commit 32d2826f35a49b9decf7ef40f5904d7c6ee86ecb · pyrox.dev/nixpkgs

maintainers/maintainer-list.nix

···

       23443
        
           github = "thilobillerbeck";

     

       23444
        
           githubId = 7442383;

     

       23445
        
         };

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       23446
        
         thled = {

     

       23447
        
           name = "Thomas Le Duc";

     

       23448
        
           email = "dev@tleduc.de";

···

       23443
        
           github = "thilobillerbeck";

     

       23444
        
           githubId = 7442383;

     

       23445
        
         };

     

       23446
       +
         thiloho = {

     

       23447
       +
           name = "Thilo Hohlt";

     

       23448
       +
           email = "thilo.hohlt@tutanota.com";

     

       23449
       +
           github = "thiloho";

     

       23450
       +
           githubId = 123883702;

     

       23451
       +
         };

     

       23452
        
         thled = {

     

       23453
        
           name = "Thomas Le Duc";

     

       23454
        
           email = "dev@tleduc.de";

nixos/doc/manual/release-notes/rl-2505.section.md

···

       63
        
       

     

       64
        
       - [Bonsai](https://git.sr.ht/~stacyharper/bonsai), a general-purpose event mapper/state machine primarily used to create complex key shortcuts, and as part of the [SXMO](https://sxmo.org/) desktop environment. Available as [services.bonsaid](#opt-services.bonsaid.enable).

     

       65
        
       

     

       0
        
       
     

       0
        
       
     

       66
        
       - [scanservjs](https://github.com/sbs20/scanservjs/), a web UI for SANE scanners. Available at [services.scanservjs](#opt-services.scanservjs.enable).

     

       67
        
       

     

       68
        
       - [Kimai](https://www.kimai.org/), a web-based multi-user time-tracking application. Available as [services.kimai](options.html#opt-services.kimai).

···

       63
        
       

     

       64
        
       - [Bonsai](https://git.sr.ht/~stacyharper/bonsai), a general-purpose event mapper/state machine primarily used to create complex key shortcuts, and as part of the [SXMO](https://sxmo.org/) desktop environment. Available as [services.bonsaid](#opt-services.bonsaid.enable).

     

       65
        
       

     

       66
       +
       - [archtika](https://github.com/archtika/archtika), a FLOSS, modern, performant, lightweight and self‑hosted CMS. Available as [services.archtika](#opt-services.archtika.enable).

     

       67
       +
       

     

       68
        
       - [scanservjs](https://github.com/sbs20/scanservjs/), a web UI for SANE scanners. Available at [services.scanservjs](#opt-services.scanservjs.enable).

     

       69
        
       

     

       70
        
       - [Kimai](https://www.kimai.org/), a web-based multi-user time-tracking application. Available as [services.kimai](options.html#opt-services.kimai).

nixos/modules/module-list.nix

···

       1459
        
         ./services/web-apps/agorakit.nix

     

       1460
        
         ./services/web-apps/alps.nix

     

       1461
        
         ./services/web-apps/anuko-time-tracker.nix

     

       0
        
       
     

       1462
        
         ./services/web-apps/artalk.nix

     

       1463
        
         ./services/web-apps/audiobookshelf.nix

     

       1464
        
         ./services/web-apps/bluemap.nix

···

       1459
        
         ./services/web-apps/agorakit.nix

     

       1460
        
         ./services/web-apps/alps.nix

     

       1461
        
         ./services/web-apps/anuko-time-tracker.nix

     

       1462
       +
         ./services/web-apps/archtika.nix

     

       1463
        
         ./services/web-apps/artalk.nix

     

       1464
        
         ./services/web-apps/audiobookshelf.nix

     

       1465
        
         ./services/web-apps/bluemap.nix

+307

nixos/modules/services/web-apps/archtika.nix

···

       1
       +
       {

     

       2
       +
         config,

     

       3
       +
         lib,

     

       4
       +
         pkgs,

     

       5
       +
         ...

