movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-10 11:45:45 +03:00
Code Issues Projects Releases Packages Wiki Activity

plausible: first review fix iteration

Browse source 
* Most significant is probably the patching necessary to run plausible
  with postgres without superuser privilege. This change includes:
  * updating ecto_sql to 3.6 where `CREATE DATABASE` is only executed if
    it doesn't exist[1].
  * patching a migration to only modify the `users.email` column (to use
    `citext` rather than creating the extension. `plausible-postgres`
    takes care of that).
* Correctly declare dependencies in systemd.
* A few minor fixes.

[1] 051baf669e
This commit is contained in:
Maximilian Bosch 2021-05-29 16:13:20 +02:00 committed by Raphael Megzari
parent ba934e9fc1
commit 02b15d0f5b
6 changed files with 73 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

53
nixos/modules/services/web-apps/plausible.nix
View file

@ -5,10 +5,10 @@ with lib;
let let
cfg = config.services.plausible; cfg = config.services.plausible;
# FIXME consider using LoadCredential as soon as it actually works.
envSecrets = '' envSecrets = ''
export ADMIN_USER_PWD="$(<${cfg.adminUser.passwordFile})" export ADMIN_USER_PWD="$(<${cfg.adminUser.passwordFile})"
export SECRET_KEY_BASE="$(<${cfg.server.secretKeybaseFile})" export SECRET_KEY_BASE="$(<${cfg.server.secretKeybaseFile})"
export RELEASE_TMP=/var/lib/plausible/tmp
${optionalString (cfg.mail.smtp.passwordFile != null) '' ${optionalString (cfg.mail.smtp.passwordFile != null) ''
export SMTP_USER_PWD="$(<${cfg.mail.smtp.passwordFile})" export SMTP_USER_PWD="$(<${cfg.mail.smtp.passwordFile})"
''} ''}
@ -51,9 +51,7 @@ in {
default = "http://localhost:8123/default"; default = "http://localhost:8123/default";
type = types.str; type = types.str;
description = '' description = ''
The URL to be used to connect to <package>postgres</package>. The format The URL to be used to connect to <package>clickhouse</package>.
is described in <link xlink:href="https://hexdocs.pm/ecto/Ecto.Repo.html#module-urls">
the elixir docs</link>.
''; '';
}; };
}; };
@ -110,7 +108,7 @@ in {
mail = { mail = {
email = mkOption { email = mkOption {
default = " hello@plausible.local"; default = "hello@plausible.local";
type = types.str; type = types.str;
description = '' description = ''
The email id to use for as <emphasis>from</emphasis> address of all communications The email id to use for as <emphasis>from</emphasis> address of all communications
@ -146,7 +144,7 @@ in {
The path to the file with the password in case SMTP auth is enabled. The path to the file with the password in case SMTP auth is enabled.
''; '';
}; };
enableSSL = mkEnableOption ""; enableSSL = mkEnableOption "SSL when connecting to the SMTP server";
retries = mkOption { retries = mkOption {
type = types.ints.unsigned; type = types.ints.unsigned;
default = 2; default = 2;
@ -162,7 +160,7 @@ in {
assertions = [ assertions = [
{ assertion = cfg.adminUser.activate -> cfg.database.postgres.setup; { assertion = cfg.adminUser.activate -> cfg.database.postgres.setup;
message = '' message = ''
Unable to automatically activate the admin-user if no local DB-managed for Unable to automatically activate the admin-user if no locally DB-managed for
postgres (`services.plausible.database.postgres.setup') is enabled! postgres (`services.plausible.database.postgres.setup') is enabled!
''; '';
} }
@ -181,10 +179,13 @@ in {
plausible = { plausible = {
inherit (pkgs.plausible.meta) description; inherit (pkgs.plausible.meta) description;
