commit 07183914f1edda52c198f9ab9265ee74f116d467 · pyrox.dev/nixpkgs

nixos/doc/manual/release-notes/rl-2405.section.md

···

       16
       16
        
       

     

       17
       17
        
       - [maubot](https://github.com/maubot/maubot), a plugin-based Matrix bot framework. Available as [services.maubot](#opt-services.maubot.enable).

     

       18
       18
        
       

     

       19
       19
       +
       - [Anki Sync Server](https://docs.ankiweb.net/sync-server.html), the official sync server built into recent versions of Anki. Available as [services.anki-sync-server](#opt-services.anki-sync-server.enable).

     

       20
       20
       +
       

     

       19
       21
        
       ## Backward Incompatibilities {#sec-release-24.05-incompatibilities}

     

       20
       22
        
       

     

       21
       23
        
       <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->

nixos/modules/module-list.nix

···

       637
       637
        
         ./services/misc/amazon-ssm-agent.nix

     

       638
       638
        
         ./services/misc/ananicy.nix

     

       639
       639
        
         ./services/misc/ankisyncd.nix

     

       640
       640
       +
         ./services/misc/anki-sync-server.nix

     

       640
       641
        
         ./services/misc/apache-kafka.nix

     

       641
       642
        
         ./services/misc/atuin.nix

     

       642
       643
        
         ./services/misc/autofs.nix

+68

nixos/modules/services/misc/anki-sync-server.md

···

       1
       1
       +
       # Anki Sync Server {#module-services-anki-sync-server}

     

       2
       2
       +
       

     

       3
       3
       +
       [Anki Sync Server](https://docs.ankiweb.net/sync-server.html) is the built-in

     

       4
       4
       +
       sync server, present in recent versions of Anki. Advanced users who cannot or

     

       5
       5
       +
       do not wish to use AnkiWeb can use this sync server instead of AnkiWeb.

     

       6
       6
       +
       

     

       7
       7
       +
       This module is compatible only with Anki versions >=2.1.66, due to [recent

     

       8
       8
       +
       enhancements to the Nix anki

     

       9
       9
       +
       package](https://github.com/NixOS/nixpkgs/commit/05727304f8815825565c944d012f20a9a096838a).

     

       10
       10
       +
       

     

       11
       11
       +
       ## Basic Usage {#module-services-anki-sync-server-basic-usage}

     

       12
       12
       +
       

     

       13
       13
       +
       By default, the module creates a

     

       14
       14
       +
       [`systemd`](https://www.freedesktop.org/wiki/Software/systemd/)

     

       15
       15
       +
       unit which runs the sync server with an isolated user using the systemd

     

       16
       16
       +
       `DynamicUser` option.

     

       17
       17
       +
       

     

       18
       18
       +
       This can be done by enabling the `anki-sync-server` service:

     

       19
       19
       +
       ```

     

       20
       20
       +
       { ... }:

     

       21
       21
       +
       

     

       22
       22
       +
       {

     

       23
       23
       +
         services.anki-sync-server.enable = true;

     

       24
       24
       +
       }

     

       25
       25
       +
       ```

     

       26
       26
       +
       

     

       27
       27
       +
       It is necessary to set at least one username-password pair under

     

       28
       28
       +
       {option}`services.anki-sync-server.users`. For example

     

       29
       29
       +
       

     

       30
       30
       +
       ```

     

       31
       31
       +
       {

     

       32
       32
       +
         services.anki-sync-server.users = [

     

       33
       33
       +
           {

     

       34
       34
       +
             username = "user";

     

       35
       35
       +
             passwordFile = /etc/anki-sync-server/user;

     

       36
       36
       +
           }

     

       37
       37
       +
         ];

     

       38
       38
       +
       }

     

       39
       39
       +
       ```

     

       40
       40
       +
       

     

       41
       41
       +
       Here, `passwordFile` is the path to a file containing just the password in

     

       42
       42
       +
       plaintext. Make sure to set permissions to make this file unreadable to any

     

       43
       43
       +
       user besides root.

     

       44
       44
       +
       

     

       45
       45
       +
       By default, the server listen address {option}`services.anki-sync-server.host`

     

       46
       46
       +
       is set to localhost, listening on port

     

       47
       47
       +
       {option}`services.anki-sync-server.port`, and does not open the firewall. This

     

       48
       48
       +
       is suitable for purely local testing, or to be used behind a reverse proxy. If

     

       49
       49
       +
       you want to expose the sync server directly to other computers (not recommended

     

       50
       50
       +
       in most circumstances, because the sync server doesn't use HTTPS), then set the

     

       51
       51
       +
       following options:

     

       52
       52
       +
       

     

       53
       53
       +
       ```

     

       54
       54
       +
       {

     

       55
       55
       +
         services.anki-sync-server.host = "0.0.0.0";

