; - firehose = cfg.firehose; - disableRegistration = cfg.disableRegistration; - - inherit (cfg) secretFile dbPasswordFile smtpPasswordFile spamClientSecretFile; - } // - (optionalSet (cfg.port < 1024) { - serverUser = user; # have pump.io listen then drop privileges - }) // cfg.extraConfig; -}; in { - options = { - - services.pumpio = { - - enable = mkEnableOption "Pump.io social streams server"; - - secret = mkOption { - type = types.nullOr types.str; - default = null; - example = "my dog has fleas"; - description = '' - A session-generating secret, server-wide password. Warning: - this is stored in cleartext in the Nix store! - ''; - }; - - secretFile = mkOption { - type = types.nullOr types.path; - default = null; - example = "/run/keys/pump.io-secret"; - description = '' - A file containing the session-generating secret, - server-wide password. - ''; - }; - - site = mkOption { - type = types.str; - example = "Awesome Sauce"; - description = "Name of the server"; - }; - - owner = mkOption { - type = types.str; - default = ""; - example = "Awesome Inc."; - description = "Name of owning entity, if you want to link to it."; - }; - - ownerURL = mkOption { - type = types.str; - default = ""; - example = "https://pump.io"; - description = "URL of owning entity, if you want to link to it."; - }; - - address = mkOption { - type = types.str; - default = "localhost"; - description = '' - Web server listen address. - ''; - }; - - port = mkOption { - type = types.int; - default = 31337; - description = '' - Port to listen on. Defaults to 31337, which is suitable for - running behind a reverse proxy. For a standalone server, - use 443. - ''; - }; - - hostname = mkOption { - type = types.nullOr types.str; - default = "localhost"; - description = '' - The hostname of the server, used for generating - URLs. Defaults to "localhost" which doesn't do much for you. - ''; - }; - - urlPort = mkOption { - type = types.int; - default = 443; - description = '' - Port to use for generating URLs. This basically has to be - either 80 or 443 because the host-meta and Webfinger - protocols don't make any provision for HTTP/HTTPS servers - running on other ports. - ''; - }; - - favicon = mkOption { - type = types.nullOr types.path; - default = null; - description = '' - Local filesystem path to the favicon.ico file to use. This - will be served as "/favicon.ico" by the server. - ''; - }; - - enableUploads = mkOption { - type = types.bool; - default = true; - description = '' - If you want to disable file uploads, set this to false. Uploaded files will be stored - in ${dataDir}/uploads. - ''; - }; - - sslKey = mkOption { - type = types.path; - example = "${dataDir}/myserver.key"; - default = ""; - description = '' - The path to the server certificate private key. The - certificate is required, but it can be self-signed. - ''; - }; - - sslCert = mkOption { - type = types.path; - example = "${dataDir}/myserver.crt"; - default = ""; - description = '' - The path to the server certificate. The certificate is - required, but it can be self-signed. - ''; - }; - - firehose = mkOption { - type = types.str; - default = "ofirehose.com"; - description = '' - Firehose host running the ofirehose software. Defaults to - "ofirehose.com". Public notices will be ping this firehose - server