From 01917aa501d14d145819ce23a1eb296531a0e2c4 Mon Sep 17 00:00:00 2001 From: Maurice Debray Date: Wed, 18 May 2022 18:05:19 +0200 Subject: [PATCH 1/5] custom dokuwiki module --- modules/web-apps/dokuwiki.nix | 386 ++++++++++++++++++++++++++++++++++ 1 file changed, 386 insertions(+) create mode 100644 modules/web-apps/dokuwiki.nix diff --git a/modules/web-apps/dokuwiki.nix b/modules/web-apps/dokuwiki.nix new file mode 100644 index 0000000..3e92ac3 --- /dev/null +++ b/modules/web-apps/dokuwiki.nix @@ -0,0 +1,386 @@ +{ config, pkgs, lib, ... }: + +with lib; + +let + cfg = config.services.dokuwiki; + eachSite = cfg.sites; + user = "dokuwiki"; + nginx = config.services.nginx; + stateDir = hostName: "/var/lib/dokuwiki/${hostName}/data"; + + dokuwikiAclAuthConfig = hostName: cfg: pkgs.writeText "acl.auth-${hostName}.php" '' + # acl.auth.php + # + # + # Access Control Lists + # + ${toString cfg.acl} + ''; + + dokuwikiLocalConfig = hostName: cfg: pkgs.writeText "local-${hostName}.php" '' + + Mutually exclusive with services.dokuwiki.aclFile + Set this to a value other than null to take precedence over aclFile option. + + Warning: Consider using aclFile instead if you do not + want to store the ACL in the world-readable Nix store. + ''; + }; + + aclFile = mkOption { + type = with types; nullOr str; + default = if (config.aclUse && config.acl == null) then "/var/lib/dokuwiki/${name}/acl.auth.php" else null; + description = '' + Location of the dokuwiki acl rules. Mutually exclusive with services.dokuwiki.acl + Mutually exclusive with services.dokuwiki.acl which is preferred. + Consult documentation for further instructions. + Example: + ''; + example = "/var/lib/dokuwiki/${name}/acl.auth.php"; + }; + + aclUse = mkOption { + type = types.bool; + default = true; + description = '' + Necessary for users to log in into the system. + Also limits anonymous users. When disabled, + everyone is able to create and edit content. + ''; + }; + + pluginsConfig = mkOption { + type = types.lines; + default = '' + $plugins['authad'] = 0; + $plugins['authldap'] = 0; + $plugins['authmysql'] = 0; + $plugins['authpgsql'] = 0; + ''; + description = '' + List of the dokuwiki (un)loaded plugins. + ''; + }; + + superUser = mkOption { + type = types.nullOr types.str; + default = "@admin"; + description = '' + You can set either a username, a list of usernames (“admin1,admin2”), + or the name of a group by prepending an @ char to the groupname + Consult documentation for further instructions. + ''; + }; + + usersFile = mkOption { + type = with types; nullOr str; + default = if config.aclUse then "/var/lib/dokuwiki/${name}/users.auth.php" else null; + description = '' + Location of the dokuwiki users file. List of users. Format: + login:passwordhash:Real Name:email:groups,comma,separated + Create passwordHash easily by using:$ mkpasswd -5 password `pwgen 8 1` + Example: + ''; + example = "/var/lib/dokuwiki/${name}/users.auth.php"; + }; + + disableActions = mkOption { + type = types.nullOr types.str; + default = ""; + example = "search,register"; + description = '' + Disable individual action modes. Refer to + + for details on supported values. + ''; + }; + + plugins = mkOption { + type = types.listOf types.path; + default = []; + description = '' + List of path(s) to respective plugin(s) which are copied from the 'plugin' directory. + These plugins need to be packaged before use, see example. + ''; + example = literalExpression '' + let + # Let's package the icalevents plugin + plugin-icalevents = pkgs.stdenv.mkDerivation { + name = "icalevents"; + # Download the plugin from the dokuwiki site + src = pkgs.fetchurl { + url = "https://github.com/real-or-random/dokuwiki-plugin-icalevents/releases/download/2017-06-16/dokuwiki-plugin-icalevents-2017-06-16.zip"; + sha256 = "e40ed7dd6bbe7fe3363bbbecb4de481d5e42385b5a0f62f6a6ce6bf3a1f9dfa8"; + }; + sourceRoot = "."; + # We need unzip to build this package + buildInputs = [ pkgs.unzip ]; + # Installing simply means copying all files to the output directory + installPhase = "mkdir -p $out; cp -R * $out/"; + }; + # And then pass this theme to the plugin list like this: + in [ plugin-icalevents ] + ''; + }; + + templates = mkOption { + type = types.listOf types.path; + default = []; + description = '' + List of path(s) to respective template(s) which are copied from the 'tpl' directory. + These templates need to be packaged before use, see example. + ''; + example = literalExpression '' + let + # Let's package the bootstrap3 theme + template-bootstrap3 = pkgs.stdenv.mkDerivation { + name = "bootstrap3"; + # Download the theme from the dokuwiki site + src = pkgs.fetchurl { + url = "https://github.com/giterlizzi/dokuwiki-template-bootstrap3/archive/v2019-05-22.zip"; + sha256 = "4de5ff31d54dd61bbccaf092c9e74c1af3a4c53e07aa59f60457a8f00cfb23a6"; + }; + # We need unzip to build this package + buildInputs = [ pkgs.unzip ]; + # Installing simply means copying all files to the output directory + installPhase = "mkdir -p $out; cp -R * $out/"; + }; + # And then pass this theme to the template list like this: + in [ template-bootstrap3 ] + ''; + }; + + poolConfig = mkOption { + type = with types; attrsOf (oneOf [ str int bool ]); + default = { + "pm" = "dynamic"; + "pm.max_children" = 32; + "pm.start_servers" = 2; + "pm.min_spare_servers" = 2; + "pm.max_spare_servers" = 4; + "pm.max_requests" = 500; + }; + description = '' + Options for the DokuWiki PHP pool. See the documentation on php-fpm.conf + for details on configuration directives. + ''; + }; + + extraConfig = mkOption { + type = types.nullOr types.lines; + default = null; + example = '' + $conf['title'] = 'My Wiki'; + $conf['userewrite'] = 1; + ''; + description = '' + DokuWiki configuration. Refer to + + for details on supported values. + ''; + }; + + }; + + }; +in +{ + disabledModules = [ "services/web-apps/dokuwiki.nix" ]; + options = { + services.dokuwiki = { + + sites = mkOption { + type = types.attrsOf (types.submodule siteOpts); + default = {}; + description = "Specification of one or more DokuWiki sites to serve"; + }; + + }; + }; + + # implementation + config = mkIf (eachSite != {}) (mkMerge [{ + + assertions = flatten (mapAttrsToList (hostName: cfg: + [{ + assertion = cfg.aclUse -> (cfg.acl != null || cfg.aclFile != null); + message = "Either services.dokuwiki.sites.${hostName}.acl or services.dokuwiki.sites.${hostName}.aclFile is mandatory if aclUse true"; + } + { + assertion = cfg.usersFile != null -> cfg.aclUse != false; + message = "services.dokuwiki.sites.${hostName}.aclUse must must be true if usersFile is not null"; + } + ]) eachSite); + + services.phpfpm.pools = mapAttrs' (hostName: cfg: ( + nameValuePair "dokuwiki-${hostName}" { + inherit user; + group = nginx.group; + + # Not yet compatible with php 8 https://www.dokuwiki.org/requirements + # https://github.com/splitbrain/dokuwiki/issues/3545 + phpPackage = pkgs.php74; + phpEnv = { + DOKUWIKI_LOCAL_CONFIG = "${dokuwikiLocalConfig hostName cfg}"; + DOKUWIKI_PLUGINS_LOCAL_CONFIG = "${dokuwikiPluginsLocalConfig hostName cfg}"; + DOKUWIKI_ROOT = "${cfg.finalPackage}/share/dokuwiki/"; + } // optionalAttrs (cfg.usersFile != null) { + DOKUWIKI_USERS_AUTH_CONFIG = "${cfg.usersFile}"; + } //optionalAttrs (cfg.aclUse) { + DOKUWIKI_ACL_AUTH_CONFIG = if (cfg.acl != null) then "${dokuwikiAclAuthConfig hostName cfg}" else "${toString cfg.aclFile}"; + }; + + settings = { + "listen.owner" = nginx.user; + "listen.group" = nginx.group; + } // cfg.poolConfig; + } + )) eachSite; + + } + + { + systemd.tmpfiles.rules = flatten (mapAttrsToList (hostName: cfg: [ + "d ${stateDir hostName}/attic 0750 ${user} ${nginx.group} - -" + "d ${stateDir hostName}/cache 0750 ${user} ${nginx.group} - -" + "d ${stateDir hostName}/index 0750 ${user} ${nginx.group} - -" + "d ${stateDir hostName}/locks 0750 ${user} ${nginx.group} - -" + "d ${stateDir hostName}/media 0750 ${user} ${nginx.group} - -" + "d ${stateDir hostName}/media_attic 0750 ${user} ${nginx.group} - -" + "d ${stateDir hostName}/media_meta 0750 ${user} ${nginx.group} - -" + "d ${stateDir hostName}/meta 0750 ${user} ${nginx.group} - -" + "d ${stateDir hostName}/pages 0750 ${user} ${nginx.group} - -" + "d ${stateDir hostName}/tmp 0750 ${user} ${nginx.group} - -" + ] ++ lib.optional (cfg.aclFile != null) "C ${cfg.aclFile} 0640 ${user} ${nginx.group} - ${pkg hostName cfg}/share/dokuwiki/conf/acl.auth.php.dist" + ++ lib.optional (cfg.usersFile != null) "C ${cfg.usersFile} 0640 ${user} ${nginx.group} - ${pkg hostName cfg}/share/dokuwiki/conf/users.auth.php.dist" + ) eachSite); + + users.users.${user} = { + group = nginx.group; + isSystemUser = true; + }; + } + + { + services.nginx = { + enable = true; + virtualHosts = mapAttrs (hostName: cfg: { + serverName = mkDefault hostName; + root = "${pkg hostName cfg}/share/dokuwiki"; + + locations = { + "~ /(conf/|bin/|inc/|install.php)" = { + extraConfig = "deny all;"; + }; + + "~ ^/data/" = { + root = "${stateDir hostName}"; + extraConfig = "internal;"; + }; + + "~ ^/lib.*\.(js|css|gif|png|ico|jpg|jpeg)$" = { + extraConfig = "expires 365d;"; + }; + + "/" = { + priority = 1; + index = "doku.php"; + extraConfig = ''try_files $uri $uri/ @dokuwiki;''; + }; + + "@dokuwiki" = { + extraConfig = '' + # rewrites "doku.php/" out of the URLs if you set the userwrite setting to .htaccess in dokuwiki config page + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1&$args last; + ''; + }; + + "~ \\.php$" = { + extraConfig = '' + try_files $uri $uri/ /doku.php; + include ${config.services.nginx.package}/conf/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param REDIRECT_STATUS 200; + fastcgi_pass unix:${config.services.phpfpm.pools."dokuwiki-${hostName}".socket}; + ''; + }; + + }; + }) eachSite; + }; + } + + ]); +} -- 2.47.0 From 056d8c13ff5e1181e21ed57b23d111bccf150d38 Mon Sep 17 00:00:00 2001 From: sinavir Date: Sun, 24 Jul 2022 22:20:10 +0200 Subject: [PATCH 2/5] add dokuwiki addons --- pkgs/default.nix | 5 +++++ pkgs/servers/dokuwiki/pluginCatlist.nix | 16 ++++++++++++++++ pkgs/servers/dokuwiki/pluginCommonmark.nix | 14 ++++++++++++++ pkgs/servers/dokuwiki/pluginKeycloak.nix | 16 ++++++++++++++++ pkgs/servers/dokuwiki/pluginOauth.nix | 16 ++++++++++++++++ pkgs/servers/dokuwiki/templateBootstrap3.nix | 17 +++++++++++++++++ 6 files changed, 84 insertions(+) create mode 100644 pkgs/servers/dokuwiki/pluginCatlist.nix create mode 100644 pkgs/servers/dokuwiki/pluginCommonmark.nix create mode 100644 pkgs/servers/dokuwiki/pluginKeycloak.nix create mode 100644 pkgs/servers/dokuwiki/pluginOauth.nix create mode 100644 pkgs/servers/dokuwiki/templateBootstrap3.nix diff --git a/pkgs/default.nix b/pkgs/default.nix index 862bbb9..6e9bb15 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -9,6 +9,11 @@ let callPackage f (subsetArgs // extraArgs); self = rec { acme-dns = callPackage ./servers/acme-dns.nix {}; + dokuwikiAddons.template.bootstrap3 = callPackage ./servers/dokuwiki/templateBootstrap3.nix; + dokuwikiAddons.plugins.commonmark = callPackage ./servers/dokuwiki/pluginCommonmark.nix; + dokuwikiAddons.plugins.catlist = callPackage ./servers/dokuwiki/pluginCatlist.nix; + dokuwikiAddons.plugins.oauth = callPackage ./servers/dokuwiki/pluginOauth.nix; + dokuwikiAddons.plugins.keycloak = callPackage ./servers/dokuwiki/pluginKeycloak.nix; }; in self diff --git a/pkgs/servers/dokuwiki/pluginCatlist.nix b/pkgs/servers/dokuwiki/pluginCatlist.nix new file mode 100644 index 0000000..75367ab --- /dev/null +++ b/pkgs/servers/dokuwiki/pluginCatlist.nix @@ -0,0 +1,16 @@ +{ stdenv, fetchFromGitHub }: +stdenv.mkDerivation { + name = "catlist"; + # Download the theme from the dokuwiki site + src = fetchFromGitHub { + owner = "xif-fr"; + repo = "dokuwiki-plugin-catlist"; + rev = "065f8d2f4817409989b9342b901163452fb9f547"; + sha256 = "1l7bvnqkai8qkqqb67w8yy7fbs30dviqc36pyqggzfjhi558i9ih"; + }; + # Installing simply means copying all files to the output directory + installPhase = '' + mkdir -p $out + cp -R * $out/ + ''; +} diff --git a/pkgs/servers/dokuwiki/pluginCommonmark.nix b/pkgs/servers/dokuwiki/pluginCommonmark.nix new file mode 100644 index 0000000..6d9794b --- /dev/null +++ b/pkgs/servers/dokuwiki/pluginCommonmark.nix @@ -0,0 +1,14 @@ +{ stdenv, fetchzip }: +stdenv.mkDerivation { + name = "commonmark"; + # Download the theme from the dokuwiki site + src = fetchzip { + url = "https://github.com/clockoon/dokuwiki-plugin-commonmark/releases/download/v1.2.0/release.tar.gz"; + sha256 = "10SVyqkbkwzF/m4aTHB/ssXJK5rjQbLxYOAFDKYOxTY="; + }; + # Installing simply means copying all files to the output directory + installPhase = '' + mkdir -p $out + cp -R * $out/ + ''; +} diff --git a/pkgs/servers/dokuwiki/pluginKeycloak.nix b/pkgs/servers/dokuwiki/pluginKeycloak.nix new file mode 100644 index 0000000..509964e --- /dev/null +++ b/pkgs/servers/dokuwiki/pluginKeycloak.nix @@ -0,0 +1,16 @@ +{ stdenv, fetchFromGitHub }: +stdenv.mkDerivation { + name = "oauth"; + # Download the theme from the dokuwiki site + src = fetchFromGitHub { + owner = "cosmocode"; + repo = "dokuwiki-plugin-oauth"; + rev = "2022-01-13"; + sha256 = "ruaw8MqSMgopULD7vxed44nbowjVc1e4H0Q7JEL9pD0="; + }; + # Installing simply means copying all files to the output directory + installPhase = '' + mkdir -p $out + cp -R * $out/ + ''; +} diff --git a/pkgs/servers/dokuwiki/pluginOauth.nix b/pkgs/servers/dokuwiki/pluginOauth.nix new file mode 100644 index 0000000..8da388b --- /dev/null +++ b/pkgs/servers/dokuwiki/pluginOauth.nix @@ -0,0 +1,16 @@ +{ stdenv, fetchFromGitHub }: +stdenv.mkDerivation { + name = "oauth"; + # Download the theme from the dokuwiki site + src = fetchFromGitHub { + owner = "cosmocode"; + repo = "dokuwiki-plugin-oauth"; + rev = "2022-01-13"; + sha256 = "ruaw8MqSMgopULD7vxed44nbowjVc1e4H0Q7JEL9pD0="; + }; + # Installing simply means copying all files to the output directory + installPhase = '' + mkdir -p $out + cp -R * $out/ + ''; +} diff --git a/pkgs/servers/dokuwiki/templateBootstrap3.nix b/pkgs/servers/dokuwiki/templateBootstrap3.nix new file mode 100644 index 0000000..8c29a9a --- /dev/null +++ b/pkgs/servers/dokuwiki/templateBootstrap3.nix @@ -0,0 +1,17 @@ +{ stdenv, fetchFromGitHub }: +stdenv.mkDerivation { + name = "bootstrap3"; + # Download the theme from the dokuwiki site + src = fetchFromGitHub { + owner = "giterlizzi"; + repo = "dokuwiki-template-bootstrap3"; + rev="v2020-07-29"; + sha256="05d6si1lci3a2pgd10iwpwrgl969y7gq4qsn5p1lbgxkraad17af"; + }; + # Installing simply means copying all files to the output directory + installPhase = '' + mkdir -p $out + cp -R * $out/ + echo " $out/doku_inc.php # Lien vers le dokuwiki + ''; +} -- 2.47.0 From c5d852f465933c5ed7e6cc98f8ddebc97c9fbcf9 Mon Sep 17 00:00:00 2001 