     

       6
       +
       }:

     

       7
       +
       

     

       8
       +
       let

     

       9
       +
         inherit (lib)

     

       10
       +
           mkEnableOption

     

       11
       +
           mkOption

     

       12
       +
           mkIf

     

       13
       +
           mkPackageOption

     

       14
       +
           types

     

       15
       +
           ;

     

       16
       +
         cfg = config.services.archtika;

     

       17
       +
       in

     

       18
       +
       {

     

       19
       +
         options.services.archtika = {

     

       20
       +
           enable = mkEnableOption "Whether to enable the archtika service";

     

       21
       +
       

     

       22
       +
           package = mkPackageOption pkgs "archtika" { };

     

       23
       +
       

     

       24
       +
           user = mkOption {

     

       25
       +
             type = types.str;

     

       26
       +
             default = "archtika";

     

       27
       +
             description = "User account under which archtika runs.";

     

       28
       +
           };

     

       29
       +
       

     

       30
       +
           group = mkOption {

     

       31
       +
             type = types.str;

     

       32
       +
             default = "archtika";

     

       33
       +
             description = "Group under which archtika runs.";

     

       34
       +
           };

     

       35
       +
       

     

       36
       +
           databaseName = mkOption {

     

       37
       +
             type = types.str;

     

       38
       +
             default = "archtika";

     

       39
       +
             description = "Name of the PostgreSQL database for archtika.";

     

       40
       +
           };

     

       41
       +
       

     

       42
       +
           apiPort = mkOption {

     

       43
       +
             type = types.port;

     

       44
       +
             default = 5000;

     

       45
       +
             description = "Port on which the API runs.";

     

       46
       +
           };

     

       47
       +
       

     

       48
       +
           apiAdminPort = mkOption {

     

       49
       +
             type = types.port;

     

       50
       +
             default = 7500;

     

       51
       +
             description = "Port on which the API admin server runs.";

     

       52
       +
           };

     

       53
       +
       

     

       54
       +
           webAppPort = mkOption {

     

       55
       +
             type = types.port;

     

       56
       +
             default = 10000;

     

       57
       +
             description = "Port on which the web application runs.";

     

       58
       +
           };

     

       59
       +
       

     

       60
       +
           domain = mkOption {

     

       61
       +
             type = types.str;

     

       62
       +
             description = "Domain to use for the application.";

     

       63
       +
           };

     

       64
       +
       

     

       65
       +
           settings = mkOption {

     

       66
       +
             description = "Settings for the running archtika application.";

     

       67
       +
             type = types.submodule {

     

       68
       +
               options = {

     

       69
       +
                 disableRegistration = mkOption {

     

       70
       +
                   type = types.bool;

     

       71
       +
                   default = false;

     

       72
       +
                   description = "By default any user can create an account. That behavior can be disabled with this option.";

     

       73
       +
                 };

     

       74
       +
                 maxUserWebsites = mkOption {

     

       75
       +
                   type = types.ints.positive;

     

       76
       +
                   default = 2;

     

       77
       +
                   description = "Maximum number of websites allowed per user by default.";

     

       78
       +
                 };

     

       79
       +
                 maxWebsiteStorageSize = mkOption {

     

       80
       +
                   type = types.ints.positive;

     

       81
       +
                   default = 50;

     

       82
       +
                   description = "Maximum amount of disk space in MB allowed per user website by default.";

     

       83
       +
                 };

     

       84
       +
               };

     

       85
       +
             };

     

       86
       +
           };

     

       87
       +
         };

     

       88
       +
       

     

       89
       +
         config = mkIf cfg.enable (

     

       90
       +
           let

     

       91
       +
             baseHardenedSystemdOptions = {

     

       92
       +
               CapabilityBoundingSet = "";

     

       93
       +
               LockPersonality = true;

     

       94
       +
               NoNewPrivileges = true;

     

       95
       +
               PrivateDevices = true;

     

       96
       +
               PrivateTmp = true;

     

       97
       +
               ProtectClock = true;

     

       98
       +
               ProtectControlGroups = true;

     

       99
       +
               ProtectHome = true;

     

       100
       +
               ProtectHostname = true;

     

       101
       +
               ProtectKernelLogs = true;

     

       102
       +
               ProtectKernelModules = true;

     

       103
       +
               ProtectKernelTunables = true;

     

       104
       +
               ProtectSystem = "strict";

     

       105
       +
               RemoveIPC = true;

     

       106
       +
               RestrictNamespaces = true;

     

       107
       +
               RestrictRealtime = true;

     

       108
       +
               RestrictSUIDSGID = true;

     

       109
       +
               SystemCallArchitectures = "native";

     

       110
       +
               SystemCallFilter = [

     

       111
       +
                 "@system-service"

     

       112
       +
                 "~@privileged"

     

       113
       +
                 "~@resources"

     

       114
       +
               ];

