From 8774b9090daa99d111f46551d41eb8f73e9c24e4 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Wed, 3 Jun 2020 21:01:37 +0200 Subject: [PATCH 1/5] nixos/pinnwand: init --- nixos/modules/module-list.nix | 1 + nixos/modules/services/misc/pinnwand.nix | 78 ++++++++++++++++++++++++ 2 files changed, 79 insertions(+) create mode 100644 nixos/modules/services/misc/pinnwand.nix diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 939ee8dcfef..b60dfd215fa 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -488,6 +488,7 @@ ./services/misc/parsoid.nix ./services/misc/plex.nix ./services/misc/tautulli.nix + ./services/misc/pinnwand.nix ./services/misc/pykms.nix ./services/misc/radarr.nix ./services/misc/redmine.nix diff --git a/nixos/modules/services/misc/pinnwand.nix b/nixos/modules/services/misc/pinnwand.nix new file mode 100644 index 00000000000..aa1ee5cfaa7 --- /dev/null +++ b/nixos/modules/services/misc/pinnwand.nix @@ -0,0 +1,78 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.pinnwand; + + format = pkgs.formats.toml {}; + configFile = format.generate "pinnwand.toml" cfg.settings; +in +{ + options.services.pinnwand = { + enable = mkEnableOption "Pinnwand"; + + port = mkOption { + type = types.port; + description = "The port to listen on."; + default = 8000; + }; + + settings = mkOption { + type = format.type; + description = '' + Your pinnwand.toml as a Nix attribute set. Look up + possible options in the pinnwand.toml-example. + ''; + default = { + # https://github.com/supakeen/pinnwand/blob/master/pinnwand.toml-example + database_uri = "sqlite:///var/lib/pinnwand/pinnwand.db"; + preferred_lexeres = []; + paste_size = 262144; + paste_help = '' +

Welcome to pinnwand, this site is a pastebin. It allows you to share code with others. If you write code in the text area below and press the paste button you will be given a link you can share with others so they can view your code as well.

People with the link can view your pasted code, only you can remove your paste and it expires automatically. Note that anyone could guess the URI to your paste so don't rely on it being private.

+ ''; + footer = '' + View source code, the removal or expiry stories, or read the about page. + ''; + }; + }; + }; + + config = mkIf cfg.enable { + systemd.services.pinnwand = { + description = "Pinnwannd HTTP Server"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + unitConfig.Documentation = "https://pinnwand.readthedocs.io/en/latest/"; + serviceConfig = { + ExecStart = "${pkgs.pinnwand}/bin/pinnwand --configuration-path ${configFile} http --port ${toString(cfg.port)}"; + StateDirectory = "pinnwand"; + StateDirectoryMode = "0700"; + + AmbientCapabilities = []; + CapabilityBoundingSet = ""; + DevicePolicy = "closed"; + DynamicUser = true; + LockPersonality = true; + MemoryDenyWriteExecute = true; + PrivateDevices = true; + PrivateUsers = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectKernelLogs = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ]; + RestrictNamespaces = true; + RestrictRealtime = true; + SystemCallArchitectures = "native"; + SystemCallFilter = "@system-service"; + UMask = "0077"; + }; + }; + }; +} From 607a94ce2fd340886580e6dfabbf2ee71d5764a0 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Wed, 3 Jun 2020 21:14:53 +0200 Subject: [PATCH 2/5] steck: init at 0.6.0 --- pkgs/servers/pinnwand/steck.nix | 29 +++++++++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 ++ 2 files changed, 31 insertions(+) create mode 100644 pkgs/servers/pinnwand/steck.nix diff --git a/pkgs/servers/pinnwand/steck.nix b/pkgs/servers/pinnwand/steck.nix new file mode 100644 index 00000000000..642c72326f4 --- /dev/null +++ b/pkgs/servers/pinnwand/steck.nix @@ -0,0 +1,29 @@ +{ lib, pkgs, python3Packages, nixosTests }: + +python3Packages.buildPythonApplication rec { + pname = "steck"; + version = "0.6.0"; + + src = python3Packages.fetchPypi { + inherit pname version; + sha256 = "07gc5iwbyprb8nihnjjl2zd06z8p4nl3a3drzh9a8ny35ig1khq0"; + }; + + propagatedBuildInputs = with python3Packages; [ + pkgs.git + appdirs + click + python_magic + requests + termcolor + toml + ]; + + meta = with lib; { + homepage = "https://github.com/supakeen/steck"; + license = licenses.mit; + description = "Client for