movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-11 12:15:34 +03:00
Code Issues Projects Releases Packages Wiki Activity

nixos/gotenberg: Add new settings for 8.10.0+ versions

Browse source 
Also fixes some issues that were reported.
This commit is contained in:
dish 2024-11-10 17:50:44 -05:00 committed by Sandro Jäckel
parent 348d126d2c
commit 31aedcfbee
No known key found for this signature in database
GPG key ID: 3AF5A43A3EECC2E5
2 changed files with 123 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

3
nixos/doc/manual/release-notes/rl-2505.section.md
View file

@ -258,6 +258,9 @@
- `services.paperless` now installs `paperless-manage` as a normal system package instead of creating a symlink in `/var/lib/paperless`.
`paperless-manage` now also changes to the appropriate user when being executed.
- The `gotenberg` package has been updated to 8.16.0, which brings breaking changes to the configuration from version 8.13.0. See the [upstream release notes](https://github.com/gotenberg/gotenberg/releases/tag/v8.13.0)
for that release to get all the details. The `services.gotenberg` module has been updated appropriately to ensure your configuration is valid with this new release.
- `asusd` has been upgraded to version 6 which supports multiple aura devices. To account for this, the single `auraConfig` configuration option has been replaced with `auraConfigs` which is an attribute set of config options per each device. The config files may also be now specified as either source files or text strings; to account for this you will need to specify that `text` is used for your existing configs, e.g.:
```diff
-services.asusd.asusdConfig = '''file contents'''

142
nixos/modules/services/misc/gotenberg.nix
View file

@ -16,14 +16,26 @@ let
"--chromium-max-queue-size=${toString cfg.chromium.maxQueueSize}"
"--libreoffice-restart-after=${toString cfg.libreoffice.restartAfter}"
"--libreoffice-max-queue-size=${toString cfg.libreoffice.maxQueueSize}"
"--pdfengines-engines=${lib.concatStringsSep "," cfg.pdfEngines}"
"--pdfengines-merge-engines=${lib.concatStringsSep "," cfg.pdfEngines.merge}"
"--pdfengines-convert-engines=${lib.concatStringsSep "," cfg.pdfEngines.convert}"
"--pdfengines-read-metadata-engines=${lib.concatStringsSep "," cfg.pdfEngines.readMetadata}"
"--pdfengines-write-metadata-engines=${lib.concatStringsSep "," cfg.pdfEngines.writeMetadata}"
"--api-download-from-allow-list=${cfg.downloadFrom.allowList}"
"--api-download-from-max-retry=${toString cfg.downloadFrom.maxRetries}"
]
++ optional cfg.enableBasicAuth "--api-enable-basic-auth"
++ optional cfg.chromium.autoStart "--chromium-auto-start"
++ optional cfg.chromium.disableJavascript "--chromium-disable-javascript"
++ optional cfg.chromium.disableRoutes "--chromium-disable-routes"
++ optional cfg.libreoffice.autoStart "--libreoffice-auto-start"
++ optional cfg.libreoffice.disableRoutes "--libreoffice-disable-routes";
++ optional cfg.libreoffice.disableRoutes "--libreoffice-disable-routes"
++ optional cfg.pdfEngines.disableRoutes "--pdfengines-disable-routes"
++ optional (
cfg.downloadFrom.denyList != null
) "--api-download-from-deny-list=${cfg.downloadFrom.denyList}"
++ optional cfg.downloadFrom.disable "--api-disable-download-from"
++ optional (cfg.bodyLimit != null) "--api-body-limit=${cfg.bodyLimit}"
++ lib.optionals (cfg.extraArgs != [ ]) cfg.extraArgs;
inherit (lib)
mkEnableOption
@ -51,6 +63,12 @@ in
description = "Port on which the API should listen.";
};
bindIP = mkOption {
type = types.nullOr types.str;
default = "127.0.0.1";
description = "Port the API listener should bind to. Set to 0.0.0.0 to listen on all available IPs.";
};
timeout = mkOption {