     

       115
       +
               ReadWritePaths = [ "/var/www/archtika-websites" ];

     

       116
       +
             };

     

       117
       +
           in

     

       118
       +
           {

     

       119
       +
             users.users.${cfg.user} = {

     

       120
       +
               isSystemUser = true;

     

       121
       +
               group = cfg.group;

     

       122
       +
             };

     

       123
       +
       

     

       124
       +
             users.groups.${cfg.group} = {

     

       125
       +
               members = [

     

       126
       +
                 "nginx"

     

       127
       +
                 "postgres"

     

       128
       +
               ];

     

       129
       +
             };

     

       130
       +
       

     

       131
       +
             systemd.tmpfiles.settings."10-archtika" = {

     

       132
       +
               "/var/www" = {

     

       133
       +
                 d = {

     

       134
       +
                   mode = "0755";

     

       135
       +
                   user = "root";

     

       136
       +
                   group = "root";

     

       137
       +
                 };

     

       138
       +
               };

     

       139
       +
               "/var/www/archtika-websites" = {

     

       140
       +
                 d = {

     

       141
       +
                   mode = "0770";

     

       142
       +
                   user = cfg.user;

     

       143
       +
                   group = cfg.group;

     

       144
       +
                 };

     

       145
       +
               };

     

       146
       +
             };

     

       147
       +
       

     

       148
       +
             systemd.services.archtika-api = {

     

       149
       +
               description = "archtika API service";

     

       150
       +
               wantedBy = [ "multi-user.target" ];

     

       151
       +
               after = [

     

       152
       +
                 "network.target"

     

       153
       +
                 "postgresql.service"

     

       154
       +
               ];

     

       155
       +
       

     

       156
       +
               path = [ config.services.postgresql.package ];

     

       157
       +
       

     

       158
       +
               serviceConfig = baseHardenedSystemdOptions // {

     

       159
       +
                 User = cfg.user;

     

       160
       +
                 Group = cfg.group;

     

       161
       +
                 Restart = "always";

     

       162
       +
                 WorkingDirectory = "${cfg.package}/rest-api";

     

       163
       +
                 RestrictAddressFamilies = [

     

       164
       +
                   "AF_INET"

     

       165
       +
                   "AF_INET6"

     

       166
       +
                   "AF_UNIX"

     

       167
       +
                 ];

     

       168
       +
               };

     

       169
       +
       

     

       170
       +
               script =

     

       171
       +
                 let

     

       172
       +
                   dbUrl = user: "postgres://${user}@/${cfg.databaseName}?host=/var/run/postgresql";

     

       173
       +
                 in

     

       174
       +
                 ''

     

       175
       +
                   JWT_SECRET=$(tr -dc 'A-Za-z0-9' < /dev/urandom | head -c64)

     

       176
       +
       

     

       177
       +
                   psql ${dbUrl "postgres"} \

     

       178
       +
                     -c "ALTER DATABASE ${cfg.databaseName} SET \"app.jwt_secret\" TO '$JWT_SECRET'" \

     

       179
       +
                     -c "ALTER DATABASE ${cfg.databaseName} SET \"app.website_max_storage_size\" TO ${toString cfg.settings.maxWebsiteStorageSize}" \

     

       180
       +
                     -c "ALTER DATABASE ${cfg.databaseName} SET \"app.website_max_number_user\" TO ${toString cfg.settings.maxUserWebsites}"

     

       181
       +
       

     

       182
       +
                   ${lib.getExe pkgs.dbmate} --url "${dbUrl "postgres"}&sslmode=disable" --migrations-dir ${cfg.package}/rest-api/db/migrations up

     

       183
       +
       

     

       184
       +
                   PGRST_SERVER_CORS_ALLOWED_ORIGINS="https://${cfg.domain}" \

     

       185
       +
                   PGRST_ADMIN_SERVER_PORT=${toString cfg.apiAdminPort} \

     

       186
       +
                   PGRST_SERVER_PORT=${toString cfg.apiPort} \

     

       187
       +
                   PGRST_DB_SCHEMAS="api" \

     

       188
       +
                   PGRST_DB_ANON_ROLE="anon" \

     

       189
       +
                   PGRST_OPENAPI_MODE="ignore-privileges" \

     

       190
       +
                   PGRST_DB_URI=${dbUrl "authenticator"} \

     

       191
       +
                   PGRST_JWT_SECRET="$JWT_SECRET" \

     