     

       56
       56
       +
         services.anki-sync-server.openFirewall = true;

     

       57
       57
       +
       }

     

       58
       58
       +
       ```

     

       59
       59
       +
       

     

       60
       60
       +
       

     

       61
       61
       +
       ## Alternatives {#module-services-anki-sync-server-alternatives}

     

       62
       62
       +
       

     

       63
       63
       +
       The [`ankisyncd` NixOS

     

       64
       64
       +
       module](https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/misc/ankisyncd.nix)

     

       65
       65
       +
       provides similar functionality, but using a third-party implementation,

     

       66
       66
       +
       [`anki-sync-server-rs`](https://github.com/ankicommunity/anki-sync-server-rs/).

     

       67
       67
       +
       According to that project's README, it is "no longer maintained", and not

     

       68
       68
       +
       recommended for Anki 2.1.64+.

+140

nixos/modules/services/misc/anki-sync-server.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         config,

     

       3
       3
       +
         lib,

     

       4
       4
       +
         pkgs,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }:

     

       7
       7
       +
       with lib; let

     

       8
       8
       +
         cfg = config.services.anki-sync-server;

     

       9
       9
       +
         name = "anki-sync-server";

     

       10
       10
       +
         specEscape = replaceStrings ["%"] ["%%"];

     

       11
       11
       +
         usersWithIndexes =

     

       12
       12
       +
           lists.imap1 (i: user: {

     

       13
       13
       +
             i = i;

     

       14
       14
       +
             user = user;

     

       15
       15
       +
           })

     

       16
       16
       +
           cfg.users;

     

       17
       17
       +
         usersWithIndexesFile = filter (x: x.user.passwordFile != null) usersWithIndexes;

     

       18
       18
       +
         usersWithIndexesNoFile = filter (x: x.user.passwordFile == null && x.user.password != null) usersWithIndexes;

     

       19
       19
       +
         anki-sync-server-run = pkgs.writeShellScriptBin "anki-sync-server-run" ''

     

       20
       20
       +
           # When services.anki-sync-server.users.passwordFile is set,

     

       21
       21
       +
           # each password file is passed as a systemd credential, which is mounted in

     

       22
       22
       +
           # a file system exposed to the service. Here we read the passwords from

     

       23
       23
       +
           # the credential files to pass them as environment variables to the Anki

     

       24
       24
       +
           # sync server.

     

       25
       25
       +
           ${

     

       26
       26
       +
             concatMapStringsSep

     

       27
       27
       +
             "\n"

     

       28
       28
       +
             (x: ''export SYNC_USER${toString x.i}=${escapeShellArg x.user.username}:"''$(cat "''${CREDENTIALS_DIRECTORY}/"${escapeShellArg x.user.username})"'')

     

       29
       29
       +
             usersWithIndexesFile

     

       30
       30
       +
           }

     

       31
       31
       +
           # For users where services.anki-sync-server.users.password isn't set,

     

       32
       32
       +
           # export passwords in environment variables in plaintext.

     

       33
       33
       +
           ${

     

       34
       34
       +
             concatMapStringsSep

     

       35
       35
       +
             "\n"

     

       36
       36
       +
             (x: ''export SYNC_USER${toString x.i}=${escapeShellArg x.user.username}:${escapeShellArg x.user.password}'')

     

       37
       37
       +
             usersWithIndexesNoFile

     

       38
       38
       +
           }

     

       39
       39
       +
           exec ${cfg.package}/bin/anki-sync-server

     

       40
       40
       +
         '';

     

       41
       41
       +
       in {

     

       42
       42
       +
         options.services.anki-sync-server = {

     

       43
       43
       +
           enable = mkEnableOption "anki-sync-server";

     

       44
       44
       +
       

     

       45
       45
       +
           package = mkPackageOption pkgs "anki-sync-server" { };

     

       46
       46
       +
       

     

       47
       47
       +
           address = mkOption {

     

       48
       48
       +
             type = types.str;

     

       49
       49
       +
             default = "::1";

     

       50
       50
       +
             description = ''

     

       51
       51
       +
               IP address anki-sync-server listens to.

     

       52
       52
       +
               Note host names are not resolved.

