add overlays, pkgs

2023-07-13 13:09:17 +02:00
parent c7aef44265
commit e21a47a2b5
34 changed files with 8812 additions and 2 deletions
--- a/utils/pkgs/self-service-password/default.nix
+++ b/utils/pkgs/self-service-password/default.nix
@@ -0,0 +1,95 @@
+{ lib, stdenv, fetchurl }:
+
+let
+  generic = {
+    version, sha256,
+    eol ? false, extraVulnerabilities ? []
+  }: let
+    major = lib.versions.major version;
+  in stdenv.mkDerivation rec {
+    pname = "selfServicePassword";
+    inherit version;
+
+    src = fetchurl {
+      url = "https://github.com/ltb-project/self-service-password/archive/refs/tags/v${version}.tar.gz";
+      inherit sha256;
+    };
+
+    installPhase = ''
+      runHook preInstall
+      mkdir -p $out/
+      cp -R . $out/
+      runHook postInstall
+    '';
+
+    meta = with lib; {
+      description = "PHP application that allows users to change their password in an LDAP directory.";
+      homepage = "https://github.com/ltb-project/self-service-password";
+      license = licenses.agpl3Plus;
+      platforms = with platforms; unix;
+    };
+  };
+in {
+  selfServicePassword = generic {
+    version = "1.5.2";
+    sha256 = "dcef404e6b715f16bda71381647af38052a67deef4d387312856596ef131e030";
+  };
+
+  systemd.services = {
+    # When upgrading the Nextcloud package, Nextcloud can report errors such as
+    # "The files of the app [all apps in /var/lib/nextcloud/apps] were not replaced correctly"
+    # Restarting phpfpm on Nextcloud package update fixes these issues (but this is a workaround).
+    phpfpm-selfservicepassword.restartTriggers = [ selfServicePassword ];
+
+    selfservicepassword-setup = let
+      c = cfg.config;
+      writePhpArrary = a: "[${concatMapStringsSep "," (val: ''"${toString val}"'') a}]";
+
+      overrideConfig = pkgs.writeText "config.inc.local.php" ''
+        <?php
+        $lang = "en";
+        $allowed_lang = array("en", "de");
+        $show_menu = true;
+        $header_name_preset_login = "Auth-User";
+      '';
+    in {
+      wantedBy = [ "multi-user.target" ];
+      before = [ "phpfpm-selfservicepassword.service" ];
+      script = ''
+        ln -sf ${overrideConfig} ${datadir}/config/override.config.php
+      '';
+      serviceConfig.Type = "oneshot";
+      serviceConfig.User = "selfservicepassword";
+    };
+  };
+
+  services.phpfpm = {
+    pools.selfServicePassword = {
+      user = "selfservicepassword";
+      group = "selfservicepassword";
+      phpPackage = phpPackage;
+      phpEnv = {
+        PATH = "/run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin:/usr/bin:/bin";
+      };
+      settings = mapAttrs (name: mkDefault) {
+        "listen.owner" = config.services.nginx.user;
+        "listen.group" = config.services.nginx.group;
+      };
+      extraConfig = cfg.poolConfig;
+    };
+  };
+
+  users.users.selfservicepassword = {
+    home = "${cfg.home}";
+    group = "selfservicepassword";
+    isSystemUser = true;
+  };
+  users.groups.selfservicepassword.members = [ "selfservicepassword" config.services.nginx.user ];
+
+  services.nginx.enable = mkDefault true;
+
+  services.nginx.virtualHosts.${cfg.hostName} = {
+    root = cfg.package;
+    locations = {};
+  };
+}