movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-13 13:40:28 +03:00
Code Activity

nixos/pump.io: remove

Browse source 
This would probably be better maintained in a separate repo as an
external NixOS module which gets imported into user's configuration.
This commit is contained in:
Rodney Lorrimar 2018-02-24 08:44:27 +00:00
parent 4d7c21c35b
commit 21dcead5f0
No known key found for this signature in database
GPG key ID: E8E4A1E57778A1B6
12 changed files with 1 additions and 5557 deletions
Download patch file Download diff file Expand all files Collapse all files

23
nixos/modules/services/web-apps/pump.io-configure.js
View file

@ -1,23 +0,0 @@
var fs = require('fs');
var opts = JSON.parse(fs.readFileSync("/dev/stdin").toString());
var config = opts.config;
var readSecret = function(filename) {
return fs.readFileSync(filename).toString().trim();
};
if (opts.secretFile) {
config.secret = readSecret(opts.secretFile);
}
if (opts.dbPasswordFile) {
config.params.dbpass = readSecret(opts.dbPasswordFile);
}
if (opts.smtpPasswordFile) {
config.smtppass = readSecret(opts.smtpPasswordFile);
}
if (opts.spamClientSecretFile) {
config.spamclientsecret = readSecret(opts.opts.spamClientSecretFile);
}
fs.writeFileSync(opts.outputFile, JSON.stringify(config));