documentation = [ "https://plausible.io/docs/self-hosting" ]; documentation = [ "https://plausible.io/docs/self-hosting" ];
wantedBy = [ "multi-user.target" ] wantedBy = [ "multi-user.target" ];
++ optional cfg.database.clickhouse.setup "clickhouse.service"
++ optional cfg.database.postgres.setup "postgresql.service";
after = optional cfg.database.postgres.setup "plausible-postgres.service"; after = optional cfg.database.postgres.setup "plausible-postgres.service";
requires = optional cfg.database.clickhouse.setup "clickhouse.service"
++ optionals cfg.database.postgres.setup [
"postgresql.service"
"plausible-postgres.service"
];
environment = { environment = {
# NixOS specific option to avoid that it's trying to write into its store-path. # NixOS specific option to avoid that it's trying to write into its store-path.
@ -196,6 +197,8 @@ in {
PORT = toString cfg.server.port; PORT = toString cfg.server.port;
DISABLE_REGISTRATION = boolToString cfg.server.disableRegistration; DISABLE_REGISTRATION = boolToString cfg.server.disableRegistration;
RELEASE_TMP = "/var/lib/plausible/tmp";
ADMIN_USER_NAME = cfg.adminUser.name; ADMIN_USER_NAME = cfg.adminUser.name;
ADMIN_USER_EMAIL = cfg.adminUser.email; ADMIN_USER_EMAIL = cfg.adminUser.email;
@ -210,8 +213,11 @@ in {
SMTP_HOST_PORT = toString cfg.mail.smtp.hostPort; SMTP_HOST_PORT = toString cfg.mail.smtp.hostPort;
SMTP_RETRIES = toString cfg.mail.smtp.retries; SMTP_RETRIES = toString cfg.mail.smtp.retries;
SMTP_HOST_SSL_ENABLED = boolToString cfg.mail.smtp.enableSSL; SMTP_HOST_SSL_ENABLED = boolToString cfg.mail.smtp.enableSSL;
${if cfg.mail.smtp.user != null then "SMTP_USER_NAME" else null} = cfg.mail.smtp.user;
}; SELFHOST = "true";
} // (optionalAttrs (cfg.mail.smtp.user != null) {
SMTP_USER_NAME = cfg.mail.smtp.user;
});
path = [ pkgs.plausible ] path = [ pkgs.plausible ]
++ optional cfg.database.postgres.setup config.services.postgresql.package; ++ optional cfg.database.postgres.setup config.services.postgresql.package;
@ -239,26 +245,23 @@ in {
}; };
} }
(mkIf cfg.database.postgres.setup { (mkIf cfg.database.postgres.setup {
# Unfortunately `plausible' requires super-user permissions in postgresql, so this # `plausible' requires the `citext'-extension.
# has to be done imperatively here.
plausible-postgres = { plausible-postgres = {
after = [ "postgresql.service" ]; after = [ "postgresql.service" ];
bindsTo = [ "postgresql.service" ]; bindsTo = [ "postgresql.service" ];
requiredBy = [ "plausible.service" ]; requiredBy = [ "plausible.service" ];
partOf = [ "plausible.service" ]; partOf = [ "plausible.service" ];
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
unitConfig.ConditionPathExists = "!/var/lib/plausible/.db-setup";
script = '' script = ''
if [ ! -e /var/lib/plausible/.db-setup ]; then mkdir -p /var/lib/plausible/
mkdir -p /var/lib/plausible/ PSQL() {
PSQL() { /run/wrappers/bin/sudo -Hu postgres ${config.services.postgresql.package}/bin/psql --port=5432 "$@"
/run/wrappers/bin/sudo -Hu postgres ${config.services.postgresql.package}/bin/psql --port=5432 "$@" }
} PSQL -tAc "CREATE ROLE plausible WITH LOGIN;"
PSQL -tAc "CREATE EXTENSION IF NOT EXISTS citext;" PSQL -tAc "CREATE DATABASE plausible WITH OWNER plausible;"
PSQL -tAc "CREATE ROLE plausible WITH LOGIN;" PSQL -d plausible -tAc "CREATE EXTENSION IF NOT EXISTS citext;"
PSQL -tAc "CREATE DATABASE plausible WITH OWNER plausible;" touch /var/lib/plausible/.db-setup
PSQL -tAc "ALTER USER plausible WITH SUPERUSER;"
touch /var/lib/plausible/.db-setup
fi
''; '';
}; };
}) })