pinnwand pastebin."; + maintainers = with maintainers; [ hexa ]; + }; +} + diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 42c87c667d7..6fc5df0c9ae 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -6893,6 +6893,8 @@ in stdman = callPackage ../data/documentation/stdman { }; + steck = callPackage ../servers/pinnwand/steck.nix { }; + stenc = callPackage ../tools/backup/stenc { }; stm32loader = with python3Packages; toPythonApplication stm32loader; From cb50679f0e9cc9e5711e229c15e71817ecd46d14 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Wed, 3 Jun 2020 23:12:06 +0200 Subject: [PATCH 3/5] nixos/tests/pinnwand: init --- nixos/tests/all-tests.nix | 1 + nixos/tests/pinnwand.nix | 86 +++++++++++++++++++++++++++++++ pkgs/servers/pinnwand/default.nix | 4 +- pkgs/servers/pinnwand/steck.nix | 2 + 4 files changed, 92 insertions(+), 1 deletion(-) create mode 100644 nixos/tests/pinnwand.nix diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 31dad3be814..3ca48dff3ed 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -268,6 +268,7 @@ in pgjwt = handleTest ./pgjwt.nix {}; pgmanage = handleTest ./pgmanage.nix {}; php = handleTest ./php {}; + pinnwand = handleTest ./pinnwand.nix {}; plasma5 = handleTest ./plasma5.nix {}; plotinus = handleTest ./plotinus.nix {}; podman = handleTestOn ["x86_64-linux"] ./podman.nix {}; diff --git a/nixos/tests/pinnwand.nix b/nixos/tests/pinnwand.nix new file mode 100644 index 00000000000..2204e74b2c2 --- /dev/null +++ b/nixos/tests/pinnwand.nix @@ -0,0 +1,86 @@ +import ./make-test-python.nix ({ pkgs, ...}: +let + pythonEnv = pkgs.python3.withPackages (py: with py; [ appdirs toml ]); + + port = 8000; + baseUrl = "http://server:${toString port}"; + + configureSteck = pkgs.writeScript "configure.py" '' + #!${pythonEnv.interpreter} + import appdirs + import toml + import os + + CONFIG = { + "base": "${baseUrl}/", + "confirm": False, + "magic": True, + "ignore": True + } + + os.makedirs(appdirs.user_config_dir('steck')) + with open(os.path.join(appdirs.user_config_dir('steck'), 'steck.toml'), "w") as fd: + toml.dump(CONFIG, fd) + ''; +in +{ + name = "pinnwand"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers =[ hexa ]; + }; + + nodes = { + server = { config, ... }: + { + networking.firewall.allowedTCPPorts = [ + port + ]; + + services.pinnwand = { + enable = true; + port = port; + }; + }; + + client = { pkgs, ... }: + { + environment.systemPackages = [ pkgs.steck ]; + }; + }; + + testScript = '' + start_all() + + server.wait_for_unit("pinnwand.service") + client.wait_for_unit("network.target") + + # create steck.toml config file + client.succeed("${configureSteck}") + + # wait until the server running pinnwand is reachable + client.wait_until_succeeds("ping -c1 server") + + # make sure pinnwand is listening + server.wait_until_succeeds("ss -lnp | grep ${toString port}") + + # send the contents of /etc/machine-id + response = client.succeed("steck paste /etc/machine-id") + + # parse the steck response + raw_url = None + removal_link = None + for line in response.split("\n"): + if line.startswith("View link:"): + raw_url = f"${baseUrl}/raw/{line.split('/')[-1]}" + if line.startswith("Removal link:"): + removal_link = line.split(":", 1)[1] + + # check whether paste matches what we sent + client.succeed(f"curl {raw_url} > /tmp/machine-id") + client.succeed("diff /tmp/machine-id /etc/machine-id") + + # remove paste and check that it's not available any more + client.succeed(f"curl {removal_link}") + client.fail(f"curl --fail {raw_url}") + ''; +}) diff --git a/pkgs/servers/pinnwand/default.nix b/pkgs/servers/pinnwand/default.nix index 563c539c825..436a599b17e 100644 --- a/pkgs/servers/pinnwand/default.nix +++ b/pkgs/servers/pinnwand/default.nix @@ -1,4 +1,4 @@ -{ lib, python3, fetchFromGitHub }: +{ lib, python3, fetchFromGitHub, nixosTests }: let python = python3.override { @@ -35,6 +35,8 @@ in with python.pkgs; buildPythonApplication rec { $out/bin/pinnwand --help > /dev/null ''; + passthru.tests = nixosTests.pinnwand; + meta = with lib; { homepage = "https://supakeen.com/project/pinnwand/"; license = licenses.mit; diff --git a/pkgs/servers/pinnwand/steck.nix b/pkgs/servers/pinnwand/steck.nix index 642c72326f4..09b20efc36e 100644 --- a/pkgs/servers/pinnwand/steck.nix +++ b/pkgs/servers/pinnwand/steck.nix @@ -19,6 +19,8 @@ python3Packages.buildPythonApplication rec { toml ]; + passthru.tests = nixosTests.pinnwand; + meta = with lib; { homepage = "https://github.com/supakeen/steck"; license = licenses.mit; From 433db3a30c5f779c4abe5a72a62595ca0af2d520 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sat, 20 Jun 2020 17:08:33 +0200 Subject: [PATCH 4/5] pinnwand: 1.1.2 -> 1.2.0 Build the package from Git using pyproject.toml and enable tests. --- pkgs/servers/pinnwand/add-build-backend.patch | 12 +++++++++ pkgs/servers/pinnwand/default.nix | 27 ++++++++++++++----- 2 files changed, 32 insertions(+), 7 deletions(-) create mode 100644 pkgs/servers/pinnwand/add-build-backend.patch diff --git a/pkgs/servers/pinnwand/add-build-backend.patch b/pkgs/servers/pinnwand/add-build-backend.patch new file mode 100644 index 00000000000..2236cb5fc08 --- /dev/null +++ b/pkgs/servers/pinnwand/add-build-backend.patch @@ -0,0 +1,12 @@ +diff --git a/pyproject.toml b/pyproject.toml +index 3c4e87e..af27304 100644 +--- a/pyproject.toml ++++ b/pyproject.toml +@@ -58,5 +58,6 @@ exclude = ''' + pinnwand = 'pinnwand.__main__:main' + + [build-system] +-requires = ["setuptools", "wheel"] ++requires = ["poetry>=0.12"] ++build-backend = "poetry.masonry.api" + diff --git a/pkgs/servers/pinnwand/default.nix b/pkgs/servers/pinnwand/default.nix index 436a599b17e..6c80ba82a11 100644 --- a/pkgs/servers/pinnwand/default.nix +++ b/pkgs/servers/pinnwand/default.nix @@ -1,4 +1,4 @@ -{ lib, python3, fetchFromGitHub, nixosTests }: +{ lib, python3, fetchFromGitHub, poetry, nixosTests }: let python = python3.override { @@ -14,13 +14,25 @@ let }; in with python.pkgs; buildPythonApplication rec { pname = "pinnwand"; - version = "1.1.2"; + version = "1.2.0"; + format = "pyproject"; - src = fetchPypi { - inherit pname version; - sha256 = "0iincxkfyyx85ggx9ilms2f8aq4lcbg3rkqgrr4wlsflzhljqd0p"; + src = fetchFromGitHub { + owner = "supakeen"; + repo = pname; + rev = "v${version}"; + sha256 = "n5PH21QmU8YAb0WKXAKZR4wjfFTSSOtvlRq7yxRVZNE="; }; + patches = [ + # https://github.com/supakeen/pinnwand/issues/93 + ./add-build-backend.patch + ]; + + nativeBuildInputs = [ + poetry + ]; + propagatedBuildInputs = [ click docutils @@ -30,9 +42,10 @@ in with python.pkgs; buildPythonApplication rec { sqlalchemy ]; - # tests are only available when fetching from GitHub, where they in turn don't have a setup.py :( + checkInputs = [ pytest ]; + checkPhase = '' - $out/bin/pinnwand --help > /dev/null + pytest ''; passthru.tests = nixosTests.pinnwand; From 45d5dc2aa928bac6dc52b9087ecdc3c8d065cab5 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Thu, 6 Aug 2020 20:15:24 +0200 Subject: [PATCH 5/5] pinnwand: 1.2.0 -> 1.2.1 --- pkgs/servers/pinnwand/add-build-backend.patch | 12 ------------ pkgs/servers/pinnwand/default.nix | 9 ++------- 2 files changed, 2 insertions(+), 19 deletions(-) delete mode 100644 pkgs/servers/pinnwand/add-build-backend.patch diff --git a/pkgs/servers/pinnwand/add-build-backend.patch b/pkgs/servers/pinnwand/add-build-backend.patch deleted file mode 100644 index 2236cb5fc08..00000000000 --- a/pkgs/servers/pinnwand/add-build-backend.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff --git a/pyproject.toml b/pyproject.toml -index 3c4e87e..af27304 100644 ---- a/pyproject.toml -+++ b/pyproject.toml -@@ -58,5 +58,6 @@ exclude = ''' - pinnwand = 'pinnwand.__main__:main' - - [build-system] --requires = ["setuptools", "wheel"] -+requires = ["poetry>=0.12"] -+build-backend = "poetry.masonry.api" - diff --git a/pkgs/servers/pinnwand/default.nix b/pkgs/servers/pinnwand/default.nix index 6c80ba82a11..360e39ab685 100644 --- a/pkgs/servers/pinnwand/default.nix +++ b/pkgs/servers/pinnwand/default.nix @@ -14,21 +14,16 @@ let }; in with python.pkgs; buildPythonApplication rec { pname = "pinnwand"; - version = "1.2.0"; + version = "1.2.1"; format = "pyproject"; src = fetchFromGitHub { owner = "supakeen"; repo = pname; rev = "v${version}"; - sha256 = "n5PH21QmU8YAb0WKXAKZR4wjfFTSSOtvlRq7yxRVZNE="; + sha256 = "1rk7rpyb4vmqxqqv8k9jpjmgakr3mn1iaqxyj34r74p1n5vfzimq"; }; - patches = [ - # https://github.com/supakeen/pinnwand/issues/93 - ./add-build-backend.patch - ]; - nativeBuildInputs = [ poetry ];