diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index d5b09027026..8851889ef56 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -8974,12 +8974,6 @@ githubId = 8641; name = "Pierre Carrier"; }; - pengmeiyu = { - email = "pengmyu@gmail.com"; - github = "pmeiyu"; - githubId = 8529551; - name = "Peng Mei Yu"; - }; penguwin = { email = "penguwin@penguwin.eu"; github = "penguwin"; @@ -9255,6 +9249,12 @@ githubId = 178496; name = "Philipp Middendorf"; }; + pmy = { + email = "pmy@xqzp.net"; + github = "pmeiyu"; + githubId = 8529551; + name = "Peng Mei Yu"; + }; pmyjavec = { email = "pauly@myjavec.com"; github = "pmyjavec"; diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index f392ca52566..273ed95e1bc 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -351,6 +351,7 @@ in hqplayer = 319; moonraker = 320; distcc = 321; + webdav = 322; # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! @@ -656,6 +657,7 @@ in hqplayer = 319; moonraker = 320; distcc = 321; + webdav = 322; # When adding a gid, make sure it doesn't match an existing # uid. Users and groups with the same name should have equal diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 9eca0b8d65f..1d51fca02fb 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -685,6 +685,7 @@ ./services/network-filesystems/diod.nix ./services/network-filesystems/u9fs.nix ./services/network-filesystems/webdav.nix + ./services/network-filesystems/webdav-server-rs.nix ./services/network-filesystems/yandex-disk.nix ./services/network-filesystems/xtreemfs.nix ./services/network-filesystems/ceph.nix diff --git a/nixos/modules/services/network-filesystems/webdav-server-rs.nix b/nixos/modules/services/network-filesystems/webdav-server-rs.nix new file mode 100644 index 00000000000..1c5c299cb67 --- /dev/null +++ b/nixos/modules/services/network-filesystems/webdav-server-rs.nix @@ -0,0 +1,144 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.services.webdav-server-rs; + format = pkgs.formats.toml { }; + settings = recursiveUpdate + { + server.uid = config.users.users."${cfg.user}".uid; + server.gid = config.users.groups."${cfg.group}".gid; + } + cfg.settings; +in +{ + options = { + services.webdav-server-rs = { + enable = mkEnableOption "WebDAV server"; + + user = mkOption { + type = types.str; + default = "webdav"; + description = "User to run under when setuid is not enabled."; + }; + + group = mkOption { + type = types.str; + default = "webdav"; + description = "Group to run under when setuid is not enabled."; + }; + + settings = mkOption { + type = format.type; + default = { }; + description = '' + Attrset that is converted and passed as config file. Available + options can be found at + here. + ''; + example = literalExpression '' + { + server.listen = [ "0.0.0.0:4918" "[::]:4918" ]; + accounts = { + auth-type = "htpasswd.default"; + acct-type = "unix"; + }; + htpasswd.default = { + htpasswd = "/etc/htpasswd"; + }; + location = [ + { + route = [ "/public/*path" ]; + directory = "/srv/public"; + handler = "filesystem"; + methods = [ "webdav-ro" ]; + autoindex = true; + auth = "false"; + } + { + route = [ "/user/:user/*path" ]; + directory = "~"; + handler = "filesystem"; + methods = [ "webdav-rw" ]; + autoindex = true; + auth = "true"; + setuid = true; + } + ]; + } + ''; + }; + + configFile = mkOption { + type = types.path; + default = format.generate "webdav-server.toml" settings; + defaultText = "Config file generated from services.webdav-server-rs.settings"; + description = '' + Path to config file. If this option is set, it will override any + configuration done in services.webdav-server-rs.settings. + ''; + example = "/etc/webdav-server.toml"; + }; + }; + }; + + config = mkIf cfg.enable { + assertions = [ + { + assertion = hasAttr cfg.user config.users.users && config.users.users."${cfg.user}".uid != null; + message = "users.users.${cfg.user} and users.users.${cfg.user}.uid must be defined."; + } + { + assertion = hasAttr cfg.group config.users.groups && config.users.groups."${cfg.group}".gid != null; + message = "users.groups.${cfg.group} and users.groups.${cfg.group}.gid must be defined."; + } + ]; + + users.users = optionalAttrs (cfg.user == "webdav") { + webdav = { + description = "WebDAV user"; + group = cfg.group; + uid = config.ids.uids.webdav; + }; + }; + + users.groups = optionalAttrs (cfg.group == "webdav") { + webdav.gid = config.ids.gids.webdav; + }; + + systemd.services.webdav-server-rs = { + description = "WebDAV server"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStart = "${pkgs.webdav-server-rs}/bin/webdav-server -c ${cfg.configFile}"; + + CapabilityBoundingSet = [ + "CAP_SETUID" + "CAP_SETGID" + ]; + + NoExecPaths = [ "/" ]; + ExecPaths = [ "/nix/store" ]; + + # This program actively detects if it is running in root user account + # when it starts and uses root privilege to switch process uid to + # respective unix user when a user logs in. Maybe