BoomMicrophone/nixpkgs-suyu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

isso: added NixOS module to configure isso in NixOS

Browse source
This commit is contained in:
Benjamin Asbach 2021-08-07 00:32:06 -06:00
parent c1a7bbc38f
commit 86296623c6
5 changed files with 90 additions and 49 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
nixos/doc/manual/from_md/release-notes/rl-2111.section.xml
View file

@ -164,6 +164,13 @@
<link linkend="opt-services.influxdb2.enable">services.influxdb2</link>.
</para>
</listitem>
<listitem>
<para>
<link xlink:href="https://posativ.org/isso/">isso</link>, a
commenting server similar to Disqus. Available as
<link linkend="opt-services.isso.enable">isso</link>
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-21.11-incompatibilities">
@ -654,32 +661,6 @@
to use wildcards in the <literal>source</literal> argument.
</para>
</listitem>
<listitem>
<para>
The <literal>openrazer</literal> and
<literal>openrazer-daemon</literal> packages as well as the
<literal>hardware.openrazer</literal> module now require users
to be members of the <literal>openrazer</literal> group
instead of <literal>plugdev</literal>. With this change, users
no longer need be granted the entire set of
<literal>plugdev</literal> group permissions, which can
include permissions other than those required by
<literal>openrazer</literal>. This is desirable from a
security point of view. The setting
<link xlink:href="options.html#opt-services.hardware.openrazer.users"><literal>harware.openrazer.users</literal></link>
can be used to add users to the <literal>openrazer</literal>
group.
</para>
</listitem>
<listitem>
<para>
The <literal>yambar</literal> package has been split into
<literal>yambar</literal> and
<literal>yambar-wayland</literal>, corresponding to the xorg
and wayland backend respectively. Please switch to
<literal>yambar-wayland</literal> if you are on wayland.
</para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sec-release-21.11-notable-changes">
@ -849,15 +830,6 @@
version of zfs.
</para>
</listitem>
<listitem>
<para>
Nginx will use the value of
<literal>sslTrustedCertificate</literal> if provided for a
virtual host, even if <literal>enableACME</literal> is set.
This is useful for providers not using the same certificate to
sign OCSP responses and server certificates.
</para>
</listitem>
</itemizedlist>
</section>
</section>

9
nixos/doc/manual/release-notes/rl-2111.section.md
View file

@ -50,6 +50,9 @@ pt-services.clipcat.enable).
- [influxdb2](https://github.com/influxdata/influxdb), a Scalable datastore for metrics, events, and real-time analytics. Available as [services.influxdb2](#opt-services.influxdb2.enable).
- [isso](https://posativ.org/isso/), a commenting server similar to Disqus.
Available as [isso](#opt-services.isso.enable)
## Backward Incompatibilities {#sec-release-21.11-incompatibilities}
- The `staticjinja` package has been upgraded from 1.0.4 to 3.0.1
@ -166,10 +169,6 @@ pt-services.clipcat.enable).
- `programs.neovim.runtime` switched to a `linkFarm` internally, making it impossible to use wildcards in the `source` argument.
- The `openrazer` and `openrazer-daemon` packages as well as the `hardware.openrazer` module now require users to be members of the `openrazer` group instead of `plugdev`. With this change, users no longer need be granted the entire set of `plugdev` group permissions, which can include permissions other than those required by `openrazer`. This is desirable from a security point of view. The setting [`harware.openrazer.users`](options.html#opt-services.hardware.openrazer.users) can be used to add users to the `openrazer` group.
- The `yambar` package has been split into `yambar` and `yambar-wayland`, corresponding to the xorg and wayland backend respectively. Please switch to `yambar-wayland` if you are on wayland.
## Other Notable Changes {#sec-release-21.11-notable-changes}
- The setting [`services.openssh.logLevel`](options.html#opt-services.openssh.logLevel) `"VERBOSE"` `"INFO"`. This brings NixOS in line with upstream and other Linux distributions, and reduces log spam on servers due to bruteforcing botnets.
@ -215,5 +214,3 @@ pt-services.clipcat.enable).
- The [services.syncoid.enable](options.html#opt-services.syncoid.enable) module now properly drops ZFS permissions after usage. Before it delegated permissions to whole pools instead of datasets and didn't clean up after execution. You can manually look this up for your pools by running `zfs allow your-pool-name` and use `zfs unallow syncoid your-pool-name` to clean this up.
- Zfs: `latestCompatibleLinuxPackages` is now exported on the zfs package. One can use `boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;` to always track the latest compatible kernel with a given version of zfs.
- Nginx will use the value of `sslTrustedCertificate` if provided for a virtual host, even if `enableACME` is set. This is useful for providers not using the same certificate to sign OCSP responses and server certificates.

1
nixos/modules/module-list.nix
View file

@ -960,6 +960,7 @@
./services/web-apps/icingaweb2/icingaweb2.nix
./services/web-apps/icingaweb2/module-monitoring.nix
./services/web-apps/ihatemoney
./services/web-apps/isso.nix
./services/web-apps/jirafeau.nix
./services/web-apps/jitsi-meet.nix
./services/web-apps/keycloak.nix

69
nixos/modules/services/web-apps/isso.nix Normal file
View file

@ -0,0 +1,69 @@
{ config, lib, pkgs, ... }:
let
inherit (lib) mkEnableOption mkIf mkOption types literalExample;
cfg = config.services.isso;
settingsFormat = pkgs.formats.ini { };
configFile = settingsFormat.generate "isso.conf" cfg.settings;
in {
options = {
services.isso = {
enable = mkEnableOption ''
A commenting server similar to Disqus.
Note: The application's author suppose to run isso behind a reverse proxy.
The embedded solution offered by NixOS is also only suitable for small installations
below 20 requests per second.
'';
settings = mkOption {
description = ''
Configuration for <package>isso</package>.
See <link xlink:href="https://posativ.org/isso/docs/configuration/server/">Isso Server Configuration</link>
for supported values.
'';
type = types.submodule {
freeformType = settingsFormat.type;
};
example = literalExample ''
{
general = {
host = "http://localhost";
};
}
'';
};
};
};
config = mkIf cfg.enable {
services.isso.settings.general.dbpath = lib.mkDefault "/var/lib/isso/comments.db";
systemd.services.isso = {
description = "isso, a commenting server similar to Disqus";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = "isso";
Group = "isso";
DynamicUser = true;
StateDirectory = "isso";
ExecStart = ''
${pkgs.isso}/bin/isso -c ${configFile}
'';
Restart = "on-failure";
RestartSec = 1;
};
};
};
}

18
nixos/tests/isso.nix
View file

@ -5,20 +5,22 @@ import ./make-test-python.nix ({ pkgs, ... }: {
};
machine = { config, pkgs, ... }: {
environment.systemPackages = [ pkgs.isso ];
services.isso = {
enable = true;
settings = {
general = {
dbpath = "/var/lib/isso/comments.db";
host = "http://localhost";
};
};
};
};
testScript = let
issoConfig = pkgs.writeText "minimal-isso.conf" ''
[general]
dbpath = /tmp/isso-comments.db
host = http://localhost
'';
port = 8080;
in
''
machine.succeed("isso -c ${issoConfig} &")
machine.wait_for_unit("isso.service")
machine.wait_for_open_port("${toString port}")