2
nixos/modules/services/web-apps/plausible.xml
View file

@ -12,7 +12,7 @@
<title>Basic Usage</title> <title>Basic Usage</title>
<para> <para>
At first, a secret key is needed to be generated. This can be done with e.g. At first, a secret key is needed to be generated. This can be done with e.g.
<prompt>$ openssl rand -base64 64</prompt> <screen><prompt>$ </prompt>openssl rand -base64 64</screen>
</para> </para>
<para> <para>
After that, <package>plausible</package> can be deployed like this: After that, <package>plausible</package> can be deployed like this:

16
pkgs/servers/web-apps/plausible/default.nix
View file

@ -14,10 +14,12 @@ let
sha256 = "03lm1f29gwwixnhgjish5bhi3m73qyp71ns2sczdnwnbhrw61zps"; sha256 = "03lm1f29gwwixnhgjish5bhi3m73qyp71ns2sczdnwnbhrw61zps";
}; };
mixDeps = beamPackages.fetchMixDeps { # TODO consider using `mix2nix` as soon as it supports git dependencies.
mixFodDeps = beamPackages.fetchMixDeps {
pname = "${pname}-deps"; pname = "${pname}-deps";
inherit src version; inherit src version;
sha256 = "sha256-66zSdYmis3UnbdLkPi649RbPbMPI5gVeFlaMekOy5CQ="; sha256 = "sha256-pv/zXcku+ZgxV1804kIfDZN0jave2qG3rgZwm4yGA6I=";
patches = [ ./ecto_sql-fix.patch ];
}; };
yarnDeps = mkYarnModules { yarnDeps = mkYarnModules {
@ -28,15 +30,15 @@ let
yarnLock = ./yarn.lock; yarnLock = ./yarn.lock;
preBuild = '' preBuild = ''
mkdir -p tmp/deps mkdir -p tmp/deps
cp -r ${mixDeps}/phoenix tmp/deps/phoenix cp -r ${mixFodDeps}/phoenix tmp/deps/phoenix
cp -r ${mixDeps}/phoenix_html tmp/deps/phoenix_html cp -r ${mixFodDeps}/phoenix_html tmp/deps/phoenix_html
''; '';
postBuild = '' postBuild = ''
echo 'module.exports = {}' > $out/node_modules/flatpickr/dist/postcss.config.js echo 'module.exports = {}' > $out/node_modules/flatpickr/dist/postcss.config.js
''; '';
}; };
in beamPackages.mixRelease { in beamPackages.mixRelease {
inherit pname version src mixDeps; inherit pname version src mixFodDeps;
nativeBuildInputs = [ nodejs ]; nativeBuildInputs = [ nodejs ];
@ -47,6 +49,10 @@ in beamPackages.mixRelease {
url = "https://github.com/Ma27/analytics/commit/f2ee5892a6c3e1a861d69ed30cac43e05e9cd36f.patch"; url = "https://github.com/Ma27/analytics/commit/f2ee5892a6c3e1a861d69ed30cac43e05e9cd36f.patch";
sha256 = "sha256-JvJ7xlGw+tHtWje+jiQChVC4KTyqqdq2q+MIcOv/k1o="; sha256 = "sha256-JvJ7xlGw+tHtWje+jiQChVC4KTyqqdq2q+MIcOv/k1o=";
}) })
# CREATE EXTENSION requires super-user privileges. To avoid that, we just skip
# the responsible SQL statement here and take care of it in the module.
./skip-create-ext.patch
]; ];
passthru = { passthru = {

