diff options
Diffstat (limited to 'nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix')
| -rw-r--r-- | nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix | 508 |
1 files changed, 312 insertions, 196 deletions
diff --git a/nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix b/nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix index 07af7aa0dfec..76e18266a273 100644 --- a/nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix +++ b/nixpkgs/nixos/modules/services/web-apps/dokuwiki.nix @@ -3,13 +3,14 @@ let inherit (lib) mkEnableOption mkForce mkIf mkMerge mkOption optionalAttrs recursiveUpdate types; + inherit (lib) concatMapStringsSep flatten mapAttrs mapAttrs' mapAttrsToList nameValuePair concatMapStringSep; - cfg = config.services.dokuwiki; + eachSite = config.services.dokuwiki; - user = config.services.nginx.user; + user = "dokuwiki"; group = config.services.nginx.group; - dokuwikiAclAuthConfig = pkgs.writeText "acl.auth.php" '' + dokuwikiAclAuthConfig = cfg: pkgs.writeText "acl.auth.php" '' # acl.auth.php # <?php exit()?> # @@ -18,244 +19,353 @@ let ${toString cfg.acl} ''; - dokuwikiLocalConfig = pkgs.writeText "local.php" '' + dokuwikiLocalConfig = cfg: pkgs.writeText "local.php" '' <?php $conf['savedir'] = '${cfg.stateDir}'; $conf['superuser'] = '${toString cfg.superUser}'; $conf['useacl'] = '${toString cfg.aclUse}'; + $conf['disableactions'] = '${cfg.disableActions}'; ${toString cfg.extraConfig} ''; - dokuwikiPluginsLocalConfig = pkgs.writeText "plugins.local.php" '' + dokuwikiPluginsLocalConfig = cfg: pkgs.writeText "plugins.local.php" '' <?php ${cfg.pluginsConfig} ''; -in -{ - options.services.dokuwiki = { - enable = mkEnableOption "DokuWiki web application."; + pkg = hostName: cfg: pkgs.stdenv.mkDerivation rec { + pname = "dokuwiki-${hostName}"; + version = src.version; + src = cfg.package; - hostName = mkOption { - type = types.str; - default = "localhost"; - description = "FQDN for the instance."; - }; + installPhase = '' + mkdir -p $out + cp -r * $out/ - stateDir = mkOption { - type = types.path; - default = "/var/lib/dokuwiki/data"; - description = "Location of the dokuwiki state directory."; - }; + # symlink the dokuwiki config + ln -s ${dokuwikiLocalConfig cfg} $out/share/dokuwiki/local.php - acl = mkOption { - type = types.nullOr types.lines; - default = null; - example = "* @ALL 8"; - description = '' - Access Control Lists: see <link xlink:href="https://www.dokuwiki.org/acl"/> - Mutually exclusive with services.dokuwiki.aclFile - Set this to a value other than null to take precedence over aclFile option. - ''; - }; + # symlink plugins config + ln -s ${dokuwikiPluginsLocalConfig cfg} $out/share/dokuwiki/plugins.local.php - aclFile = mkOption { - type = types.nullOr types.path; - default = null; - description = '' - Location of the dokuwiki acl rules. Mutually exclusive with services.dokuwiki.acl - Mutually exclusive with services.dokuwiki.acl which is preferred. - Consult documentation <link xlink:href="https://www.dokuwiki.org/acl"/> for further instructions. - Example: <link xlink:href="https://github.com/splitbrain/dokuwiki/blob/master/conf/acl.auth.php.dist"/> - ''; - }; + # symlink acl + ln -s ${dokuwikiAclAuthConfig cfg} $out/share/dokuwiki/acl.auth.php - aclUse = mkOption { - type = types.bool; - default = true; - description = '' - Necessary for users to log in into the system. - Also limits anonymous users. When disabled, - everyone is able to create and edit content. - ''; - }; + # symlink additional plugin(s) and templates(s) + ${concatMapStringsSep "\n" (template: "ln -s ${template} $out/share/dokuwiki/lib/tpl/${template.name}") cfg.templates} + ${concatMapStringsSep "\n" (plugin: "ln -s ${plugin} $out/share/dokuwiki/lib/plugins/${plugin.name}") cfg.plugins} + ''; + }; - pluginsConfig = mkOption { - type = types.lines; - default = '' - $plugins['authad'] = 0; - $plugins['authldap'] = 0; - $plugins['authmysql'] = 0; - $plugins['authpgsql'] = 0; - ''; - description = '' - List of the dokuwiki (un)loaded plugins. - ''; - }; + siteOpts = { config, lib, name, ...