       192
       +
                   ${lib.getExe pkgs.postgrest}

     

       193
       +
                 '';

     

       194
       +
             };

     

       195
       +
       

     

       196
       +
             systemd.services.archtika-web = {

     

       197
       +
               description = "archtika Web App service";

     

       198
       +
               wantedBy = [ "multi-user.target" ];

     

       199
       +
               after = [ "network.target" ];

     

       200
       +
       

     

       201
       +
               serviceConfig = baseHardenedSystemdOptions // {

     

       202
       +
                 User = cfg.user;

     

       203
       +
                 Group = cfg.group;

     

       204
       +
                 Restart = "always";

     

       205
       +
                 WorkingDirectory = "${cfg.package}/web-app";

     

       206
       +
                 RestrictAddressFamilies = [

     

       207
       +
                   "AF_INET"

     

       208
       +
                   "AF_INET6"

     

       209
       +
                 ];

     

       210
       +
               };

     

       211
       +
       

     

       212
       +
               environment = {

     

       213
       +
                 REGISTRATION_IS_DISABLED = toString cfg.settings.disableRegistration;

     

       214
       +
                 BODY_SIZE_LIMIT = "10M";

     

       215
       +
                 ORIGIN = "https://${cfg.domain}";

     

       216
       +
                 PORT = toString cfg.webAppPort;

     

       217
       +
               };

     

       218
       +
       

     

       219
       +
               script = "${lib.getExe pkgs.nodejs} ${cfg.package}/web-app";

     

       220
       +
             };

     

       221
       +
       

     

       222
       +
             services.postgresql = {

     

       223
       +
               enable = true;

     

       224
       +
               ensureDatabases = [ cfg.databaseName ];

     

       225
       +
               extensions = ps: with ps; [ pgjwt ];

     

       226
       +
               authentication = lib.mkOverride 11 ''

     

       227
       +
                 local postgres postgres trust

     

       228
       +
                 local ${cfg.databaseName} all trust

     

       229
       +
               '';

     

       230
       +
             };

     

       231
       +
       

     

       232
       +
             systemd.services.postgresql = {

     

       233
       +
               path = with pkgs; [

     

       234
       +
                 gnutar

     

       235
       +
                 gzip

     

       236
       +
               ];

     

       237
       +
               serviceConfig = {

     

       238
       +
                 ReadWritePaths = [ "/var/www/archtika-websites" ];

     

       239
       +
                 SystemCallFilter = [ "@system-service" ];

     

       240
       +
               };

     

       241
       +
             };

     

       242
       +
       

     

       243
       +
             services.nginx = {

     

       244
       +
               enable = true;

     

       245
       +
               recommendedProxySettings = true;

     

       246
       +
               recommendedTlsSettings = true;

     

       247
       +
               recommendedZstdSettings = true;

     

       248
       +
               recommendedOptimisation = true;

     

       249
       +
       

     

       250
       +
               appendHttpConfig = ''

     

       251
       +
                 map $http_cookie $archtika_auth_header {

     

       252
       +
                   default "";

     

       253
       +
                   "~*session_token=([^;]+)" "Bearer $1";

     

       254
       +
                 }

     

       255
       +
               '';

     

       256
       +
       

     

       257
       +
               virtualHosts = {

     

       258
       +
                 "${cfg.domain}" = {

     

       259
       +
                   useACMEHost = cfg.domain;

     

       260
       +
                   forceSSL = true;

     

       261
       +
                   locations = {

     

       262
       +
                     "/" = {

     

       263
       +
                       proxyPass = "http://127.0.0.1:${toString cfg.webAppPort}";

     

       264
       +
                     };

     

       265
       +
                     "/previews/" = {

     

       266
       +
                       alias = "/var/www/archtika-websites/previews/";

     

       267
       +
                       index = "index.html";

     

       268
       +
                       tryFiles = "$uri $uri/ $uri.html =404";

     

       269
       +
                     };

     

       270
       +
                     "/api/rpc/export_articles_zip" = {

     

       271
       +
                       proxyPass = "http://127.0.0.1:${toString cfg.apiPort}/rpc/export_articles_zip";

     

       272
       +
                       extraConfig = ''

     

       273
       +
                         default_type application/json;

     

       274
       +
                         proxy_set_header Authorization $archtika_auth_header;

     

       275
       +
                       '';

     

       276
       +
                     };

     

       277
       +
                     "/api/" = {

     

