Merge pull request #89444 from mweinelt/pinnwand-module

nixos/pinnwand: init; steck: init at 0.5.0; nixos/tests/pinnwand: init
This commit is contained in:
Martin Weinelt 2020-08-14 22:09:33 +02:00 committed by GitHub
commit f1efdd2c0b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 216 additions and 7 deletions

View File

@ -489,6 +489,7 @@
./services/misc/parsoid.nix ./services/misc/parsoid.nix
./services/misc/plex.nix ./services/misc/plex.nix
./services/misc/tautulli.nix ./services/misc/tautulli.nix
./services/misc/pinnwand.nix
./services/misc/pykms.nix ./services/misc/pykms.nix
./services/misc/radarr.nix ./services/misc/radarr.nix
./services/misc/redmine.nix ./services/misc/redmine.nix

View File

@ -0,0 +1,78 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.pinnwand;
format = pkgs.formats.toml {};
configFile = format.generate "pinnwand.toml" cfg.settings;
in
{
options.services.pinnwand = {
enable = mkEnableOption "Pinnwand";
port = mkOption {
type = types.port;
description = "The port to listen on.";
default = 8000;
};
settings = mkOption {
type = format.type;
description = ''
Your <filename>pinnwand.toml</filename> as a Nix attribute set. Look up
possible options in the <link xlink:href="https://github.com/supakeen/pinnwand/blob/master/pinnwand.toml-example">pinnwand.toml-example</link>.
'';
default = {
# https://github.com/supakeen/pinnwand/blob/master/pinnwand.toml-example
database_uri = "sqlite:///var/lib/pinnwand/pinnwand.db";
preferred_lexeres = [];
paste_size = 262144;
paste_help = ''
<p>Welcome to pinnwand, this site is a pastebin. It allows you to share code with others. If you write code in the text area below and press the paste button you will be given a link you can share with others so they can view your code as well.</p><p>People with the link can view your pasted code, only you can remove your paste and it expires automatically. Note that anyone could guess the URI to your paste so don't rely on it being private.</p>
'';
footer = ''
View <a href="//github.com/supakeen/pinnwand" target="_BLANK">source code</a>, the <a href="/removal">removal</a> or <a href="/expiry">expiry</a> stories, or read the <a href="/about">about</a> page.
'';
};
};
};
config = mkIf cfg.enable {
systemd.services.pinnwand = {
description = "Pinnwannd HTTP Server";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
unitConfig.Documentation = "https://pinnwand.readthedocs.io/en/latest/";
serviceConfig = {
ExecStart = "${pkgs.pinnwand}/bin/pinnwand --configuration-path ${configFile} http --port ${toString(cfg.port)}";
StateDirectory = "pinnwand";
StateDirectoryMode = "0700";
AmbientCapabilities = [];
CapabilityBoundingSet = "";
DevicePolicy = "closed";
DynamicUser = true;
LockPersonality = true;
MemoryDenyWriteExecute = true;
PrivateDevices = true;
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ];
RestrictNamespaces = true;
RestrictRealtime = true;
SystemCallArchitectures = "native";
SystemCallFilter = "@system-service";
UMask = "0077";
};
};
};
}

View File

@ -269,6 +269,7 @@ in
pgjwt = handleTest ./pgjwt.nix {}; pgjwt = handleTest ./pgjwt.nix {};
pgmanage = handleTest ./pgmanage.nix {}; pgmanage = handleTest ./pgmanage.nix {};
php = handleTest ./php {}; php = handleTest ./php {};
pinnwand = handleTest ./pinnwand.nix {};
plasma5 = handleTest ./plasma5.nix {}; plasma5 = handleTest ./plasma5.nix {};
plotinus = handleTest ./plotinus.nix {}; plotinus = handleTest ./plotinus.nix {};
podman = handleTestOn ["x86_64-linux"] ./podman.nix {}; podman = handleTestOn ["x86_64-linux"] ./podman.nix {};