438
nixos/modules/services/web-apps/pump.io.nix
View file

@ -1,438 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.pumpio;
dataDir = "/var/lib/pump.io";
runDir = "/run/pump.io";
user = "pumpio";
optionalSet = condition: value: if condition then value else {};
configScript = ./pump.io-configure.js;
configOptions = {
outputFile = "${runDir}/config.json";
config =
(optionalSet (cfg.driver != "disk") {
driver = cfg.driver;
}) //
{
params = (optionalSet (cfg.driver == "disk") { dir = dataDir; }) //
(optionalSet (cfg.driver == "mongodb" || cfg.driver == "redis") {
host = cfg.dbHost;
port = cfg.dbPort;
dbname = cfg.dbName;
dbuser = cfg.dbUser;
dbpass = cfg.dbPassword;
}) //
(optionalSet (cfg.driver == "memcached") {
host = cfg.dbHost;
port = cfg.dbPort;
}) // cfg.driverParams;
secret = cfg.secret;
address = cfg.address;
port = cfg.port;
noweb = false;
urlPort = cfg.urlPort;
hostname = cfg.hostname;
favicon = cfg.favicon;
site = cfg.site;
owner = cfg.owner;
ownerURL = cfg.ownerURL;
key = cfg.sslKey;
cert = cfg.sslCert;
bounce = false;
spamhost = cfg.spamHost;
spamclientid = cfg.spamClientId;
spamclientsecret = cfg.spamClientSecret;
requireEmail = cfg.requireEmail;
smtpserver = cfg.smtpHost;
smtpport = cfg.smtpPort;
smtpuser = cfg.smtpUser;
smtppass = cfg.smtpPassword;
smtpusessl = cfg.smtpUseSSL;
smtpfrom = cfg.smtpFrom;
nologger = false;
enableUploads = cfg.enableUploads;
datadir = dataDir;
debugClient = false;
firehose = cfg.firehose;
disableRegistration = cfg.disableRegistration;
inherit (cfg) secretFile dbPasswordFile smtpPasswordFile spamClientSecretFile;
} //
(optionalSet (cfg.port < 1024) {
serverUser = user; # have pump.io listen then drop privileges
}) // cfg.extraConfig;
}; in {
options = {
services.pumpio = {
enable = mkEnableOption "Pump.io social streams server";
secret = mkOption {
type = types.nullOr types.str;
default = null;
example = "my dog has fleas";
description = ''
A session-generating secret, server-wide password. Warning:
this is stored in cleartext in the Nix store!
'';
};
secretFile = mkOption {
type = types.nullOr types.path;
default = null;
example = "/run/keys/pump.io-secret";
description = ''
A file containing the session-generating secret,
server-wide password.
'';
};
site = mkOption {
type = types.str;
example = "Awesome Sauce";
description = "Name of the server";
};
owner = mkOption {
type = types.str;
default = "";
example = "Awesome Inc.";
description = "Name of owning entity, if you want to link to it.";
};
ownerURL = mkOption {
type = types.str;
default = "";
example = "https://pump.io";
description = "URL of owning entity, if you want to link to it.";
};
address = mkOption {
type = types.str;
default = "localhost";
description = ''
Web server listen address.
'';
};
port = mkOption {
type = types.int;
default = 31337;
description = ''
Port to listen on. Defaults to 31337, which is suitable for
running behind a reverse proxy. For a standalone server,
use 443.
'';
};
hostname = mkOption {
type = types.nullOr types.str;
default = "localhost";
description = ''
The hostname of the server, used for generating
URLs. Defaults to "localhost" which doesn't do much for you.
'';
};
urlPort = mkOption {
type = types.int;
default = 443;
description = ''
Port to use for generating URLs. This basically has to be
either 80 or 443 because the host-meta and Webfinger
protocols don't make any provision for HTTP/HTTPS servers
running on other ports.
'';
};
favicon = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
Local filesystem path to the favicon.ico file to use. This
will be served as "/favicon.ico" by the server.
'';
};
enableUploads = mkOption {
type = types.bool;
default = true;
description = ''
If you want to disable file uploads, set this to false. Uploaded files will be stored
in ${dataDir}/uploads.
'';
};
sslKey = mkOption {
type = types.path;
example = "${dataDir}/myserver.key";
default = "";
description = ''
The path to the server certificate private key. The
certificate is required, but it can be self-signed.
'';
};
sslCert = mkOption {
type = types.path;
example = "${dataDir}/myserver.crt";
default = "";
description = ''
The path to the server certificate. The certificate is
required, but it can be self-signed.
'';
};
firehose = mkOption {
type = types.str;
default = "ofirehose.com";
description = ''
Firehose host running the ofirehose software. Defaults to
"ofirehose.com". Public notices will be ping this firehose
server and from there go out to search engines and the
world. If you want to disconnect from the public web, set
this to something falsy.
'';
};
disableRegistration = mkOption {
type = types.bool;
default = false;
description = ''
Disables registering new users on the site through the Web
or the API.
'';
};
requireEmail = mkOption {
type = types.bool;
default = false;
description = "Require an e-mail address to register.";
};
extraConfig = mkOption {
default = { };
description = ''
Extra configuration options which are serialized to json and added
to the pump.io.json config file.
'';
};
driver = mkOption {
type = types.enum [ "mongodb" "disk" "lrucache" "memcached" "redis" ];
default = "mongodb";
description = "Type of database. Corresponds to a nodejs databank driver.";
};
driverParams = mkOption {
default = { };
description = "Extra parameters for the driver.";
};
dbHost = mkOption {
type = types.str;
default = "localhost";
description = "The database host to connect to.";
};
dbPort = mkOption {
type = types.int;
default = 27017;
description = "The port that the database is listening on.";
};
dbName = mkOption {
type = types.str;
default = "pumpio";
description = "The name of the database to use.";
};
dbUser = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
The username. Defaults to null, meaning no authentication.
'';
};
dbPassword = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
The password corresponding to dbUser. Warning: this is
stored in cleartext in the Nix store!
'';
};
dbPasswordFile = mkOption {
type = types.nullOr types.path;
default = null;
example = "/run/keys/pump.io-dbpassword";
description = ''
A file containing the password corresponding to dbUser.
'';
};
smtpHost = mkOption {
type = types.nullOr types.str;
default = null;
example = "localhost";
description = ''
Server to use for sending transactional email. If it's not
set up, no email is sent and features like password recovery
and email notification won't work.
'';
};
smtpPort = mkOption {
type = types.int;
default = 25;
description = ''
Port to connect to on SMTP server.
'';
};
smtpUser = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Username to use to connect to SMTP server. Might not be
necessary for some servers.
'';
};
smtpPassword = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Password to use to connect to SMTP server. Might not be
necessary for some servers. Warning: this is stored in
cleartext in the Nix store!
'';
};
smtpPasswordFile = mkOption {
type = types.nullOr types.path;
default = null;
example = "/run/keys/pump.io-smtppassword";
description = ''
A file containing the password used to connect to SMTP
server. Might not be necessary for some servers.
'';
};
smtpUseSSL = mkOption {
type = types.bool;
default = false;
description = ''
Only use SSL with the SMTP server. By default, a SSL
connection is negotiated using TLS. You may need to change
the smtpPort value if you set this.
'';
};
smtpFrom = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Email address to use in the "From:" header of outgoing
notifications. Defaults to 'no-reply@' plus the site
hostname.
'';
};
spamHost = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Host running activityspam software to use to test updates
for spam.
'';
};
spamClientId = mkOption {
type = types.nullOr types.str;
default = null;
description = "OAuth pair for spam server.";
};
spamClientSecret = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
OAuth pair for spam server. Warning: this is
stored in cleartext in the Nix store!
'';
};
spamClientSecretFile = mkOption {
type = types.nullOr types.path;
default = null;
example = "/run/keys/pump.io-spamclientsecret";
description = ''
A file containing the OAuth key for the spam server.
'';
};
};
};
config = mkIf cfg.enable {
warnings = let warn = k: optional (cfg.${k} != null)
"config.services.pumpio.${k} is insecure. Use ${k}File instead.";
in concatMap warn [ "secret" "dbPassword" "smtpPassword" "spamClientSecret" ];
assertions = [
{ assertion = !(isNull cfg.secret && isNull cfg.secretFile);
message = "pump.io needs a secretFile configured";
}
];
systemd.services."pump.io" =
{ description = "Pump.io - stream server that does most of what people really want from a social network";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
preStart = ''
mkdir -p ${dataDir}/uploads
mkdir -p ${runDir}
chown pumpio:pumpio ${dataDir}/uploads ${runDir}
chmod 770 ${dataDir}/uploads ${runDir}
${pkgs.nodejs}/bin/node ${configScript} <<EOF
${builtins.toJSON configOptions}
EOF
chgrp pumpio ${configOptions.outputFile}
chmod 640 ${configOptions.outputFile}
'';
serviceConfig = {
ExecStart = "${pkgs.pumpio}/bin/pump -c ${configOptions.outputFile}";
PermissionsStartOnly = true;
User = if cfg.port < 1024 then "root" else user;
Group = user;
};
environment = { NODE_ENV = "production"; };
};
users.extraGroups.pumpio.gid = config.ids.gids.pumpio;
users.extraUsers.pumpio = {
group = "pumpio";
uid = config.ids.uids.pumpio;
description = "Pump.io user";
home = dataDir;
createHome = true;
};
};
}