       278
       +
                       proxyPass = "http://127.0.0.1:${toString cfg.apiPort}/";

     

       279
       +
                       extraConfig = ''

     

       280
       +
                         default_type application/json;

     

       281
       +
                       '';

     

       282
       +
                     };

     

       283
       +
                     "/api/rpc/register" = mkIf cfg.settings.disableRegistration {

     

       284
       +
                       extraConfig = ''

     

       285
       +
                         deny all;

     

       286
       +
                       '';

     

       287
       +
                     };

     

       288
       +
                   };

     

       289
       +
                 };

     

       290
       +
                 "~^(?<subdomain>.+)\\.${cfg.domain}$" = {

     

       291
       +
                   useACMEHost = cfg.domain;

     

       292
       +
                   forceSSL = true;

     

       293
       +
                   locations = {

     

       294
       +
                     "/" = {

     

       295
       +
                       root = "/var/www/archtika-websites/$subdomain";

     

       296
       +
                       index = "index.html";

     

       297
       +
                       tryFiles = "$uri $uri/ $uri.html =404";

     

       298
       +
                     };

     

       299
       +
                   };

     

       300
       +
                 };

     

       301
       +
               };

     

       302
       +
             };

     

       303
       +
           }

     

       304
       +
         );

     

       305
       +
       

     

       306
       +
         meta.maintainers = [ lib.maintainers.thiloho ];

     

       307
       +
       }

+62

pkgs/by-name/ar/archtika/package.nix

···

       1
       +
       {

     

       2
       +
         lib,

     

       3
       +
         stdenv,

     

       4
       +
         buildNpmPackage,

     

       5
       +
         importNpmLock,

     

       6
       +
         symlinkJoin,

     

       7
       +
         fetchFromGitHub,

     

       8
       +
         nix-update-script,

     

       9
       +
       }:

     

       10
       +
       

     

       11
       +
       let

     

       12
       +
         version = "1.2.0";

     

       13
       +
       

     

       14
       +
         src = fetchFromGitHub {

     

       15
       +
           owner = "archtika";

     

       16
       +
           repo = "archtika";

     

       17
       +
           tag = "v${version}";

     

       18
       +
           hash = "sha256-ba9da7LqCE/e2lhRVHD7GOhwOj1fNTBbN/pARPMzIg4=";

     

       19
       +
         };

     

       20
       +
       

     

       21
       +
         web = buildNpmPackage {

     

       22
       +
           name = "web-app";

     

       23
       +
           src = "${src}/web-app";

     

       24
       +
           npmDepsHash = "sha256-RTyo7K/Hr1hBGtcBKynrziUInl91JqZl84NkJg16ufA=";

     

       25
       +
           npmFlags = [ "--legacy-peer-deps" ];

     

       26
       +
           installPhase = ''

     

       27
       +
             mkdir -p $out/web-app

     

       28
       +
             cp package.json $out/web-app

     

       29
       +
             cp -r node_modules $out/web-app

     

       30
       +
             cp -r build/* $out/web-app

     

       31
       +
             cp -r template-styles $out/web-app

     

       32
       +
           '';

     

       33
       +
         };

     

       34
       +
       

     

       35
       +
         api = stdenv.mkDerivation {

     

       36
       +
           name = "api";

     

       37
       +
           src = "${src}/rest-api";

     

       38
       +
           installPhase = ''

     

       39
       +
             mkdir -p $out/rest-api/db/migrations

     

       40
       +
             cp -r db/migrations/* $out/rest-api/db/migrations

     

       41
       +
           '';

     

       42
       +
         };

     

       43
       +
       in

     

       44
       +
       symlinkJoin {

     

       45
       +
         pname = "archtika";

     

       46
       +
         inherit version;

     

       47
       +
       

     

       48
       +
         paths = [

     

       49
       +
           web

     

       50
       +
           api

     

       51
       +
         ];

     

       52
       +
       

     

       53
       +
         passthru.updateScript = nix-update-script { };

     

       54
       +
       

     

       55
       +
         meta = {

     

       56
       +
           description = "Modern, performant and lightweight CMS";

     

       57
       +
           homepage = "https://archtika.com";

     

       58
       +
           license = lib.licenses.gpl3;

     

       59
       +
           maintainers = [ lib.maintainers.thiloho ];

     

       60
       +
           platforms = lib.platforms.unix;

     

       61
       +
         };

     

       62
       +
       }