thary/wf-module
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: thary:1c41525b97d2643ef75b97471c29ab8743b004fb
Branches Tags
thary:main
..
compare: thary:main
Branches Tags
thary:main

38 Commits
1c41525b97 ... main

Author SHA1 Message Date
Thary
4b1a42fa0e fix 2025-11-18 23:01:47 +03:00
Thary
2ef8bef684 fix 2025-11-18 22:01:58 +03:00
Thary
0e735d7cb2 fix 2025-11-18 19:14:26 +03:00
Thary
1e810965cd :) 2025-11-18 19:07:50 +03:00
Thary
3516443d6d fix 2025-11-18 19:02:58 +03:00
Thary
9668f9f2e5 fix 2025-11-18 18:38:45 +03:00
Thary
1c048694dc fix 2025-11-18 18:32:03 +03:00
Thary
40eb2fe7bc fix 2025-11-18 18:30:38 +03:00
Thary
90c6028020 fix 2025-11-14 15:29:14 +03:00
Thary
a79696e5fa fix 2025-11-14 15:26:37 +03:00
Thary
cff859a972 fix 2025-11-14 15:20:10 +03:00
Thary
96105a32ea a 2025-11-12 22:33:32 +03:00
Thary
c46b2fdc4d a 2025-11-12 22:29:55 +03:00
Thary
c39d7a3667 a 2025-11-12 22:14:43 +03:00
Thary
5009cce450 a 2025-11-12 22:09:14 +03:00
Thary
62352cd2a1 a 2025-11-12 21:31:41 +03:00
Thary
48a723aae1 a 2025-11-12 21:27:42 +03:00
Thary
21d741064b a 2025-11-12 21:24:49 +03:00
Thary
ad36e7722a a 2025-11-12 21:17:10 +03:00
Thary
795e159482 a 2025-11-12 20:53:26 +03:00
Thary
8b2b30a422 a 2025-11-12 20:43:22 +03:00
Thary
921e9e7fec a 2025-11-12 20:27:04 +03:00
Thary
2cd3568ac3 a 2025-11-12 20:07:36 +03:00
Thary
1212a6881a a 2025-11-12 19:50:50 +03:00
Thary
bcc1c9edf2 a 2025-11-12 19:46:51 +03:00
Thary
af10f91a69 a 2025-11-12 19:03:01 +03:00
Thary
1684e24959 a 2025-11-12 19:01:24 +03:00
Thary
fc34f43f4d a 2025-11-12 18:51:16 +03:00
Thary
9844252b4d fix: effownejbwenfvc 2025-11-12 18:46:23 +03:00
Thary
24aadc213e fix: effownejbwenfvc 2025-11-12 18:40:15 +03:00
Thary
80610f3d74 fix: effownejbwenfvc 2025-11-12 18:03:12 +03:00
Thary
49791d7e3f fix: effownejbwenfvc 2025-11-12 15:56:49 +03:00
Thary
bdc277d57c fix: effownejbwenfvc 2025-11-12 15:31:43 +03:00
Thary
542140869e fix: effownejbwenfvc 2025-11-12 15:29:04 +03:00
Thary
75c64c7019 fix: effownejbwenfvc 2025-11-12 15:24:48 +03:00
Thary
c66411653e fix: incorrect data type in the option's metadata 2025-11-12 15:19:49 +03:00
Thary
dc75ef6600 Aaddfwef 2025-11-07 17:21:15 +03:00
Thary
7de519b118 Aaddfwef 2025-11-07 16:04:19 +03:00
3 changed files with 72 additions and 34 deletions
Expand all files Collapse all files

3
config-paths-needed.json
View File

@@ -7,5 +7,6 @@
[ "selfprivacy", "passthru", "auth", "oauth2-provider-name" ],
[ "selfprivacy", "sso", "enable" ],
[ "selfprivacy", "useBinds" ],
[ "services", "kanidm", "serverSettings", "origin" ]
[ "services", "kanidm", "serverSettings", "origin" ],
[ "services", "writefreely" ]
]

4
flake.nix
View File

@@ -11,7 +11,7 @@
spModuleSchemaVersion = 1;
id = "writefreely";
name = "WriteFreely";
description = "An open source platform for building a writing space on the web.";
description = "An open source platform for building a writing space on the web. Notice that the first signed in user will become the only admin automatically, and there is no possibility to change this.";
svgIcon = builtins.readFile ./icon.svg;
isMovable = true;
isRequired = false;
@@ -27,7 +27,7 @@
];
homepage = "https://writefreely.org";
sourcePage = "https://github.com/writefreely/writefreely";
supportLevel = "normal";
supportLevel = "experimental";
sso = {
userGroup = "sp.writefreely.users";
};