and from there go out to search engines and the - world. If you want to disconnect from the public web, set - this to something falsy. - ''; - }; - - disableRegistration = mkOption { - type = types.bool; - default = false; - description = '' - Disables registering new users on the site through the Web - or the API. - ''; - }; - - requireEmail = mkOption { - type = types.bool; - default = false; - description = "Require an e-mail address to register."; - }; - - extraConfig = mkOption { - default = { }; - description = '' - Extra configuration options which are serialized to json and added - to the pump.io.json config file. - ''; - }; - - driver = mkOption { - type = types.enum [ "mongodb" "disk" "lrucache" "memcached" "redis" ]; - default = "mongodb"; - description = "Type of database. Corresponds to a nodejs databank driver."; - }; - - driverParams = mkOption { - default = { }; - description = "Extra parameters for the driver."; - }; - - dbHost = mkOption { - type = types.str; - default = "localhost"; - description = "The database host to connect to."; - }; - - dbPort = mkOption { - type = types.int; - default = 27017; - description = "The port that the database is listening on."; - }; - - dbName = mkOption { - type = types.str; - default = "pumpio"; - description = "The name of the database to use."; - }; - - dbUser = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - The username. Defaults to null, meaning no authentication. - ''; - }; - - dbPassword = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - The password corresponding to dbUser. Warning: this is - stored in cleartext in the Nix store! - ''; - }; - - dbPasswordFile = mkOption { - type = types.nullOr types.path; - default = null; - example = "/run/keys/pump.io-dbpassword"; - description = '' - A file containing the password corresponding to dbUser. - ''; - }; - - smtpHost = mkOption { - type = types.nullOr types.str; - default = null; - example = "localhost"; - description = '' - Server to use for sending transactional email. If it's not - set up, no email is sent and features like password recovery - and email notification won't work. - ''; - }; - - smtpPort = mkOption { - type = types.int; - default = 25; - description = '' - Port to connect to on SMTP server. - ''; - }; - - smtpUser = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - Username to use to connect to SMTP server. Might not be - necessary for some servers. - ''; - }; - - smtpPassword = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - Password to use to connect to SMTP server. Might not be - necessary for some servers. Warning: this is stored in - cleartext in the Nix store! - ''; - }; - - smtpPasswordFile = mkOption { - type = types.nullOr types.path; - default = null; - example = "/run/keys/pump.io-smtppassword"; - description = '' - A file containing the password used to connect to SMTP - server. Might not be necessary for some servers. - ''; - }; - - - smtpUseSSL = mkOption { - type = types.bool; - default = false; - description = '' - Only use SSL with the SMTP server. By default, a SSL - connection is negotiated using TLS. You may need to change - the smtpPort value if you set this. - ''; - }; - - smtpFrom = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - Email address to use in the "From:" header