nixos/hedgedoc: refactor to reduce option count

- Remove lots of declared options that were not used outside of being
  included in settings. These should now be used through the freeform
  module.
- Deprecate `cfg.workDir`, in favor of using systemds `StateDirectory`
- Use sqlite as default database.

Co-authored-by: Sandro Jäckel <sandro.jaeckel@gmail.com>
This commit is contained in:
h7x4 2023-07-20 01:22:43 +02:00
parent f320b0d46e
commit 6cd8da76f9
No known key found for this signature in database
GPG key ID: 9F2F7D8250F35146
3 changed files with 259 additions and 1014 deletions

View file

@ -335,6 +335,8 @@
- The application firewall `opensnitch` now uses the process monitor method eBPF as default as recommended by upstream. The method can be changed with the setting [services.opensnitch.settings.ProcMonitorMethod](#opt-services.opensnitch.settings.ProcMonitorMethod). - The application firewall `opensnitch` now uses the process monitor method eBPF as default as recommended by upstream. The method can be changed with the setting [services.opensnitch.settings.ProcMonitorMethod](#opt-services.opensnitch.settings.ProcMonitorMethod).
- `services.hedgedoc` has been heavily refactored, reducing the amount of declared options in the module. Most of the options should still work without any changes. Some options have been deprecated, as they no longer have any effect. See [#244941](https://github.com/NixOS/nixpkgs/pull/244941) for more details.
- The module [services.ankisyncd](#opt-services.ankisyncd.package) has been switched to [anki-sync-server-rs](https://github.com/ankicommunity/anki-sync-server-rs) from the old python version, which was difficult to update, had not been updated in a while, and did not support recent versions of anki. - The module [services.ankisyncd](#opt-services.ankisyncd.package) has been switched to [anki-sync-server-rs](https://github.com/ankicommunity/anki-sync-server-rs) from the old python version, which was difficult to update, had not been updated in a while, and did not support recent versions of anki.
Unfortunately all servers supporting new clients (newer version of anki-sync-server, anki's built in sync server and this new rust package) do not support the older sync protocol that was used in the old server, so such old clients will also need updating and in particular the anki package in nixpkgs is also being updated in this release. Unfortunately all servers supporting new clients (newer version of anki-sync-server, anki's built in sync server and this new rust package) do not support the older sync protocol that was used in the old server, so such old clients will also need updating and in particular the anki package in nixpkgs is also being updated in this release.
The module update takes care of the new config syntax and the data itself (user login and cards) are compatible, so users of the module will be able to just log in again after updating both client and server without any extra action. The module update takes care of the new config syntax and the data itself (user login and cards) are compatible, so users of the module will be able to just log in again after updating both client and server without any extra action.

File diff suppressed because it is too large Load diff

View file

@ -8,20 +8,22 @@ import ./make-test-python.nix ({ pkgs, lib, ... }:
nodes = { nodes = {
hedgedocSqlite = { ... }: { hedgedocSqlite = { ... }: {
services = { services.hedgedoc.enable = true;
hedgedoc = {
enable = true;
settings.dbURL = "sqlite:///var/lib/hedgedoc/hedgedoc.db";
};
};
}; };
hedgedocPostgres = { ... }: { hedgedocPostgresWithTCPSocket = { ... }: {
systemd.services.hedgedoc.after = [ "postgresql.service" ]; systemd.services.hedgedoc.after = [ "postgresql.service" ];
services = { services = {
hedgedoc = { hedgedoc = {
enable = true; enable = true;
settings.dbURL = "postgres://hedgedoc:\${DB_PASSWORD}@localhost:5432/hedgedocdb"; settings.db = {
dialect = "postgres";
user = "hedgedoc";
password = "$DB_PASSWORD";
host = "localhost";
port = 5432;
database = "hedgedocdb";
};
/* /*
* Do not use pkgs.writeText for secrets as * Do not use pkgs.writeText for secrets as
@ -40,6 +42,33 @@ import ./make-test-python.nix ({ pkgs, lib, ... }:
}; };
}; };
}; };
hedgedocPostgresWithUNIXSocket = { ... }: {
systemd.services.hedgedoc.after = [ "postgresql.service" ];
services = {
hedgedoc = {
enable = true;
settings.db = {
dialect = "postgres";
user = "hedgedoc";
password = "$DB_PASSWORD";
host = "/run/postgresql";
database = "hedgedocdb";
};
environmentFile = pkgs.writeText "hedgedoc-env" ''
DB_PASSWORD=snakeoilpassword
'';
};
postgresql = {
enable = true;
initialScript = pkgs.writeText "pg-init-script.sql" ''
CREATE ROLE hedgedoc LOGIN PASSWORD 'snakeoilpassword';
CREATE DATABASE hedgedocdb OWNER hedgedoc;
'';
};
};
};
}; };
testScript = '' testScript = ''
@ -50,11 +79,18 @@ import ./make-test-python.nix ({ pkgs, lib, ... }:
hedgedocSqlite.wait_for_open_port(3000) hedgedocSqlite.wait_for_open_port(3000)
hedgedocSqlite.wait_until_succeeds("curl -sSf http://localhost:3000/new") hedgedocSqlite.wait_until_succeeds("curl -sSf http://localhost:3000/new")
with subtest("HedgeDoc postgres"): with subtest("HedgeDoc postgres with TCP socket"):
hedgedocPostgres.wait_for_unit("postgresql.service") hedgedocPostgresWithTCPSocket.wait_for_unit("postgresql.service")
hedgedocPostgres.wait_for_unit("hedgedoc.service") hedgedocPostgresWithTCPSocket.wait_for_unit("hedgedoc.service")
hedgedocPostgres.wait_for_open_port(5432) hedgedocPostgresWithTCPSocket.wait_for_open_port(5432)
hedgedocPostgres.wait_for_open_port(3000) hedgedocPostgresWithTCPSocket.wait_for_open_port(3000)
hedgedocPostgres.wait_until_succeeds("curl -sSf http://localhost:3000/new") hedgedocPostgresWithTCPSocket.wait_until_succeeds("curl -sSf http://localhost:3000/new")
with subtest("HedgeDoc postgres with UNIX socket"):
hedgedocPostgresWithUNIXSocket.wait_for_unit("postgresql.service")
hedgedocPostgresWithUNIXSocket.wait_for_unit("hedgedoc.service")
hedgedocPostgresWithUNIXSocket.wait_for_open_port(5432)
hedgedocPostgresWithUNIXSocket.wait_for_open_port(3000)
hedgedocPostgresWithUNIXSocket.wait_until_succeeds("curl -sSf http://localhost:3000/new")
''; '';
}) })