From: sinavir Date: Sun, 24 Jul 2022 22:22:16 +0200 Subject: [PATCH 3/5] typo --- pkgs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/default.nix b/pkgs/default.nix index 6e9bb15..7202ef7 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -9,7 +9,7 @@ let callPackage f (subsetArgs // extraArgs); self = rec { acme-dns = callPackage ./servers/acme-dns.nix {}; - dokuwikiAddons.template.bootstrap3 = callPackage ./servers/dokuwiki/templateBootstrap3.nix; + dokuwikiAddons.templates.bootstrap3 = callPackage ./servers/dokuwiki/templateBootstrap3.nix; dokuwikiAddons.plugins.commonmark = callPackage ./servers/dokuwiki/pluginCommonmark.nix; dokuwikiAddons.plugins.catlist = callPackage ./servers/dokuwiki/pluginCatlist.nix; dokuwikiAddons.plugins.oauth = callPackage ./servers/dokuwiki/pluginOauth.nix; -- 2.47.0 From de3dd70a88b30cc9a3caefe821794491807f2a7a Mon Sep 17 00:00:00 2001 From: sinavir Date: Mon, 25 Jul 2022 00:40:31 +0200 Subject: [PATCH 4/5] better naming of dokuwiki related packages --- pkgs/default.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pkgs/default.nix b/pkgs/default.nix index 7202ef7..a06f32f 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -9,11 +9,11 @@ let callPackage f (subsetArgs // extraArgs); self = rec { acme-dns = callPackage ./servers/acme-dns.nix {}; - dokuwikiAddons.templates.bootstrap3 = callPackage ./servers/dokuwiki/templateBootstrap3.nix; - dokuwikiAddons.plugins.commonmark = callPackage ./servers/dokuwiki/pluginCommonmark.nix; - dokuwikiAddons.plugins.catlist = callPackage ./servers/dokuwiki/pluginCatlist.nix; - dokuwikiAddons.plugins.oauth = callPackage ./servers/dokuwiki/pluginOauth.nix; - dokuwikiAddons.plugins.keycloak = callPackage ./servers/dokuwiki/pluginKeycloak.nix; + dokuwikiExtensions.templates.bootstrap3 = callPackage ./servers/dokuwiki/templateBootstrap3.nix; + dokuwikiExtensions.plugins.commonmark = callPackage ./servers/dokuwiki/pluginCommonmark.nix; + dokuwikiExtensions.plugins.catlist = callPackage ./servers/dokuwiki/pluginCatlist.nix; + dokuwikiExtensions.plugins.oauth = callPackage ./servers/dokuwiki/pluginOauth.nix; + dokuwikiExtensions.plugins.keycloak = callPackage ./servers/dokuwiki/pluginKeycloak.nix; }; in self -- 2.47.0 From 30e5da0c5eeede091c35f64d6a3720fd8e149d87 Mon Sep 17 00:00:00 2001 From: sinavir Date: Mon, 25 Jul 2022 00:51:48 +0200 Subject: [PATCH 5/5] typo: forgotten empty set argument for callpackage --- pkgs/default.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pkgs/default.nix b/pkgs/default.nix index a06f32f..8bd9dd6 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -9,11 +9,11 @@ let callPackage f (subsetArgs // extraArgs); self = rec { acme-dns = callPackage ./servers/acme-dns.nix {}; - dokuwikiExtensions.templates.bootstrap3 = callPackage ./servers/dokuwiki/templateBootstrap3.nix; - dokuwikiExtensions.plugins.commonmark = callPackage ./servers/dokuwiki/pluginCommonmark.nix; - dokuwikiExtensions.plugins.catlist = callPackage ./servers/dokuwiki/pluginCatlist.nix; - dokuwikiExtensions.plugins.oauth = callPackage ./servers/dokuwiki/pluginOauth.nix; - dokuwikiExtensions.plugins.keycloak = callPackage ./servers/dokuwiki/pluginKeycloak.nix; + dokuwikiExtensions.templates.bootstrap3 = callPackage ./servers/dokuwiki/templateBootstrap3.nix {}; + dokuwikiExtensions.plugins.commonmark = callPackage ./servers/dokuwiki/pluginCommonmark.nix {}; + dokuwikiExtensions.plugins.catlist = callPackage ./servers/dokuwiki/pluginCatlist.nix {}; + dokuwikiExtensions.plugins.oauth = callPackage ./servers/dokuwiki/pluginOauth.nix {}; + dokuwikiExtensions.plugins.keycloak = callPackage ./servers/dokuwiki/pluginKeycloak.nix {}; }; in self -- 2.47.0