Merge pull request #203825 from SuperSandro2000/mastodon-tootctl
Closes https://github.com/NixOS/nixpkgs/issues/199029
This commit is contained in:
commit
e38618a657
4 changed files with 39 additions and 25 deletions
|
@ -119,6 +119,15 @@
|
|||
<link linkend="opt-services.opensnitch.rules">services.opensnitch.rules</link>
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
<literal>services.mastodon</literal> gained a tootctl wrapped
|
||||
named <literal>mastodon-tootctl</literal> similar to
|
||||
<literal>nextcloud-occ</literal> which can be executed from
|
||||
any user and switches to the configured mastodon user with
|
||||
sudo and sources the environment variables.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
A new <literal>virtualisation.rosetta</literal> module was
|
||||
|
|
|
@ -41,6 +41,8 @@ In addition to numerous new and upgraded packages, this release has the followin
|
|||
|
||||
- The module for the application firewall `opensnitch` got the ability to configure rules. Available as [services.opensnitch.rules](#opt-services.opensnitch.rules)
|
||||
|
||||
- `services.mastodon` gained a tootctl wrapped named `mastodon-tootctl` similar to `nextcloud-occ` which can be executed from any user and switches to the configured mastodon user with sudo and sources the environment variables.
|
||||
|
||||
- A new `virtualisation.rosetta` module was added to allow running `x86_64` binaries through [Rosetta](https://developer.apple.com/documentation/apple-silicon/about-the-rosetta-translation-environment) inside virtualised NixOS guests on Apple silicon. This feature works by default with the [UTM](https://docs.getutm.app/) virtualisation [package](https://search.nixos.org/packages?channel=unstable&show=utm&from=0&size=1&sort=relevance&type=packages&query=utm).
|
||||
|
||||
- Resilio sync secret keys can now be provided using a secrets file at runtime, preventing these secrets from ending up in the Nix store.
|
||||
|
|
|
@ -92,12 +92,18 @@ let
|
|||
] else []
|
||||
) env))));
|
||||
|
||||
mastodonEnv = pkgs.writeShellScriptBin "mastodon-env" ''
|
||||
mastodonTootctl = pkgs.writeShellScriptBin "mastodon-tootctl" ''
|
||||
#! ${pkgs.runtimeShell}
|
||||
set -a
|
||||
export RAILS_ROOT="${cfg.package}"
|
||||
source "${envFile}"
|
||||
source /var/lib/mastodon/.secrets_env
|
||||
eval -- "\$@"
|
||||
|
||||
sudo=exec
|
||||
if [[ "$USER" != ${cfg.user} ]]; then
|
||||
sudo='exec /run/wrappers/bin/sudo -u ${cfg.user} --preserve-env'
|
||||
fi
|
||||
$sudo ${cfg.package}/bin/tootctl "$@"
|
||||
'';
|
||||
|
||||
in {
|
||||
|
@ -133,15 +139,10 @@ in {
|
|||
description = lib.mdDoc ''
|
||||
User under which mastodon runs. If it is set to "mastodon",
|
||||
that user will be created, otherwise it should be set to the
|
||||
name of a user created elsewhere. In both cases,
|
||||
`mastodon` and a package containing only
|
||||
the shell script `mastodon-env` will be added to
|
||||
the user's package set. To run a command from
|
||||
`mastodon` such as `tootctl`
|
||||
with the environment configured by this module use
|
||||
`mastodon-env`, as in:
|
||||
|
||||
`mastodon-env tootctl accounts create newuser --email newuser@example.com`
|
||||
name of a user created elsewhere.
|
||||
In both cases, the `mastodon` package will be added to the user's package set
|
||||
and a tootctl wrapper to system packages that switches to the configured account
|
||||
and load the right environment.
|
||||
'';
|
||||
type = lib.types.str;
|
||||
default = "mastodon";
|
||||
|
@ -485,6 +486,8 @@ in {
|
|||
}
|
||||
];
|
||||
|
||||
environment.systemPackages = [ mastodonTootctl ];
|
||||
|
||||
systemd.services.mastodon-init-dirs = {
|
||||
script = ''
|
||||
umask 077
|
||||
|
@ -704,7 +707,7 @@ in {
|
|||
inherit (cfg) group;
|
||||
};
|
||||
})
|
||||
(lib.attrsets.setAttrByPath [ cfg.user "packages" ] [ cfg.package mastodonEnv pkgs.imagemagick ])
|
||||
(lib.attrsets.setAttrByPath [ cfg.user "packages" ] [ cfg.package pkgs.imagemagick ])
|
||||
];
|
||||
|
||||
users.groups.${cfg.group}.members = lib.optional cfg.configureNginx config.services.nginx.user;
|
||||
|
|
|
@ -104,24 +104,24 @@ in
|
|||
|
||||
# Simple check tootctl commands
|
||||
# Check Mastodon version
|
||||
server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl version' | grep '${pkgs.mastodon.version}'")
|
||||
server.succeed("mastodon-tootctl version | grep '${pkgs.mastodon.version}'")
|
||||
|
||||
# Manage accounts
|
||||
server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl email_domain_blocks add example.com'")
|
||||
server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl email_domain_blocks list' | grep 'example.com'")
|
||||
server.fail("su - mastodon -s /bin/sh -c 'mastodon-env tootctl email_domain_blocks list' | grep 'mastodon.local'")
|
||||
server.fail("su - mastodon -s /bin/sh -c 'mastodon-env tootctl accounts create alice --email=alice@example.com'")
|
||||
server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl email_domain_blocks remove example.com'")
|
||||
server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl accounts create bob --email=bob@example.com'")
|
||||
server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl accounts approve bob'")
|
||||
server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl accounts delete bob'")
|
||||
server.succeed("mastodon-tootctl email_domain_blocks add example.com")
|
||||
server.succeed("mastodon-tootctl email_domain_blocks list | grep example.com")
|
||||
server.fail("mastodon-tootctl email_domain_blocks list | grep mastodon.local")
|
||||
server.fail("mastodon-tootctl accounts create alice --email=alice@example.com")
|
||||
server.succeed("mastodon-tootctl email_domain_blocks remove example.com")
|
||||
server.succeed("mastodon-tootctl accounts create bob --email=bob@example.com")
|
||||
server.succeed("mastodon-tootctl accounts approve bob")
|
||||
server.succeed("mastodon-tootctl accounts delete bob")
|
||||
|
||||
# Manage IP access
|
||||
server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl ip_blocks add 192.168.0.0/16 --severity=no_access'")
|
||||
server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl ip_blocks export' | grep '192.168.0.0/16'")
|
||||
server.fail("su - mastodon -s /bin/sh -c 'mastodon-env tootctl ip_blocks export' | grep '172.16.0.0/16'")
|
||||
server.succeed("mastodon-tootctl ip_blocks add 192.168.0.0/16 --severity=no_access")
|
||||
server.succeed("mastodon-tootctl ip_blocks export | grep 192.168.0.0/16")
|
||||
server.fail("mastodon-tootctl ip_blocks export | grep 172.16.0.0/16")
|
||||
client.fail("curl --fail https://mastodon.local/about")
|
||||
server.succeed("su - mastodon -s /bin/sh -c 'mastodon-env tootctl ip_blocks remove 192.168.0.0/16'")
|
||||
server.succeed("mastodon-tootctl ip_blocks remove 192.168.0.0/16")
|
||||
client.succeed("curl --fail https://mastodon.local/about")
|
||||
|
||||
server.shutdown()
|
||||
|
|
Loading…
Reference in a new issue