thary/wf-module
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Thary
2025-11-07 15:16:45 +03:00
commit 6bf1d003fe
4 changed files with 227 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

160
module.nix Normal file
View File

@@ -0,0 +1,160 @@
{
config,
lib,
pkgs,
...
}:
let
sp = config.selfprivacy;
cfg = sp.modules.writefreely;
oauthClientID = "writefreely";
auth-passthru = config.selfprivacy.passthru.auth;
oauth2-provider-origin = config.services.kanidm.serverSettings.origin;
usersGroup = "sp.writefreely.users";
oauthClientSecretFP = auth-passthru.mkOAuth2ClientSecretFP oauthClientID;
in
{
options.selfprivacy.modules.writefreely = {
enable =
(lib.mkOption {
default = false;
type = lib.types.bool;
description = "Enable WriteFreely";
})
// {
meta = {
type = "enable";
};
};
location =
(lib.mkOption {
type = lib.types.str;
description = "WriteFreely location";
})
// {
meta = {
type = "location";
};
};
subdomain =
(lib.mkOption {
default = "writefreely";
type = lib.types.strMatching "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";
description = "Subdomain (changing subdomain after setting up will cause breakage of the federation!)";
})
// {
meta = {
widget = "subdomain";
type = "string";
regex = "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";
weight = 0;
};
};
enableFederation =
(lib.mkOption {
default = false;
type = lib.types.bool;
description = "Enable the ActivityPub federation.";
})
// {
meta = {
type = "bool";
weight = 1;
};
};
title =
(lib.mkOption {
default = "WriteFreely";
type = lib.types.str;
description = "Name of the WriteFreely instance.";
})
// {
meta = {
type = "str";
weight = 2;
};
};
};
config = lib.mkIf cfg.enable {
assertions = [
{
assertion = sp.sso.enable;
message = "WriteFreely cannot be enabled when SSO is disabled.";
}
];
fileSystems = lib.mkIf sp.useBinds {
"/var/lib/writefreely" = {
device = "/volumes/${cfg.location}/writefreely";
options = [ "bind" ];
};
};
services.writefreely = {
enable = true;
database.type = "sqlite3";
host = "${cfg.subdomain}.${sp.domain}";
settings = {
server.port = 8081;
app = {
site_name = cfg.title;
single_user = false;
federation = cfg.enableFederation;
disable_password_auth = true;
open_registration = false;
};
"oauth.generic" = {
client_id = oauthClientID;
host = oauth2-provider-origin;
display_name = "SSO";
token_endpoint = "/oauth2/token";
inspect_endpoint = "/oauth2/openid/${oauthClientID}/userinfo";
auth_endpoint = "/ui/oauth2";
};
};
};
systemd = {
services.writefreely = {
requeres = [ "writefreely-secrets.service" ];
unitConfig.RequiresMountsFor = lib.mkIf sp.useBinds "/volumes/${cfg.location}/writefreely";
serviceConfig.Slice = "writefreely.slice";
};
services.writefreely-secrets = let inherit (config.services.writefreely) stateDir;
in {
wantedBy = [ "multi-user.target" ];
requiredBy = [ "writefreely.service" ];
serviceConfig = {
Type = "oneshot";
Slice = "writefreely.slice";
};
script = let crudini = lib.getExe pkgs.crudini;
in ''
${crudini} --set ${stateDir}/config.ini oauth.generic client_secret '$(cat ${oauthClientSecretFP})'
'';
};
slices.writefreely = {
description = "WriteFreely service slice";
};
};
selfprivacy.auth.clients.${oauthClientID} = {
inherit usersGroup;
subdomain = cfg.subdomain;
originLanding = "https://${cfg.subdomain}.${sp.domain}/";
originUrl = "https://${cfg.subdomain}.${sp.domain}/auth/oauth2/callback";
clientSystemdUnits = [ "writefreely.service" ];
enablePkce = false;
linuxUserOfClient = "writefreely";
linuxGroupOfClient = "writefreely";
};
};
}