}: { + options = { + enable = mkEnableOption "DokuWiki web application."; - superUser = mkOption { - type = types.nullOr types.str; - default = "@admin"; - description = '' - You can set either a username, a list of usernames (“admin1,admin2”), - or the name of a group by prepending an @ char to the groupname - Consult documentation <link xlink:href="https://www.dokuwiki.org/config:superuser"/> for further instructions. - ''; - }; + package = mkOption { + type = types.package; + default = pkgs.dokuwiki; + description = "Which dokuwiki package to use."; + }; + + hostName = mkOption { + type = types.str; + default = "localhost"; + description = "FQDN for the instance."; + }; + + stateDir = mkOption { + type = types.path; + default = "/var/lib/dokuwiki/${name}/data"; + description = "Location of the dokuwiki state directory."; + }; - usersFile = mkOption { - type = types.nullOr types.path; - default = null; - description = '' - Location of the dokuwiki users file. List of users. Format: - login:passwordhash:Real Name:email:groups,comma,separated - Create passwordHash easily by using:$ mkpasswd -5 password `pwgen 8 1` - Example: <link xlink:href="https://github.com/splitbrain/dokuwiki/blob/master/conf/users.auth.php.dist"/> + acl = mkOption { + type = types.nullOr types.lines; + default = null; + example = "* @ALL 8"; + description = '' + Access Control Lists: see <link xlink:href="https://www.dokuwiki.org/acl"/> + Mutually exclusive with services.dokuwiki.aclFile + Set this to a value other than null to take precedence over aclFile option. + + Warning: Consider using aclFile instead if you do not + want to store the ACL in the world-readable Nix store. ''; - }; + }; - extraConfig = mkOption { - type = types.nullOr types.lines; - default = null; - example = '' - $conf['title'] = 'My Wiki'; - $conf['userewrite'] = 1; - ''; - description = '' - DokuWiki configuration. Refer to - <link xlink:href="https://www.dokuwiki.org/config"/> - for details on supported values. - ''; - }; + aclFile = mkOption { + type = with types; nullOr str; + default = if (config.aclUse && config.acl == null) then "/var/lib/dokuwiki/${name}/users.auth.php" else null; + description = '' + Location of the dokuwiki acl rules. Mutually exclusive with services.dokuwiki.acl + Mutually exclusive with services.dokuwiki.acl which is preferred. + Consult documentation <link xlink:href="https://www.dokuwiki.org/acl"/> for further instructions. + Example: <link xlink:href="https://github.com/splitbrain/dokuwiki/blob/master/conf/acl.auth.php.dist"/> + ''; + example = "/var/lib/dokuwiki/${name}/acl.auth.php"; + }; - poolConfig = mkOption { - type = with types; attrsOf (oneOf [ str int bool ]); - default = { - "pm" = "dynamic"; - "pm.max_children" = 32; - "pm.start_servers" = 2; - "pm.min_spare_servers" = 2; - "pm.max_spare_servers" = 4; - "pm.max_requests" = 500; + aclUse = mkOption { + type = types.bool; + default = true; + description = '' + Necessary for users to log in into the system. + Also limits anonymous users. When disabled, + everyone is able to create and edit content. + ''; }; - description = '' - Options for the dokuwiki PHP pool. See the documentation on <literal>php-fpm.conf</literal> - for details on configuration directives. - ''; - }; - nginx = mkOption { - type = types.submodule ( - recursiveUpdate - (import ../web-servers/nginx/vhost-options.nix { inherit config lib; }) - { - # Enable encryption by default, - options.forceSSL.default = true; - options.enableACME.default = true; - } - ); - default = {forceSSL = true; enableACME = true;}; - example = { - serverAliases = [ - "wiki.