13
pkgs/servers/web-apps/plausible/ecto_sql-fix.patch Normal file
View file

@ -0,0 +1,13 @@
diff --git a/mix.exs b/mix.exs
index f6e3b9a..67687d1 100644
--- a/mix.exs
+++ b/mix.exs
@@ -52,7 +52,7 @@ defmodule Plausible.MixProject do
[
{:bcrypt_elixir, "~> 2.0"},
{:cors_plug, "~> 1.5"},
- {:ecto_sql, "~> 3.0"},
+ {:ecto_sql, "~> 3.6"},
{:elixir_uuid, "~> 1.2"},
{:gettext, "~> 0.11"},
{:jason, "~> 1.0"},

16
pkgs/servers/web-apps/plausible/skip-create-ext.patch Normal file
View file

@ -0,0 +1,16 @@
diff --git a/priv/repo/migrations/20190430140411_use_citext_for_email.exs b/priv/repo/migrations/20190430140411_use_citext_for_email.exs
index ecb6f80..f3bf12f 100644
--- a/priv/repo/migrations/20190430140411_use_citext_for_email.exs
+++ b/priv/repo/migrations/20190430140411_use_citext_for_email.exs
@@ -2,10 +2,6 @@ defmodule Plausible.Repo.Migrations.UseCitextForEmail do
use Ecto.Migration
def change do
- execute "CREATE EXTENSION IF NOT EXISTS citext;"
-
- alter table(:users) do
- modify :email, :citext, null: false
- end
+ execute "ALTER TABLE users ALTER COLUMN email TYPE citext;"
end
end

8
pkgs/servers/web-apps/plausible/update.sh
View file

@ -45,17 +45,17 @@ fake_hash="$(nix-instantiate --eval -A lib.fakeSha256 | xargs echo)"
sed -i "$dir/default.nix" \ sed -i "$dir/default.nix" \
-e 's,version = ".*",version = "'"$nix_version"'",' \ -e 's,version = ".*",version = "'"$nix_version"'",' \
-e '/^ src = fetchFromGitHub/,+4{;s/sha256 = "\(.*\)"/sha256 = "'"$tarball_hash"'"/}' \ -e '/^ src = fetchFromGitHub/,+4{;s/sha256 = "\(.*\)"/sha256 = "'"$tarball_hash"'"/}' \
-e '/^ mixDeps =/,+3{;s/sha256 = "\(.*\)"/sha256 = "'"$fake_hash"'"/}' -e '/^ mixFodDeps =/,+3{;s/sha256 = "\(.*\)"/sha256 = "'"$fake_hash"'"/}'
mix_hash="$(nix-build -A plausible.mixDeps 2>&1 | tail -n3 | grep 'got:' | cut -d: -f2- | xargs echo)" mix_hash="$(nix-build -A plausible.mixFodDeps 2>&1 | tail -n3 | grep 'got:' | cut -d: -f2- | xargs echo)"
sed -i "$dir/default.nix" -e '/^ mixDeps =/,+3{;s/sha256 = "\(.*\)"/sha256 = "'"$mix_hash"'"/}' sed -i "$dir/default.nix" -e '/^ mixFodDeps =/,+3{;s/sha256 = "\(.*\)"/sha256 = "'"$mix_hash"'"/}'
tmp_setup_dir="$(mktemp -d)" tmp_setup_dir="$(mktemp -d)"
trap "rm -rf $tmp_setup_dir" EXIT trap "rm -rf $tmp_setup_dir" EXIT
cp -r $tarball_path/* $tmp_setup_dir/ cp -r $tarball_path/* $tmp_setup_dir/
cp -r "$(nix-build -A plausible.mixDeps)" "$tmp_setup_dir/deps" cp -r "$(nix-build -A plausible.mixFodDeps)" "$tmp_setup_dir/deps"
chmod -R a+rwx "$tmp_setup_dir" chmod -R a+rwx "$tmp_setup_dir"
pushd $tmp_setup_dir/assets pushd $tmp_setup_dir/assets