diff options
author | Alyssa Ross <hi@alyssa.is> | 2022-05-31 09:59:33 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2022-05-31 09:59:57 +0000 |
commit | 9ff36293d1e428cd7bf03e8d4b03611b6d361c28 (patch) | |
tree | 1ab51a42b868c55b83f6ccdb80371b9888739dd9 /nixos/modules/services/development/zammad.nix | |
parent | 1c4fcd0d4b0541e674ee56ace1053e23e562cc80 (diff) | |
parent | ddc3c396a51918043bb0faa6f676abd9562be62c (diff) | |
download | nixpkgs-9ff36293d1e428cd7bf03e8d4b03611b6d361c28.tar nixpkgs-9ff36293d1e428cd7bf03e8d4b03611b6d361c28.tar.gz nixpkgs-9ff36293d1e428cd7bf03e8d4b03611b6d361c28.tar.bz2 nixpkgs-9ff36293d1e428cd7bf03e8d4b03611b6d361c28.tar.lz nixpkgs-9ff36293d1e428cd7bf03e8d4b03611b6d361c28.tar.xz nixpkgs-9ff36293d1e428cd7bf03e8d4b03611b6d361c28.tar.zst nixpkgs-9ff36293d1e428cd7bf03e8d4b03611b6d361c28.zip |
Last good Nixpkgs for Weston+nouveau? archive
I came this commit hash to terwiz[m] on IRC, who is trying to figure out what the last version of Spectrum that worked on their NUC with Nvidia graphics is.
Diffstat (limited to 'nixos/modules/services/development/zammad.nix')
-rw-r--r-- | nixos/modules/services/development/zammad.nix | 323 |
1 files changed, 323 insertions, 0 deletions
diff --git a/nixos/modules/services/development/zammad.nix b/nixos/modules/services/development/zammad.nix new file mode 100644 index 00000000000..d457a607187 --- /dev/null +++ b/nixos/modules/services/development/zammad.nix @@ -0,0 +1,323 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.zammad; + settingsFormat = pkgs.formats.yaml { }; + filterNull = filterAttrs (_: v: v != null); + serviceConfig = { + Type = "simple"; + Restart = "always"; + + User = "zammad"; + Group = "zammad"; + PrivateTmp = true; + StateDirectory = "zammad"; + WorkingDirectory = cfg.dataDir; + }; + environment = { + RAILS_ENV = "production"; + NODE_ENV = "production"; + RAILS_SERVE_STATIC_FILES = "true"; + RAILS_LOG_TO_STDOUT = "true"; + }; + databaseConfig = settingsFormat.generate "database.yml" cfg.database.settings; +in +{ + + options = { + services.zammad = { + enable = mkEnableOption "Zammad, a web-based, open source user support/ticketing solution."; + + package = mkOption { + type = types.package; + default = pkgs.zammad; + defaultText = literalExpression "pkgs.zammad"; + description = "Zammad package to use."; + }; + + dataDir = mkOption { + type = types.path; + default = "/var/lib/zammad"; + description = '' + Path to a folder that will contain Zammad working directory. + ''; + }; + + host = mkOption { + type = types.str; + default = "127.0.0.1"; + example = "192.168.23.42"; + description = "Host address."; + }; + + openPorts = mkOption { + type = types.bool; + default = false; + description = "Whether to open firewall ports for Zammad"; + }; + + port = mkOption { + type = types.port; + default = 3000; + description = "Web service port."; + }; + + websocketPort = mkOption { + type = types.port; + default = 6042; + description = "Websocket service port."; + }; + + database = { + type = mkOption { + type = types.enum [ "PostgreSQL" "MySQL" ]; + default = "PostgreSQL"; + example = "MySQL"; + description = "Database engine to use."; + }; + + host = mkOption { + type = types.nullOr types.str; + default = { + PostgreSQL = "/run/postgresql"; + MySQL = "localhost"; + }.${cfg.database.type}; + defaultText = literalExpression '' + { + PostgreSQL = "/run/postgresql"; + MySQL = "localhost"; + }.''${config.services.zammad.database.type}; + ''; + description = '' + Database host address. + ''; + }; + + port = mkOption { + type = types.nullOr types.port; + default = null; + description = "Database port. Use <literal>null</literal> for default port."; + }; + + name = mkOption { + type = types.str; + default = "zammad"; + description = '' + Database name. + ''; + }; + + user = mkOption { + type = types.nullOr types.str; + default = "zammad"; + description = "Database user."; + }; + + passwordFile = mkOption { + type = types.nullOr types.path; + default = null; + example = "/run/keys/zammad-dbpassword"; + description = '' + A file containing the password for <option>services.zammad.database.user</option>. + ''; + }; + + createLocally = mkOption { + type = types.bool; + default = true; + description = "Whether to create a local database automatically."; + }; + + settings = mkOption { + type = settingsFormat.type; + default = { }; + example = literalExpression '' + { + } + ''; + description = '' + The <filename>database.yml</filename> configuration file as key value set. + See <link xlink:href='TODO' /> + for list of configuration parameters. + ''; + }; + }; + + secretKeyBaseFile = mkOption { + type = types.nullOr types.path; + default = null; + example = "/run/keys/secret_key_base"; + description = '' + The path to a file containing the + <literal>secret_key_base</literal> secret. + + Zammad uses <literal>secret_key_base</literal> to encrypt + the cookie store, which contains session data, and to digest + user auth tokens. + + Needs to be a 64 byte long string of hexadecimal + characters. You can generate one by running + + <screen> + <prompt>$ </prompt>openssl rand -hex 64 >/path/to/secret_key_base_file + </screen> + + This should be a string, not a nix path, since nix paths are + copied into the world-readable nix store. + ''; + }; + }; + }; + + config = mkIf cfg.enable { + + services.zammad.database.settings = { + production = mapAttrs (_: v: mkDefault v) (filterNull { + adapter = { + PostgreSQL = "postgresql"; + MySQL = "mysql2"; + }.${cfg.database.type}; + database = cfg.database.name; + pool = 50; + timeout = 5000; + encoding = "utf8"; + username = cfg.database.user; + host = cfg.database.host; + port = cfg.database.port; + }); + }; + + networking.firewall.allowedTCPPorts = mkIf cfg.openPorts [ + config.services.zammad.port + config.services.zammad.websocketPort + ]; + + users.users.zammad = { + isSystemUser = true; + home = cfg.dataDir; + group = "zammad"; + }; + + users.groups.zammad = { }; + + assertions = [ + { + assertion = cfg.database.createLocally -> cfg.database.user == "zammad"; + message = "services.zammad.database.user must be set to \"zammad\" if services.zammad.database.createLocally is set to true"; + } + { + assertion = cfg.database.createLocally -> cfg.database.passwordFile == null; + message = "a password cannot be specified if services.zammad.database.createLocally is set to true"; + } + ]; + + services.mysql = optionalAttrs (cfg.database.createLocally && cfg.database.type == "MySQL") { + enable = true; + package = mkDefault pkgs.mariadb; + ensureDatabases = [ cfg.database.name ]; + ensureUsers = [ + { + name = cfg.database.user; + ensurePermissions = { "${cfg.database.name}.*" = "ALL PRIVILEGES"; }; + } + ]; + }; + + services.postgresql = optionalAttrs (cfg.database.createLocally && cfg.database.type == "PostgreSQL") { + enable = true; + ensureDatabases = [ cfg.database.name ]; + ensureUsers = [ + { + name = cfg.database.user; + ensurePermissions = { "DATABASE ${cfg.database.name}" = "ALL PRIVILEGES"; }; + } + ]; + }; + + systemd.services.zammad-web = { + inherit environment; + serviceConfig = serviceConfig // { + # loading all the gems takes time + TimeoutStartSec = 1200; + }; + after = [ + "network.target" + "postgresql.service" + ]; + requires = [ + "postgresql.service" + ]; + description = "Zammad web"; + wantedBy = [ "multi-user.target" ]; + preStart = '' + # Blindly copy the whole project here. + chmod -R +w . + rm -rf ./public/assets/* + rm -rf ./tmp/* + rm -rf ./log/* + cp -r --no-preserve=owner ${cfg.package}/* . + chmod -R +w . + # config file + cp ${databaseConfig} ./config/database.yml + chmod -R +w . + ${optionalString (cfg.database.passwordFile != null) '' + { + echo -n " password: " + cat ${cfg.database.passwordFile} + } >> ./config/database.yml + ''} + ${optionalString (cfg.secretKeyBaseFile != null) '' + { + echo "production: " + echo -n " secret_key_base: " + cat ${cfg.secretKeyBaseFile} + } > ./config/secrets.yml + ''} + + if [ `${config.services.postgresql.package}/bin/psql \ + --host ${cfg.database.host} \ + ${optionalString + (cfg.database.port != null) + "--port ${toString cfg.database.port}"} \ + --username ${cfg.database.user} \ + --dbname ${cfg.database.name} \ + --command "SELECT COUNT(*) FROM pg_class c \ + JOIN pg_namespace s ON s.oid = c.relnamespace \ + WHERE s.nspname NOT IN ('pg_catalog', 'pg_toast', 'information_schema') \ + AND s.nspname NOT LIKE 'pg_temp%';" | sed -n 3p` -eq 0 ]; then + echo "Initialize database" + ./bin/rake --no-system db:migrate + ./bin/rake --no-system db:seed + else + echo "Migrate database" + ./bin/rake --no-system db:migrate + fi + echo "Done" + ''; + script = "./script/rails server -b ${cfg.host} -p ${toString cfg.port}"; + }; + + systemd.services.zammad-websocket = { + inherit serviceConfig environment; + after = [ "zammad-web.service" ]; + requires = [ "zammad-web.service" ]; + description = "Zammad websocket"; + wantedBy = [ "multi-user.target" ]; + script = "./script/websocket-server.rb -b ${cfg.host} -p ${toString cfg.websocketPort} start"; + }; + + systemd.services.zammad-scheduler = { + inherit environment; + serviceConfig = serviceConfig // { Type = "forking"; }; + after = [ "zammad-web.service" ]; + requires = [ "zammad-web.service" ]; + description = "Zammad scheduler"; + wantedBy = [ "multi-user.target" ]; + script = "./script/scheduler.rb start"; + }; + }; + + meta.maintainers = with lib.maintainers; [ garbas taeer ]; +} |