\${config.networking.domain}" - ]; - enableACME = false; + pluginsConfig = mkOption { + type = types.lines; + default = '' + $plugins['authad'] = 0; + $plugins['authldap'] = 0; + $plugins['authmysql'] = 0; + $plugins['authpgsql'] = 0; + ''; + description = '' + List of the dokuwiki (un)loaded plugins. + ''; + }; + + superUser = mkOption { + type = types.nullOr types.str; + default = "@admin"; + description = '' + You can set either a username, a list of usernames (“admin1,admin2”), + or the name of a group by prepending an @ char to the groupname + Consult documentation <link xlink:href="https://www.dokuwiki.org/config:superuser"/> for further instructions. + ''; }; - description = '' - With this option, you can customize the nginx virtualHost which already has sensible defaults for DokuWiki. - ''; + + usersFile = mkOption { + type = with types; nullOr str; + default = if config.aclUse then "/var/lib/dokuwiki/${name}/users.auth.php" else null; + description = '' + Location of the dokuwiki users file. List of users. Format: + login:passwordhash:Real Name:email:groups,comma,separated + Create passwordHash easily by using:$ mkpasswd -5 password `pwgen 8 1` + Example: <link xlink:href="https://github.com/splitbrain/dokuwiki/blob/master/conf/users.auth.php.dist"/> + ''; + example = "/var/lib/dokuwiki/${name}/users.auth.php"; + }; + + disableActions = mkOption { + type = types.nullOr types.str; + default = ""; + example = "search,register"; + description = '' + Disable individual action modes. Refer to + <link xlink:href="https://www.dokuwiki.org/config:action_modes"/> + for details on supported values. + ''; + }; + + extraConfig = mkOption { + type = types.nullOr types.lines; + default = null; + example = '' + $conf['title'] = 'My Wiki'; + $conf['userewrite'] = 1; + ''; + description = '' + DokuWiki configuration. Refer to + <link xlink:href="https://www.dokuwiki.org/config"/> + for details on supported values. + ''; + }; + + plugins = mkOption { + type = types.listOf types.path; + default = []; + description = '' + List of path(s) to respective plugin(s) which are copied from the 'plugin' directory. + <note><para>These plugins need to be packaged before use, see example.</para></note> + ''; + example = '' + # Let's package the icalevents plugin + plugin-icalevents = pkgs.stdenv.mkDerivation { + name = "icalevents"; + # Download the plugin from the dokuwiki site + src = pkgs.fetchurl { + url = https://github.com/real-or-random/dokuwiki-plugin-icalevents/releases/download/2017-06-16/dokuwiki-plugin-icalevents-2017-06-16.zip; + sha256 = "e40ed7dd6bbe7fe3363bbbecb4de481d5e42385b5a0f62f6a6ce6bf3a1f9dfa8"; + }; + sourceRoot = "."; + # We need unzip to build this package + buildInputs = [ pkgs.unzip ]; + # Installing simply means copying all files to the output directory + installPhase = "mkdir -p $out; cp -R * $out/"; + }; + + # And then pass this theme to the plugin list like this: + plugins = [ plugin-icalevents ]; + ''; + }; + + templates = mkOption { + type = types.listOf types.path; + default = []; + description = '' + List of path(s) to respective template(s) which are copied from the 'tpl' directory. + <note><para>These templates need to be packaged before use, see example.