of outgoing - notifications. Defaults to 'no-reply@' plus the site - hostname. - ''; - }; - - spamHost = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - Host running activityspam software to use to test updates - for spam. - ''; - }; - spamClientId = mkOption { - type = types.nullOr types.str; - default = null; - description = "OAuth pair for spam server."; - }; - spamClientSecret = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - OAuth pair for spam server. Warning: this is - stored in cleartext in the Nix store! - ''; - }; - spamClientSecretFile = mkOption { - type = types.nullOr types.path; - default = null; - example = "/run/keys/pump.io-spamclientsecret"; - description = '' - A file containing the OAuth key for the spam server. - ''; - }; - }; - - }; - - config = mkIf cfg.enable { - warnings = let warn = k: optional (cfg.${k} != null) - "config.services.pumpio.${k} is insecure. Use ${k}File instead."; - in concatMap warn [ "secret" "dbPassword" "smtpPassword" "spamClientSecret" ]; - - assertions = [ - { assertion = !(isNull cfg.secret && isNull cfg.secretFile); - message = "pump.io needs a secretFile configured"; - } - ]; - - systemd.services."pump.io" = - { description = "Pump.io - stream server that does most of what people really want from a social network"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - - preStart = '' - mkdir -p ${dataDir}/uploads - mkdir -p ${runDir} - chown pumpio:pumpio ${dataDir}/uploads ${runDir} - chmod 770 ${dataDir}/uploads ${runDir} - - ${pkgs.nodejs}/bin/node ${configScript} <<EOF - ${builtins.toJSON configOptions} - EOF - - chgrp pumpio ${configOptions.outputFile} - chmod 640 ${configOptions.outputFile} - ''; - - serviceConfig = { - ExecStart = "${pkgs.pumpio}/bin/pump -c ${configOptions.outputFile}"; - PermissionsStartOnly = true; - User = if cfg.port < 1024 then "root" else user; - Group = user; - }; - environment = { NODE_ENV = "production"; }; - }; - - users.extraGroups.pumpio.gid = config.ids.gids.pumpio; - users.extraUsers.pumpio = { - group = "pumpio"; - uid = config.ids.uids.pumpio; - description = "Pump.io user"; - home = dataDir; - createHome = true; - }; - }; -} diff --git a/nixos/release.nix b/nixos/release.nix index 256f7d6fb0f7..d092a5b7552b 100644 --- a/nixos/release.nix +++ b/nixos/release.nix @@ -340,7 +340,6 @@ in rec { tests.printing = callTest tests/printing.nix {}; tests.prometheus = callTest tests/prometheus.nix {}; tests.proxy = callTest tests/proxy.nix {}; - tests.pumpio = callTest tests/pump.io.nix {}; # tests.quagga = callTest tests/quagga.nix {}; tests.quake3 = callTest tests/quake3.nix {}; tests.rabbitmq = callTest tests/rabbitmq.nix {}; diff --git a/nixos/tests/pump.io.nix b/nixos/tests/pump.io.nix deleted file mode 100644 index 0991ed3fce1f..000000000000 --- a/nixos/tests/pump.io.nix +++ /dev/null @@ -1,89 +0,0 @@ -# This test runs pump.io with mongodb, listing on port 443. - -import ./make-test.nix ({ pkgs, ...