86
nixos/tests/pinnwand.nix Normal file
View File

@ -0,0 +1,86 @@
import ./make-test-python.nix ({ pkgs, ...}:
let
pythonEnv = pkgs.python3.withPackages (py: with py; [ appdirs toml ]);
port = 8000;
baseUrl = "http://server:${toString port}";
configureSteck = pkgs.writeScript "configure.py" ''
#!${pythonEnv.interpreter}
import appdirs
import toml
import os
CONFIG = {
"base": "${baseUrl}/",
"confirm": False,
"magic": True,
"ignore": True
}
os.makedirs(appdirs.user_config_dir('steck'))
with open(os.path.join(appdirs.user_config_dir('steck'), 'steck.toml'), "w") as fd:
toml.dump(CONFIG, fd)
'';
in
{
name = "pinnwand";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers =[ hexa ];
};
nodes = {
server = { config, ... }:
{
networking.firewall.allowedTCPPorts = [
port
];
services.pinnwand = {
enable = true;
port = port;
};
};
client = { pkgs, ... }:
{
environment.systemPackages = [ pkgs.steck ];
};
};
testScript = ''
start_all()
server.wait_for_unit("pinnwand.service")
client.wait_for_unit("network.target")
# create steck.toml config file
client.succeed("${configureSteck}")
# wait until the server running pinnwand is reachable
client.wait_until_succeeds("ping -c1 server")
# make sure pinnwand is listening
server.wait_until_succeeds("ss -lnp | grep ${toString port}")
# send the contents of /etc/machine-id
response = client.succeed("steck paste /etc/machine-id")
# parse the steck response
raw_url = None
removal_link = None
for line in response.split("\n"):
if line.startswith("View link:"):
raw_url = f"${baseUrl}/raw/{line.split('/')[-1]}"
if line.startswith("Removal link:"):
removal_link = line.split(":", 1)[1]
# check whether paste matches what we sent
client.succeed(f"curl {raw_url} > /tmp/machine-id")
client.succeed("diff /tmp/machine-id /etc/machine-id")
# remove paste and check that it's not available any more
client.succeed(f"curl {removal_link}")
client.fail(f"curl --fail {raw_url}")
'';
})

View File

@ -1,4 +1,4 @@
{ lib, python3, fetchFromGitHub }: { lib, python3, fetchFromGitHub, poetry, nixosTests }:
let let
python = python3.override { python = python3.override {
@ -14,13 +14,20 @@ let
}; };
in with python.pkgs; buildPythonApplication rec { in with python.pkgs; buildPythonApplication rec {
pname = "pinnwand"; pname = "pinnwand";
version = "1.1.2"; version = "1.2.1";
format = "pyproject";
src = fetchPypi { src = fetchFromGitHub {
inherit pname version; owner = "supakeen";
sha256 = "0iincxkfyyx85ggx9ilms2f8aq4lcbg3rkqgrr4wlsflzhljqd0p"; repo = pname;
rev = "v${version}";
sha256 = "1rk7rpyb4vmqxqqv8k9jpjmgakr3mn1iaqxyj34r74p1n5vfzimq";
}; };
nativeBuildInputs = [
poetry
];
propagatedBuildInputs = [ propagatedBuildInputs = [
click click
docutils docutils
@ -30,11 +37,14 @@ in with python.pkgs; buildPythonApplication rec {
sqlalchemy sqlalchemy
]; ];
# tests are only available when fetching from GitHub, where they in turn don't have a setup.py :( checkInputs = [ pytest ];
checkPhase = '' checkPhase = ''
$out/bin/pinnwand --help > /dev/null pytest
''; '';
passthru.tests = nixosTests.pinnwand;
meta = with lib; { meta = with lib; {
homepage = "https://supakeen.com/project/pinnwand/"; homepage = "https://supakeen.com/project/pinnwand/";
license = licenses.mit; license = licenses.mit;

View File

@ -0,0 +1,31 @@
{ lib, pkgs, python3Packages, nixosTests }:
python3Packages.buildPythonApplication rec {
pname = "steck";
version = "0.6.0";
src = python3Packages.fetchPypi {
inherit pname version;
sha256 = "07gc5iwbyprb8nihnjjl2zd06z8p4nl3a3drzh9a8ny35ig1khq0";
};
propagatedBuildInputs = with python3Packages; [
pkgs.git
appdirs
click
python_magic
requests
termcolor
toml
];
passthru.tests = nixosTests.pinnwand;
meta = with lib; {
homepage = "https://github.com/supakeen/steck";
license = licenses.mit;
description = "Client for pinnwand pastebin.";
maintainers = with maintainers; [ hexa ];
};
}

View File

@ -6917,6 +6917,8 @@ in
stdman = callPackage ../data/documentation/stdman { }; stdman = callPackage ../data/documentation/stdman { };
steck = callPackage ../servers/pinnwand/steck.nix { };
stenc = callPackage ../tools/backup/stenc { }; stenc = callPackage ../tools/backup/stenc { };
stm32loader = with python3Packages; toPythonApplication stm32loader; stm32loader = with python3Packages; toPythonApplication stm32loader;