</para></note> + ''; + example = '' + # Let's package the bootstrap3 theme + template-bootstrap3 = pkgs.stdenv.mkDerivation { + name = "bootstrap3"; + # Download the theme from the dokuwiki site + src = pkgs.fetchurl { + url = https://github.com/giterlizzi/dokuwiki-template-bootstrap3/archive/v2019-05-22.zip; + sha256 = "4de5ff31d54dd61bbccaf092c9e74c1af3a4c53e07aa59f60457a8f00cfb23a6"; + }; + # We need unzip to build this package + buildInputs = [ pkgs.unzip ]; + # Installing simply means copying all files to the output directory + installPhase = "mkdir -p $out; cp -R * $out/"; + }; + + # And then pass this theme to the template list like this: + templates = [ template-bootstrap3 ]; + ''; + }; + + poolConfig = mkOption { + type = with types; attrsOf (oneOf [ str int bool ]); + default = { + "pm" = "dynamic"; + "pm.max_children" = 32; + "pm.start_servers" = 2; + "pm.min_spare_servers" = 2; + "pm.max_spare_servers" = 4; + "pm.max_requests" = 500; + }; + description = '' + Options for the dokuwiki PHP pool. See the documentation on <literal>php-fpm.conf</literal> + for details on configuration directives. + ''; + }; + + nginx = mkOption { + type = types.submodule ( + recursiveUpdate + (import ../web-servers/nginx/vhost-options.nix { inherit config lib; }) + { + # Enable encryption by default, + options.forceSSL.default = true; + options.enableACME.default = true; + } + ); + default = {forceSSL = true; enableACME = true;}; + example = { + serverAliases = [ + "wiki.\${config.networking.domain}" + ]; + enableACME = false; + }; + description = '' + With this option, you can customize the nginx virtualHost which already has sensible defaults for DokuWiki. + ''; + }; + }; + }; +in +{ + # interface + options = { + services.dokuwiki = mkOption { + type = types.attrsOf (types.submodule siteOpts); + default = {}; + description = "Sepcification of one or more dokuwiki sites to service."; }; }; # implementation - config = mkIf cfg.enable { - - warnings = mkIf (cfg.superUser == null) ["Not setting services.dokuwiki.superUser will impair your ability to administer DokuWiki"]; - - assertions = [ - { - assertion = cfg.aclUse -> (cfg.acl != null || cfg.aclFile != null); - message = "Either services.dokuwiki.acl or services.dokuwiki.aclFile is mandatory when aclUse is true"; - } - { - assertion = cfg.usersFile != null -> cfg.aclUse != false; - message = "services.dokuwiki.aclUse must be true when usersFile is not null"; - } - ]; - - services.phpfpm.pools.dokuwiki = { - inherit user; - inherit group; - phpEnv = { - DOKUWIKI_LOCAL_CONFIG = "${dokuwikiLocalConfig}"; - DOKUWIKI_PLUGINS_LOCAL_CONFIG = "${dokuwikiPluginsLocalConfig}"; - } //optionalAttrs (cfg.usersFile != null) { - DOKUWIKI_USERS_AUTH_CONFIG = "${cfg.usersFile}"; - } //optionalAttrs (cfg.aclUse) { - DOKUWIKI_ACL_AUTH_CONFIG = if (cfg.acl != null) then "${dokuwikiAclAuthConfig}" else "${toString cfg.aclFile}"; - }; - - settings = { - "listen.mode" = "0660"; - "listen.owner" = user; - "listen.group" = group; - } // cfg.poolConfig; - }; + config = mkIf (eachSite != {}) { + + warnings = mapAttrsToList (hostName: cfg: mkIf (cfg.superUser == null) "Not setting services.dokuwiki.${hostName} superUser will impair your ability to administer DokuWiki") eachSite; + + assertions = flatten (mapAttrsToList (hostName: cfg: + [{ + assertion = cfg.aclUse -> (cfg.acl != null || cfg.aclFile != null); + message = "Either services.dokuwiki.${hostName}.acl or services.dokuwiki.