} : let - snakeOilKey = '' - -----BEGIN PRIVATE KEY----- - MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCqVemio78R41Tz - MnR2zFD/wFT0iScOpFkuytNmuPf28FLaa9wSBWmuAGbEi7wBIfw8/bUqFBTQp2G1 - m1cmcCKxhmvvOkGs89eM131s1lW/bXU3zYso4e7724kHwU65jRlQs6cFWIlmW7V5 - 3HQobP05dy+zPpujPPSlOQ0qYViR1s+RgZI8r0wS2ZDsliNtQwBLJSIvX6XVnXLo - F/HmF4/ySJ9pL2AxQXCwZE8SfCzHpArs9COIqTaAuwB79kxWSFQJewmab74BXiM6 - 9FMCtHON24Pl7OR9sRJHH8rMEzUumppmUeCNEzABjzQQ7svR18cmbzRWetp0tT9Y - 7rj6URHHAgMBAAECggEAGmbCldDnlrAzxJY3cwpsK5f2EwkHIr/aiuQpLCzTUlUh - onVBYRGxtaSeSSyXcV2BKTrxz5nZOBYZkPqI4Y5T8kwxgpz2/QW2jUABUtNN6yPe - HU4gma+bSTJX5PnTZ/M0z0tpQezdLx5b3I2M+48ZGMUegZvcp8qU6N8U6VK5VbFD - DMTGL4b+Kc9HScRkCJjU3FfQcqf9Ml5w9jzHSeHImYEDrG0nX8N8EImRCBXbgxCl - 5XT1h6LFUGdr+N6n2w56+6l8OZZVmwj1NdF6NJybUQl4Y7b0niA+5czzjRt/YUjZ - HW0fXmx3XlbYGWYdMdS+VaIW6pkUpm8kZkqjngqLwQKBgQDfhbFQmg9lsJQ8/dQZ - WzRNsozHKWkQiZbW5sXBWygJbAB3Hc8gvQkuZe9TVyF99cznRj6ro6pGZjP0rTdY - 3ACTL+ygRArcIR6VsJCIr6nPvBLpOoNb8TQeKPmHC2gnSP9zaT/K2lldYISKNaYQ - 0seB2gvZhIgMgWtZtmb3jdgl9wKBgQDDFdknXgvFgB+y96//9wTu2WWuE5yQ5yB7 - utAcHNO9rx5X1tJqxymYh+iE8HUN25By+96SpNMQFI+0wNGVB00YWNBKtyepimWN - EUCojTy+MIXIjrLcvviEePsI4TPWYf8XtZeiYtcczYrt/wPQUYaDb8LBRfpIfmhr - rCGW93s+sQKBgEDOKTeeQyKPjJsWWL01RTfVsZ04s155FcOeyu0heb0plAT1Ho12 - YUgTg8zc8Tfs4QiYxCjNXdvlW+Dvq6FWv8/s0CUzNRbXf1+U/oKys4AoHi+CqH0q - tJqd9KKjuwHQ10dl13n/znMVPbg4j7pG8lMCnfblxvAhQbeT+8yAUo/HAoGBAL3t - /n4KXNGK3NHDvXEp0H6t3wWsiEi3DPQJO+Wy1x8caCFCv5c/kaqz3tfWt0+njSm1 - N8tzdx13tzVWaHV8Jz3l8dxcFtxEJnxB6L5wy0urOAS7kT3DG3b1xgmuH2a//7fY - jumE60NahcER/2eIh7pdS7IZbAO6NfVmH0m4Zh/xAoGAbquh60sAfLC/1O2/4Xom - PHS7z2+TNpwu4ou3nspxfigNQcTWzzzTVFLnaTPg+HKbLRXSWysjssmmj5u3lCyc - S2M9xuhApa9CrN/udz4gEojRVsTla/gyLifIZ3CtTn2QEQiIJEMxM+59KAlkgUBo - 9BeZ03xTaEZfhVZ9bEN30Ak= - -----END PRIVATE KEY----- - ''; - - snakeOilCert = '' - -----BEGIN CERTIFICATE----- - MIICvjCCAaagAwIBAgIJANhA6+PPhomZMA0GCSqGSIb3DQEBCwUAMBcxFTATBgNV - BAMMDGIwOTM0YWMwYWZkNTAeFw0xNTExMzAxNzQ3MzVaFw0yNTExMjcxNzQ3MzVa - MBcxFTATBgNVBAMMDGIwOTM0YWMwYWZkNTCCASIwDQYJKoZIhvcNAQEBBQADggEP - ADCCAQoCggEBAKpV6aKjvxHjVPMydHbMUP/AVPSJJw6kWS7K02a49/bwUtpr3BIF - aa4AZsSLvAEh/Dz9tSoUFNCnYbWbVyZwIrGGa+86Qazz14zXfWzWVb9tdTfNiyjh - 7vvbiQfBTrmNGVCzpwVYiWZbtXncdChs/Tl3L7M+m6M89KU5DSphWJHWz5GBkjyv - TBLZkOyWI21DAEslIi9fpdWdcugX8eYXj/JIn2kvYDFBcLBkTxJ8LMekCuz0I4ip - NoC7AHv2TFZIVAl7CZpvvgFeIzr0UwK0c43bg+Xs5H2xEkcfyswTNS6ammZR4I0T - MAGPNBDuy9HXxyZvNFZ62nS1P1juuPpREccCAwEAAaMNMAswCQYDVR0TBAIwADAN - BgkqhkiG9w0BAQsFAAOCAQEAd2w9rxi6qF9WV8L3rHnTE7uu0ldtdgJlCASx6ouj - TleOnjfEg+kH8r8UbmRV5vsTDn1Qp5JGDYxfytRUQwLb1zTLde0xotx37E3LY8Wr - sD6Al4t8sHywB/hc5dy29TgG0iyG8LKZrkwytLvDZ814W3OwpN2rpEz6pdizdHNn - jsoDEngZiDHvLjIyE0cDkFXkeYMGXOnBUeOcu4nfu4C5eKs3nXGGAcNDbDRIuLoE - BZExUBY+YSs6JBvh5tvRqLVW0Dz0akEcjb/jhwS2LmDip8Pdoxx4Q1jPKEu38zrr - Vd5WD2HJhLb9u0UxVp9vfWIUDgydopV5ZmWCQ5YvNepb1w== - -----END CERTIFICATE----- - ''; -in { - name = "pumpio"; - meta = with pkgs.stdenv.lib.maintainers; { - maintainers = [ rvl ]; - }; - - nodes = { - one = - { config, pkgs, ... }: - { - services = { - pumpio = { - port = 443; - enable = true; - sslCert = pkgs.writeText "snakeoil.cert" snakeOilCert; - sslKey = pkgs.writeText "snakeoil.pem" snakeOilKey; - secretFile = pkgs.writeText "secretFile" "test123"; - site = "test"; - }; - mongodb.enable = true; - mongodb.extraConfig = '' - storage.journal.enabled: false - ''; - }; - systemd.services.mongodb.unitConfig.Before = "pump.io.service"; - systemd.services."pump.io".unitConfig.Requires = "mongodb.service"; - }; - }; - - testScript = '' - startAll; - - $one->waitForUnit("pump.io.service"); - $one->waitUntilSucceeds("curl -k https://localhost"); - ''; -}) |