     

       53
       53
       +
             '';

     

       54
       54
       +
           };

     

       55
       55
       +
       

     

       56
       56
       +
           port = mkOption {

     

       57
       57
       +
             type = types.port;

     

       58
       58
       +
             default = 27701;

     

       59
       59
       +
             description = "Port number anki-sync-server listens to.";

     

       60
       60
       +
           };

     

       61
       61
       +
       

     

       62
       62
       +
           openFirewall = mkOption {

     

       63
       63
       +
             default = false;

     

       64
       64
       +
             type = types.bool;

     

       65
       65
       +
             description = "Whether to open the firewall for the specified port.";

     

       66
       66
       +
           };

     

       67
       67
       +
       

     

       68
       68
       +
           users = mkOption {

     

       69
       69
       +
             type = with types;

     

       70
       70
       +
               listOf (submodule {

     

       71
       71
       +
                 options = {

     

       72
       72
       +
                   username = mkOption {

     

       73
       73
       +
                     type = str;

     

       74
       74
       +
                     description = "User name accepted by anki-sync-server.";

     

       75
       75
       +
                   };

     

       76
       76
       +
                   password = mkOption {

     

       77
       77
       +
                     type = nullOr str;

     

       78
       78
       +
                     default = null;

     

       79
       79
       +
                     description = ''

     

       80
       80
       +
                       Password accepted by anki-sync-server for the associated username.

     

       81
       81
       +
                       **WARNING**: This option is **not secure**. This password will

     

       82
       82
       +
                       be stored in *plaintext* and will be visible to *all users*.

     

       83
       83
       +
                       See {option}`services.anki-sync-server.users.passwordFile` for

     

       84
       84
       +
                       a more secure option.

     

       85
       85
       +
                     '';

     

       86
       86
       +
                   };

     

       87
       87
       +
                   passwordFile = mkOption {

     

       88
       88
       +
                     type = nullOr path;

     

       89
       89
       +
                     default = null;

     

       90
       90
       +
                     description = ''

     

       91
       91
       +
                       File containing the password accepted by anki-sync-server for

     

       92
       92
       +
                       the associated username.  Make sure to make readable only by

     

       93
       93
       +
                       root.

     

       94
       94
       +
                     '';

     

       95
       95
       +
                   };

     

       96
       96
       +
                 };

     

       97
       97
       +
               });

     

       98
       98
       +
             description = "List of user-password pairs to provide to the sync server.";

     

       99
       99
       +
           };

     

       100
       100
       +
         };

     

       101
       101
       +
       

     

       102
       102
       +
         config = mkIf cfg.enable {

     

       103
       103
       +
           assertions = [

     

       104
       104
       +
             {

     

       105
       105
       +
               assertion = (builtins.length usersWithIndexesFile) + (builtins.length usersWithIndexesNoFile) > 0;

     

       106
       106
       +
               message = "At least one username-password pair must be set.";

     

       107
       107
       +
             }

     

       108
       108
       +
           ];

     

       109
       109
       +
           networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [cfg.port];

     

       110
       110
       +
       

     

       111
       111
       +
           systemd.services.anki-sync-server = {

     

       112
       112
       +
             description = "anki-sync-server: Anki sync server built into Anki";

     

       113
       113
       +
             after = ["network.target"];

     

       114
       114
       +
             wantedBy = ["multi-user.target"];

     

       115
       115
       +
             path = [cfg.package];

     

       116
       116
       +
             environment = {

     

       117
       117
       +
               SYNC_BASE = "%S/%N";

     

       118
       118
       +
               SYNC_HOST = specEscape cfg.address;

     

       119
       119
       +
               SYNC_PORT = toString cfg.port;

     

       120
       120
       +
             };

     

       121
       121
       +
       

     

       122
       122
       +
             serviceConfig = {

     

       123
       123
       +
               Type = "simple";

     

       124
       124
       +
               DynamicUser = true;

     

       125
       125
       +
               StateDirectory = name;

     

       126
       126
       +
               ExecStart = "${anki-sync-server-run}/bin/anki-sync-server-run";

     

       127
       127
       +
               Restart = "always";

     

       128
       128
       +
               LoadCredential =

     

       129
       129
       +
                 map

     

       130
       130
       +
                 (x: "${specEscape x.user.username}:${specEscape (toString x.user.passwordFile)}")

     

       131
       131
       +
                 usersWithIndexesFile;

     

       132
       132
       +
             };

     

       133
       133
       +
           };

     

       134
       134
       +
         };

     

       135
       135
       +
       

     

       136
       136
       +
         meta = {

     

       137
       137
       +
           maintainers = with maintainers; [telotortium];

     

       138
       138
       +
           doc = ./anki-sync-server.md;

     

       139
       139
       +
         };

     

       140
       140
       +
       }

nixos/tests/all-tests.nix

···

       120
       120
        
         amazon-ssm-agent = handleTest ./amazon-ssm-agent.nix {};

     

       121
       121
        
         amd-sev = runTest ./amd-sev.nix;

     

       122
       122
        
         anbox = runTest ./anbox.nix;

     

       123
       123
       +
         anki-sync-server = handleTest ./anki-sync-server.nix {};

     

       123
       124
        
         anuko-time-tracker = handleTest ./anuko-time-tracker.nix {};

     

       124
       125
        
         apcupsd = handleTest ./apcupsd.nix {};

     