${hostName}.aclFile is mandatory if aclUse true"; + } + { + assertion = cfg.usersFile != null -> cfg.aclUse != false; + message = "services.dokuwiki.${hostName}.aclUse must must be true if usersFile is not null"; + } + ]) eachSite); + + services.phpfpm.pools = mapAttrs' (hostName: cfg: ( + nameValuePair "dokuwiki-${hostName}" { + inherit user; + inherit group; + phpEnv = { + DOKUWIKI_LOCAL_CONFIG = "${dokuwikiLocalConfig cfg}"; + DOKUWIKI_PLUGINS_LOCAL_CONFIG = "${dokuwikiPluginsLocalConfig cfg}"; + } // optionalAttrs (cfg.usersFile != null) { + DOKUWIKI_USERS_AUTH_CONFIG = "${cfg.usersFile}"; + } //optionalAttrs (cfg.aclUse) { + DOKUWIKI_ACL_AUTH_CONFIG = if (cfg.acl != null) then "${dokuwikiAclAuthConfig cfg}" else "${toString cfg.aclFile}"; + }; + + settings = { + "listen.mode" = "0660"; + "listen.owner" = user; + "listen.group" = group; + } // cfg.poolConfig; + })) eachSite; services.nginx = { enable = true; - - virtualHosts = { - ${cfg.hostName} = mkMerge [ cfg.nginx { - root = mkForce "${pkgs.dokuwiki}/share/dokuwiki/"; - extraConfig = "fastcgi_param HTTPS on;"; - - locations."~ /(conf/|bin/|inc/|install.php)" = { - extraConfig = "deny all;"; - }; - - locations."~ ^/data/" = { - root = "${cfg.stateDir}"; - extraConfig = "internal;"; - }; - - locations."~ ^/lib.*\.(js|css|gif|png|ico|jpg|jpeg)$" = { - extraConfig = "expires 365d;"; - }; - - locations."/" = { - priority = 1; - index = "doku.php"; - extraConfig = ''try_files $uri $uri/ @dokuwiki;''; - }; - - locations."@dokuwiki" = { - extraConfig = '' + virtualHosts = mapAttrs (hostName: cfg: mkMerge [ cfg.nginx { + root = mkForce "${pkg hostName cfg}/share/dokuwiki"; + extraConfig = "fastcgi_param HTTPS on;"; + + locations."~ /(conf/|bin/|inc/|install.php)" = { + extraConfig = "deny all;"; + }; + + locations."~ ^/data/" = { + root = "${cfg.stateDir}"; + extraConfig = "internal;"; + }; + + locations."~ ^/lib.*\.(js|css|gif|png|ico|jpg|jpeg)$" = { + extraConfig = "expires 365d;"; + }; + + locations."/" = { + priority = 1; + index = "doku.php"; + extraConfig = ''try_files $uri $uri/ @dokuwiki;''; + }; + + locations."@dokuwiki" = { + extraConfig = '' # rewrites "doku.php/" out of the URLs if you set the userwrite setting to .htaccess in dokuwiki config page rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; rewrite ^/(.*) /doku.php?id=$1&$args last; - ''; - }; + ''; + }; - locations."~ \.php$" = { - extraConfig = '' + locations."~ \.php$" = { + extraConfig = '' try_files $uri $uri/ /doku.php; include ${pkgs.nginx}/conf/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param REDIRECT_STATUS 200; - fastcgi_pass unix:${config.services.phpfpm.pools.dokuwiki.socket}; + fastcgi_pass unix:${config.services.phpfpm.pools."dokuwiki-${hostName}".socket}; fastcgi_param HTTPS on; - ''; - }; - }]; - }; - + ''; + }; + }]) eachSite; }; - systemd.tmpfiles.rules = [ + systemd.tmpfiles.rules = flatten (mapAttrsToList (hostName: cfg: [ "d ${cfg.stateDir}/attic 0750 ${user} ${group} - -" "d ${cfg.stateDir}/cache 0750 ${user} ${group} - -" "d ${cfg.stateDir}/index 0750 ${user} ${group} - -" @@ -266,7 +376,13 @@ in "d ${cfg.stateDir}/meta 0750 ${user} ${group} - -" "d ${cfg.stateDir}/pages 0750 ${user} ${group} - -" "d ${cfg.stateDir}/tmp 0750 ${user} ${group} - -" - ]; + ] ++ lib.optional (cfg.aclFile != null) "C ${cfg.aclFile} 0640 ${user} ${group} - ${pkg hostName cfg}/share/dokuwiki/conf/acl.auth.php.dist" + ++ lib.optional (cfg.usersFile != null) "C ${cfg.usersFile} 0640 ${user} ${group} - ${pkg hostName cfg}/share/dokuwiki/conf/users.auth.php.dist" + ) eachSite); + users.users.${user} = { + group = group; + isSystemUser = true; + }; }; } |