Merge pull request #203825 from SuperSandro2000/mastodon-tootctl

Closes https://github.com/NixOS/nixpkgs/issues/199029
This commit is contained in:
Sandro 2022-12-04 11:29:45 +01:00 committed by GitHub
commit e38618a657
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 39 additions and 25 deletions

View file

@ -119,6 +119,15 @@
<link linkend="opt-services.opensnitch.rules">services.opensnitch.rules</link>
</para>
</listitem>
<listitem>
<para>
<literal>services.mastodon</literal> gained a tootctl wrapped
named <literal>mastodon-tootctl</literal> similar to
<literal>nextcloud-occ</literal> which can be executed from
any user and switches to the configured mastodon user with
sudo and sources the environment variables.
</para>
</listitem>
<listitem>
<para>
A new <literal>virtualisation.rosetta</literal> module was

View file

@ -41,6 +41,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- The module for the application firewall `opensnitch` got the ability to configure rules. Available as [services.opensnitch.rules](#opt-services.opensnitch.rules)
- `services.mastodon` gained a tootctl wrapped named `mastodon-tootctl` similar to `nextcloud-occ` which can be executed from any user and switches to the configured mastodon user with sudo and sources the environment variables.
- A new `virtualisation.rosetta` module was added to allow running `x86_64` binaries through [Rosetta](https://developer.apple.com/documentation/apple-silicon/about-the-rosetta-translation-environment) inside virtualised NixOS guests on Apple silicon. This feature works by default with the [UTM](https://docs.getutm.app/) virtualisation [package](https://search.nixos.org/packages?channel=unstable&show=utm&from=0&size=1&sort=relevance&type=packages&query=utm).
- Resilio sync secret keys can now be provided using a secrets file at runtime, preventing these secrets from ending up in the Nix store.

View file

@ -92,12 +92,18 @@ let
] else []
) env))));
mastodonEnv = pkgs.writeShellScriptBin "mastodon-env" ''
mastodonTootctl = pkgs.writeShellScriptBin "mastodon-tootctl" ''
#! ${pkgs.runtimeShell}
set -a
export RAILS_ROOT="${cfg.package}"
source "${envFile}"
source /var/lib/mastodon/.secrets_env
eval -- "\$@"
sudo=exec
if [[ "$USER" != ${cfg.user} ]]; then
sudo='exec /run/wrappers/bin/sudo -u ${cfg.user} --preserve-env'
fi
$sudo ${cfg.package}/bin/tootctl "$@"
'';
in {
@ -133,15 +139,10 @@ in {
description = lib.mdDoc ''
User under which mastodon runs. If it is set to "mastodon",
that user will be created, otherwise it should be set to the
name of a user created elsewhere. In both cases,
`mastodon` and a package containing only
the shell script `mastodon-env` will be added to
the user's package set. To run a command from
`mastodon` such as `tootctl`
with the environment configured by this module use
`mastodon-env`, as in:
`mastodon-env tootctl accounts create newuser --email newuser@example.com`
name of a user created elsewhere.
In both cases, the `mastodon` package will be added to the user's package set
and a tootctl wrapper to system packages that switches to the configured account
and load the right environment.
'';
type = lib.types.str;
default = "mastodon";
@ -485,6 +486,8 @@ in {
}
];
environment.systemPackages = [ mastodonTootctl ];
systemd.services.mastodon-init-dirs = {
script = ''
umask 077
@ -704,7 +707,7 @@ in {
inherit (cfg) group;
};
})
(lib.attrsets.setAttrByPath [ cfg.user "packages" ] [ cfg.package mastodonEnv pkgs.imagemagick ])
(lib.attrsets.setAttrByPath [ cfg.user "packages" ] [ cfg.package pkgs.imagemagick ])
];
users.groups.${cfg.group}.members = lib.optional cfg.configureNginx config.services.nginx.user;

View file

@ -104,24 +104,24 @@ in
# Simple check tootctl commands
# Check Mastodon version
server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl version' | grep '${pkgs.mastodon.version}'")
server.succeed("mastodon-tootctl version | grep '${pkgs.mastodon.version}'")
# Manage accounts
server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl email_domain_blocks add example.com'")
server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl email_domain_blocks list' | grep 'example.com'")
server.fail("su - mastodon -s /bin/sh -c 'mastodon-env tootctl email_domain_blocks list' | grep 'mastodon.local'")
server.fail("su - mastodon -s /bin/sh -c 'mastodon-env tootctl accounts create alice --email=alice@example.com'")
server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl email_domain_blocks remove example.com'")
server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl accounts create bob --email=bob@example.com'")
server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl accounts approve bob'")
server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl accounts delete bob'")
server.succeed("mastodon-tootctl email_domain_blocks add example.com")
server.succeed("mastodon-tootctl email_domain_blocks list | grep example.com")
server.fail("mastodon-tootctl email_domain_blocks list | grep mastodon.local")
server.fail("mastodon-tootctl accounts create alice --email=alice@example.com")
server.succeed("mastodon-tootctl email_domain_blocks remove example.com")
server.succeed("mastodon-tootctl accounts create bob --email=bob@example.com")
server.succeed("mastodon-tootctl accounts approve bob")
server.succeed("mastodon-tootctl accounts delete bob")
# Manage IP access
server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl ip_blocks add 192.168.0.0/16 --severity=no_access'")
server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl ip_blocks export' | grep '192.168.0.0/16'")
server.fail("su - mastodon -s /bin/sh -c 'mastodon-env tootctl ip_blocks export' | grep '172.16.0.0/16'")
server.succeed("mastodon-tootctl ip_blocks add 192.168.0.0/16 --severity=no_access")
server.succeed("mastodon-tootctl ip_blocks export | grep 192.168.0.0/16")
server.fail("mastodon-tootctl ip_blocks export | grep 172.16.0.0/16")
client.fail("curl --fail https://mastodon.local/about")
server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl ip_blocks remove 192.168.0.0/16'")
server.succeed("mastodon-tootctl ip_blocks remove 192.168.0.0/16")
client.succeed("curl --fail https://mastodon.local/about")
server.shutdown()