diff --git a/nixos/doc/manual/release-notes/rl-2405.section.md b/nixos/doc/manual/release-notes/rl-2405.section.md index 06c360c33bbd3..497bd9a07d624 100644 --- a/nixos/doc/manual/release-notes/rl-2405.section.md +++ b/nixos/doc/manual/release-notes/rl-2405.section.md @@ -125,6 +125,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - [go-camo](https://github.com/cactus/go-camo), a secure image proxy server. Available as [services.go-camo](#opt-services.go-camo.enable). +- [CommaFeed](https://github.com/Athou/commafeed), a Google Reader inspired self-hosted RSS reader. Available as [services.commafeed](#opt-services.commafeed.enable). + - [Monado](https://monado.freedesktop.org/), an open source XR runtime. Available as [services.monado](#opt-services.monado.enable). - [Pretix](https://pretix.eu/about/en/), an open source ticketing software for events. Available as [services.pretix]($opt-services-pretix.enable). diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index b361e9ee5e41d..6cc40735a7042 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -1312,6 +1312,7 @@ ./services/web-apps/chatgpt-retrieval-plugin.nix ./services/web-apps/cloudlog.nix ./services/web-apps/code-server.nix + ./services/web-apps/commafeed.nix ./services/web-apps/convos.nix ./services/web-apps/davis.nix ./services/web-apps/dex.nix diff --git a/nixos/modules/services/web-apps/commafeed.nix b/nixos/modules/services/web-apps/commafeed.nix new file mode 100644 index 0000000000000..354e3625bb999 --- /dev/null +++ b/nixos/modules/services/web-apps/commafeed.nix @@ -0,0 +1,114 @@ +{ + config, + lib, + pkgs, + ... +}: +let + cfg = config.services.commafeed; +in +{ + options.services.commafeed = { + enable = lib.mkEnableOption "CommaFeed"; + + package = lib.mkPackageOption pkgs "commafeed" { }; + + user = lib.mkOption { + type = lib.types.str; + description = "User under which CommaFeed runs."; + default = "commafeed"; + }; + + group = lib.mkOption { + type = lib.types.str; + description = "Group under which CommaFeed runs."; + default = "commafeed"; + }; + + stateDir = lib.mkOption { + type = lib.types.path; + description = "Directory holding all state for CommaFeed to run."; + default = "/var/lib/commafeed"; + }; + + environment = lib.mkOption { + type = lib.types.attrsOf ( + lib.types.oneOf [ + lib.types.bool + lib.types.int + lib.types.str + ] + ); + description = '' + Extra environment variables passed to CommaFeed, refer to + + for supported values. The default user is `admin` and the default password is `admin`. + Correct configuration for H2 database is already provided. + ''; + default = { }; + example = { + CF_SERVER_APPLICATIONCONNECTORS_0_TYPE = "http"; + CF_SERVER_APPLICATIONCONNECTORS_0_PORT = 9090; + }; + }; + + environmentFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; + description = '' + Environment file as defined in {manpage}`systemd.exec(5)`. + ''; + default = null; + example = "/var/lib/commafeed/commafeed.env"; + }; + }; + + config = lib.mkIf cfg.enable { + systemd.services.commafeed = { + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + environment = lib.mapAttrs ( + _: v: if lib.isBool v then lib.boolToString v else toString v + ) cfg.environment; + serviceConfig = { + ExecStart = "${lib.getExe cfg.package} server ${cfg.package}/share/config.yml"; + User = cfg.user; + Group = cfg.group; + StateDirectory = baseNameOf cfg.stateDir; + WorkingDirectory = cfg.stateDir; + # Hardening + CapabilityBoundingSet = [ "" ]; + DevicePolicy = "closed"; + DynamicUser = true; + LockPersonality = true; + NoNewPrivileges = true; + PrivateDevices = true; + PrivateUsers = true; + ProcSubset = "pid"; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectProc = "invisible"; + ProtectSystem = true; + RestrictAddressFamilies = [ + "AF_INET" + "AF_INET6" + ]; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + SystemCallArchitectures = "native"; + SystemCallFilter = [ + "@system-service" + "~@privileged" + ]; + UMask = "0077"; + } // lib.optionalAttrs (cfg.environmentFile != null) { EnvironmentFile = cfg.environmentFile; }; + }; + }; + + meta.maintainers = [ lib.maintainers.raroh73 ]; +} diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index c5af2ce1fccbc..4cae22cc61397 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -203,6 +203,7 @@ in { code-server = handleTest ./code-server.nix {}; coder = handleTest ./coder.nix {}; collectd = handleTest ./collectd.nix {}; + commafeed = handleTest ./commafeed.nix {}; connman = handleTest ./connman.nix {}; consul = handleTest ./consul.nix {}; consul-template = handleTest ./consul-template.nix {}; diff --git a/nixos/tests/commafeed.nix b/nixos/tests/commafeed.nix new file mode 100644 index 0000000000000..7b65720818a9b --- /dev/null +++ b/nixos/tests/commafeed.nix @@ -0,0 +1,21 @@ +import ./make-test-python.nix ( + { lib, ... }: + { + name = "commafeed"; + + nodes.server = { + services.commafeed = { + enable = true; + }; + }; + + testScript = '' + server.start() + server.wait_for_unit("commafeed.service") + server.wait_for_open_port(8082) + server.succeed("curl --fail --silent http://localhost:8082") + ''; + + meta.maintainers = [ lib.maintainers.raroh73 ]; + } +) diff --git a/pkgs/by-name/co/commafeed/package.nix b/pkgs/by-name/co/commafeed/package.nix new file mode 100644 index 0000000000000..cc203468feead --- /dev/null +++ b/pkgs/by-name/co/commafeed/package.nix @@ -0,0 +1,102 @@ +{ + lib, + buildNpmPackage, + fetchFromGitHub, + jre, + maven, + makeWrapper, + nixosTests, + writeText, +}: +let + version = "4.3.3"; + + src = fetchFromGitHub { + owner = "Athou"; + repo = "commafeed"; + rev = version; + hash = "sha256-y0gTmtlDg7sdunG1ne/3WkFx2KQkTGRlfYpXBHFFh2o="; + }; + + frontend = buildNpmPackage { + inherit version src; + + pname = "commafeed-frontend"; + + sourceRoot = "${src.name}/commafeed-client"; + + npmDepsHash = "sha256-fye7MPWXUeFCMgcnesspd1giGG/ZldiOv00fjtXZSb4="; + + installPhase = '' + runHook preInstall + + cp -r dist/ $out + + runHook postInstall + ''; + }; + + gitProperties = writeText "git.properties" '' + git.branch = none + git.build.time = 1970-01-01T00:00:00+0000 + git.build.version = ${version} + git.commit.id = none + git.commit.id.abbrev = none + ''; +in +maven.buildMavenPackage { + inherit version src; + + pname = "commafeed"; + + mvnHash = "sha256-YnEDJf4GeyiXxOh8tZZTZdLOJrisG6lmShXU97ueGNE="; + + mvnParameters = lib.escapeShellArgs [ + "-Dskip.installnodenpm" + "-Dskip.npm" + "-Dspotless.check.skip" + "-Dmaven.gitcommitid.skip" + "-DskipTests" + ]; + + nativeBuildInputs = [ makeWrapper ]; + + configurePhase = '' + runHook preConfigure + + ln -sf "${frontend}" commafeed-client/dist + + cp ${gitProperties} commafeed-server/src/main/resources/git.properties + + runHook postConfigure + ''; + + installPhase = '' + runHook preInstall + + mkdir -p $out/bin $out/share + install -Dm644 commafeed-server/target/commafeed.jar $out/share/commafeed.jar + install -Dm644 commafeed-server/config.yml.example $out/share/config.yml + + makeWrapper ${jre}/bin/java $out/bin/commafeed \ + --add-flags "-jar $out/share/commafeed.jar" + + runHook postInstall + ''; + + postInstall = '' + substituteInPlace $out/share/config.yml \ + --replace-fail 'url: jdbc:h2:/commafeed/data/db;DEFRAG_ALWAYS=TRUE' \ + 'url: jdbc:h2:./database/db;DEFRAG_ALWAYS=TRUE' + ''; + + passthru.tests = nixosTests.commafeed; + + meta = { + description = "Google Reader inspired self-hosted RSS reader"; + homepage = "https://github.com/Athou/commafeed"; + license = lib.licenses.asl20; + mainProgram = "commafeed"; + maintainers = [ lib.maintainers.raroh73 ]; + }; +}