we can enable + # DynamicUser in the future when it's able to detect CAP_SETUID and + # CAP_SETGID capabilities. + + NoNewPrivileges = true; + PrivateDevices = true; + PrivateTmp = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectSystem = true; + }; + }; + }; + + meta.maintainers = with maintainers; [ pmy ]; +} diff --git a/nixos/modules/services/network-filesystems/webdav.nix b/nixos/modules/services/network-filesystems/webdav.nix index 4086a0f5d56..a810af40fd4 100644 --- a/nixos/modules/services/network-filesystems/webdav.nix +++ b/nixos/modules/services/network-filesystems/webdav.nix @@ -80,13 +80,13 @@ in users.users = mkIf (cfg.user == "webdav") { webdav = { description = "WebDAV daemon user"; - isSystemUser = true; group = cfg.group; + uid = config.ids.uids.webdav; }; }; users.groups = mkIf (cfg.group == "webdav") { - webdav = { }; + webdav.gid = config.ids.gids.webdav; }; systemd.services.webdav = { @@ -103,5 +103,5 @@ in }; }; - meta.maintainers = with maintainers; [ pengmeiyu ]; + meta.maintainers = with maintainers; [ pmy ]; } diff --git a/pkgs/data/misc/rime-data/default.nix b/pkgs/data/misc/rime-data/default.nix index 371a07d3ec1..fbf65bc12a9 100644 --- a/pkgs/data/misc/rime-data/default.nix +++ b/pkgs/data/misc/rime-data/default.nix @@ -61,6 +61,6 @@ stdenv.mkDerivation { # rime-cantonese cc-by-40 ]; - maintainers = [ maintainers.pengmeiyu ]; + maintainers = with maintainers; [ pmy ]; }; } diff --git a/pkgs/os-specific/linux/lm-sensors/default.nix b/pkgs/os-specific/linux/lm-sensors/default.nix index 3590f87e37a..c40a3794054 100644 --- a/pkgs/os-specific/linux/lm-sensors/default.nix +++ b/pkgs/os-specific/linux/lm-sensors/default.nix @@ -44,7 +44,7 @@ stdenv.mkDerivation rec { changelog = "https://raw.githubusercontent.com/lm-sensors/lm-sensors/V${dashedVersion}/CHANGES"; description = "Tools for reading hardware sensors"; license = with licenses; [ lgpl21Plus gpl2Plus ]; - maintainers = with maintainers; [ pengmeiyu ]; + maintainers = with maintainers; [ pmy ]; platforms = platforms.linux; mainProgram = "sensors"; }; diff --git a/pkgs/servers/webdav-server-rs/default.nix b/pkgs/servers/webdav-server-rs/default.nix new file mode 100644 index 00000000000..06c8716ba87 --- /dev/null +++ b/pkgs/servers/webdav-server-rs/default.nix @@ -0,0 +1,47 @@ +{ lib +, stdenv +, fetchFromGitHub +, rustPlatform +, libtirpc +, pam +, rpcsvc-proto +, enablePAM ? stdenv.isLinux +}: + +rustPlatform.buildRustPackage rec { + pname = "webdav-server-rs"; + # The v0.4.0 tag cannot build. So we use the 547602e commit. + version = "unstable-2021-08-16"; + + src = fetchFromGitHub { + owner = "miquels"; + repo = pname; + rev = "547602e78783935b4ddd038fb795366c9c476bcc"; + sha256 = "sha256-nTygUEjAUXD0mRTmjt8/UPVfZA4rP6oop1s/fI5mYeg="; + }; + + cargoHash = "sha256-TDDfGQig4i/DpsilTPqMQ1oT0mXK5DKlZmwsPPLrzFc="; + + buildInputs = [ libtirpc ] ++ lib.optional enablePAM pam; + nativeBuildInputs = [ rpcsvc-proto ]; + + buildNoDefaultFeatures = true; + buildFeatures = [ "quota" ] ++ lib.optional enablePAM "pam"; + + postPatch = '' + substituteInPlace fs_quota/build.rs \ + --replace '/usr/include/tirpc' '${libtirpc.dev}/include/tirpc' + ''; + + meta = with lib; { + description = "An implementation of WebDAV server in Rust"; + longDescription = '' + webdav-server-rs is an implementation of WebDAV with full support for + RFC4918. It also supports local unix accounts, PAM authentication, and + quota. + ''; + homepage = "https://github.com/miquels/webdav-server-rs"; + license = licenses.asl20; + maintainers = with maintainers; [ pmy ]; + }; +} diff --git a/pkgs/servers/webdav/default.nix b/pkgs/servers/webdav/default.nix index 2e6a6a891ec..4a3aca9f6e9 100644 --- a/pkgs/servers/webdav/default.nix +++ b/pkgs/servers/webdav/default.nix @@ -17,6 +17,6 @@ buildGoModule rec { description = "Simple WebDAV server"; homepage = "https://github.com/hacdias/webdav"; license = licenses.mit; - maintainers = with maintainers; [ pengmeiyu ]; + maintainers = with maintainers; [ pmy ]; }; } diff --git a/pkgs/tools/inputmethods/ibus-engines/ibus-rime/default.nix b/pkgs/tools/inputmethods/ibus-engines/ibus-rime/default.nix index af3fcbe4e2c..d415b6b5a45 100644 --- a/pkgs/tools/inputmethods/ibus-engines/ibus-rime/default.nix +++ b/pkgs/tools/inputmethods/ibus-engines/ibus-rime/default.nix @@ -39,6 +39,6 @@ stdenv.mkDerivation rec { homepage = "https://rime.im/"; license = licenses.gpl3Plus; platforms = platforms.linux; - maintainers = with maintainers; [ pengmeiyu ]; + maintainers = with maintainers; [ pmy ]; }; } diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 517566a4194..1d21ad89c5a 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -21711,6 +21711,8 @@ with pkgs; webdav = callPackage ../servers/webdav { }; + webdav-server-rs = callPackage ../servers/webdav-server-rs { }; + webmetro = callPackage ../servers/webmetro { }; wsdd = callPackage ../servers/wsdd { };