99
module.nix
View File

@@ -41,7 +41,7 @@ in
(lib.mkOption {
default = "writefreely";
type = lib.types.strMatching "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";
description = "Subdomain (changing subdomain after setting up will cause breakage of the federation!)";
description = "Subdomain (changing subdomain after enabling the federation will cause its breakage!)";
})
// {
meta = {
@@ -51,6 +51,30 @@ in
weight = 0;
};
};
appName =
(lib.mkOption {
default = "WriteFreely";
type = lib.types.str;
description = "Name of the WriteFreely instance.";
})
// {
meta = {
type = "string";
weight = 1;
};
};
description =
(lib.mkOption {
default = "WriteFreely instance.";
type = lib.types.str;
description = "Description of the WriteFreely instance. This makes no sense if the federation is not enabled.";
})
// {
meta = {
type = "string";
weight = 2;
};
};
enableFederation =
(lib.mkOption {
default = false;
@@ -60,19 +84,7 @@ in
// {
meta = {
type = "bool";
weight = 1;
};
};
title =
(lib.mkOption {
default = "WriteFreely";
type = lib.types.str;
description = "Name of the WriteFreely instance.";
})
// {
meta = {
type = "str";
weight = 2;
weight = 3;
};
};
};
@@ -88,7 +100,7 @@ in
fileSystems = lib.mkIf sp.useBinds {
"/var/lib/writefreely" = {
device = "/volumes/${cfg.location}/writefreely";
options = [ "bind" ];
options = [ "bind" "uid=writefreely" "gid=writefreely" ];
};
};
@@ -99,11 +111,13 @@ in
settings = {
server.port = 8081;
app = {
site_name = cfg.title;
host = lib.mkForce "https://${cfg.subdomain}.${sp.domain}";
site_name = cfg.appName;
site_description = cfg.description;
single_user = false;
federation = cfg.enableFederation;
disable_password_auth = true;
open_registration = false;
open_registration = true;
};
"oauth.generic" = {
@@ -113,32 +127,42 @@ in
token_endpoint = "/oauth2/token";
inspect_endpoint = "/oauth2/openid/${oauthClientID}/userinfo";
auth_endpoint = "/ui/oauth2";
client_secret = "@replace_oauth_secret@";
map_user_id = "preferred_username";
map_username = "preferred_username";
scope = "openid email profile";
};
};
};
systemd = {
services.writefreely = {
requeres = [ "writefreely-secrets.service" ];
requires = [ "writefreely-sqlite-init.service" ];
path = [ pkgs.openssl ];
unitConfig.RequiresMountsFor = lib.mkIf sp.useBinds "/volumes/${cfg.location}/writefreely";
serviceConfig.Slice = "writefreely.slice";
restartTriggers = [ (
pkgs.writeText "writefreely-restart-trigger"
(builtins.toJSON config.services.writefreely.settings)
) ];
};
services.writefreely-secrets = let inherit (config.services.writefreely) stateDir;
services.writefreely-sqlite-init = let
cfgFile = "${config.services.writefreely.stateDir}/config.ini";
in {
wantedBy = [ "multi-user.target" ];
requiredBy = [ "writefreely.service" ];
serviceConfig = {
Type = "oneshot";
Slice = "writefreely.slice";
};
script = let crudini = lib.getExe pkgs.crudini;
in ''
${crudini} --set ${stateDir}/config.ini oauth.generic client_secret '$(cat ${oauthClientSecretFP})'
postStart = ''
chmod 660 '${cfgFile}'
${lib.getExe pkgs.replace-secret} "@replace_oauth_secret@" "${oauthClientSecretFP}" "${cfgFile}"
chmod 440 '${cfgFile}'
'';
unitConfig.RequiresMountsFor = lib.mkIf sp.useBinds "/volumes/${cfg.location}/writefreely";
serviceConfig = {
Slice = "writefreely.slice";
ExecStartPre = [
"+${pkgs.coreutils}/bin/chown writefreely:writefreely /var/lib/writefreely"
];
};
};
slices.writefreely = {
@@ -146,13 +170,26 @@ in
};
};
services.nginx.virtualHosts."${cfg.subdomain}.${sp.domain}" = {
useACMEHost = sp.domain;
forceSSL = true;
locations = {
"/" = {
proxyPass = "http://127.0.0.1:8081";
};
};
};
selfprivacy.auth.clients.${oauthClientID} = {
inherit usersGroup;
subdomain = cfg.subdomain;
originLanding = "https://${cfg.subdomain}.${sp.domain}/";
originUrl = "https://${cfg.subdomain}.${sp.domain}/auth/oauth2/callback";
originUrl = "https://${cfg.subdomain}.${sp.domain}/oauth/callback/generic";
clientSystemdUnits = [ "writefreely.service" ];
enablePkce = false;
scopeMaps = {
"${usersGroup}" = [ "email" "openid" "profile" ];
};
linuxUserOfClient = "writefreely";
linuxGroupOfClient = "writefreely";
};