type = types.nullOr types.str;
default = "30s";
@ -74,6 +92,12 @@ in
'';
};
bodyLimit = mkOption {
type = types.nullOr types.str;
default = null;
description = "Sets the max limit for `multipart/form-data` requests. Accepts values like '5M', '20G', etc.";
};
extraFontPackages = mkOption {
type = types.listOf types.package;
default = [ ];
@ -108,6 +132,29 @@ in
};
};
downloadFrom = {
allowList = mkOption {
type = types.nullOr types.str;
default = ".*";
description = "Allow these URLs to be used in the `downloadFrom` API field. Accepts a regular expression.";
};
denyList = mkOption {
type = types.nullOr types.str;
default = null;
description = "Deny accepting URLs from these domains in the `downloadFrom` API field. Accepts a regular expression.";
};
maxRetries = mkOption {
type = types.int;
default = 4;
description = "The maximum amount of times to retry downloading a file specified with `downloadFrom`.";
};
disable = mkOption {
type = types.bool;
default = false;
description = "Whether to disable the ability to download files for conversion from outside sources.";
};
};
libreoffice = {
package = mkPackageOption pkgs "libreoffice" { };
@ -136,28 +183,61 @@ in
};
};
pdfEngines = mkOption {
type = types.listOf (
types.enum [
"pdftk"
pdfEngines = {
merge = mkOption {
type = types.listOf (
types.enum [
"qpdf"
"pdfcpu"
"pdftk"
]
);
default = [
"qpdf"
"libreoffice-pdfengine"
"exiftool"
"pdfcpu"
]
);
default = [
"pdftk"
"qpdf"
"libreoffice-pdfengine"
"exiftool"
"pdfcpu"
];
description = ''
PDF engines to enable. Each one can be used to perform a specific task.
See [the documentation](https://gotenberg.dev/docs/configuration#pdf-engines) for more details.
Defaults to all possible PDF engines.
'';
"pdftk"
];
description = "PDF Engines to use for merging files.";
};
convert = mkOption {
type = types.listOf (
types.enum [
"libreoffice-pdfengine"
]
);
default = [
"libreoffice-pdfengine"
];
description = "PDF Engines to use for converting files.";
};
readMetadata = mkOption {
type = types.listOf (
types.enum [
"exiftool"
]
);
default = [
"exiftool"
];
description = "PDF Engines to use for reading metadata from files.";
};
writeMetadata = mkOption {
type = types.listOf (
types.enum [
"exiftool"
]
);
default = [
"exiftool"
];
description = "PDF Engines to use for writing metadata to files.";
};
disableRoutes = mkOption {
type = types.bool;
default = false;
description = "Disable routes related to PDF engines.";
};
};
logLevel = mkOption {
@ -196,6 +276,15 @@ in
See `services.gotenberg.enableBasicAuth` for the names of those variables.
'';
}
{
assertion = !(lib.isList cfg.pdfEngines);
message = ''
Setting `services.gotenberg.pdfEngines` to a list is now deprecated.
Use the new `pdfEngines.mergeEngines`, `pdfEngines.convertEngines`, `pdfEngines.readMetadataEngines`, and `pdfEngines.writeMetadataEngines` settings instead.
The previous option was using a method that is now deprecated by upstream.
'';
}
];
systemd.services.gotenberg = {
@ -209,12 +298,20 @@ in
FONTCONFIG_FILE = pkgs.makeFontsConf {
fontDirectories = [ pkgs.liberation_ttf_v2 ] ++ cfg.extraFontPackages;
};
# Needed for LibreOffice to work correctly.
# https://github.com/NixOS/nixpkgs/issues/349123#issuecomment-2418330936
HOME = "/run/gotenberg";
};
serviceConfig = {
Type = "simple";
DynamicUser = true;
ExecStart = "${lib.getExe cfg.package} ${lib.escapeShellArgs args}";
# Needed for LibreOffice to work correctly.
# See above issue comment.
WorkingDirectory = "/run/gotenberg";
RuntimeDirectory = "gotenberg";
# Hardening options
PrivateDevices = true;
PrivateIPC = true;
@ -243,6 +340,7 @@ in
SystemCallFilter = [
"@sandbox"
"@system-service"
"@chown"
];
SystemCallArchitectures = "native";