       125
       126
        
         apfs = runTest ./apfs.nix;

+71

nixos/tests/anki-sync-server.nix

···

       1
       1
       +
       import ./make-test-python.nix ({ pkgs, ... }:

     

       2
       2
       +
         let

     

       3
       3
       +
           ankiSyncTest = pkgs.writeScript "anki-sync-test.py" ''

     

       4
       4
       +
             #!${pkgs.python3}/bin/python

     

       5
       5
       +
       

     

       6
       6
       +
             import sys

     

       7
       7
       +
       

     

       8
       8
       +
             # get site paths from anki itself

     

       9
       9
       +
             from runpy import run_path

     

       10
       10
       +
             run_path("${pkgs.anki}/bin/.anki-wrapped")

     

       11
       11
       +
             import anki

     

       12
       12
       +
       

     

       13
       13
       +
             col = anki.collection.Collection('test_collection')

     

       14
       14
       +
             endpoint = 'http://localhost:27701'

     

       15
       15
       +
       

     

       16
       16
       +
             # Sanity check: verify bad login fails

     

       17
       17
       +
             try:

     

       18
       18
       +
                col.sync_login('baduser', 'badpass', endpoint)

     

       19
       19
       +
                print("bad user login worked?!")

     

       20
       20
       +
                sys.exit(1)

     

       21
       21
       +
             except anki.errors.SyncError:

     

       22
       22
       +
                 pass

     

       23
       23
       +
       

     

       24
       24
       +
             # test logging in to users

     

       25
       25
       +
             col.sync_login('user', 'password', endpoint)

     

       26
       26
       +
             col.sync_login('passfileuser', 'passfilepassword', endpoint)

     

       27
       27
       +
       

     

       28
       28
       +
             # Test actual sync. login apparently doesn't remember the endpoint...

     

       29
       29
       +
             login = col.sync_login('user', 'password', endpoint)

     

       30
       30
       +
             login.endpoint = endpoint

     

       31
       31
       +
             sync = col.sync_collection(login, False)

     

       32
       32
       +
             assert sync.required == sync.NO_CHANGES

     

       33
       33
       +
             # TODO: create an archive with server content including a test card

     

       34
       34
       +
             # and check we got it?

     

       35
       35
       +
           '';

     

       36
       36
       +
           testPasswordFile = pkgs.writeText "anki-password" "passfilepassword";

     

       37
       37
       +
         in

     

       38
       38
       +
         {

     

       39
       39
       +
         name = "anki-sync-server";

     

       40
       40
       +
         meta = with pkgs.lib.maintainers; {

     

       41
       41
       +
           maintainers = [ martinetd ];

     

       42
       42
       +
         };

     

       43
       43
       +
       

     

       44
       44
       +
         nodes.machine = { pkgs, ...}: {

     

       45
       45
       +
           services.anki-sync-server = {

     

       46
       46
       +
             enable = true;

     

       47
       47
       +
             users = [

     

       48
       48
       +
               { username = "user";

     

       49
       49
       +
                 password = "password";

     

       50
       50
       +
               }

     

       51
       51
       +
               { username = "passfileuser";

     

       52
       52
       +
                 passwordFile = testPasswordFile;

     

       53
       53
       +
               }

     

       54
       54
       +
             ];

     

       55
       55
       +
           };

     

       56
       56
       +
         };

     

       57
       57
       +
       

     

       58
       58
       +
       

     

       59
       59
       +
         testScript =

     

       60
       60
       +
           ''

     

       61
       61
       +
             start_all()

     

       62
       62
       +
       

     

       63
       63
       +
             with subtest("Server starts successfully"):

     

       64
       64
       +
                 # service won't start without users

     

       65
       65
       +
                 machine.wait_for_unit("anki-sync-server.service")

     

       66
       66
       +
                 machine.wait_for_open_port(27701)

     

       67
       67
       +
       

     

       68
       68
       +
             with subtest("Can sync"):

     

       69
       69
       +
                 machine.succeed("${ankiSyncTest}")

     

       70
       70
       +
           '';

     

       71
       71
       +
       })

pkgs/games/anki/default.nix

···

       9
       9
        
       , lame

     

       10
       10
        
       , mpv-unwrapped

     

       11
       11
        
       , ninja

     

       12
       12
       +
       , nixosTests

     

       12
       13
        
       , nodejs

     

       13
       14
        
       , nodejs-slim

     

       14
       15
        
       , prefetch-yarn-deps

     
···

       270
       271
        
         passthru = {

     

       271
       272
        
           # cargoLock is reused in anki-sync-server

     

       272
       273
        
           inherit cargoLock;

     

       274
       274
       +
           tests.anki-sync-server = nixosTests.anki-sync-server;

     

       273
       275
        
         };

     

       274
       276
        
       

     

       275
       277
        
         meta = with lib; {