Merge pull request #103705 from freezeboy/add-plik

plik: init at 1.3.1

nixos/modules/module-list.nix

@@ -513,6 +513,7 @@
   ./services/misc/paperless.nix
   ./services/misc/parsoid.nix
   ./services/misc/plex.nix
+  ./services/misc/plikd.nix
   ./services/misc/tautulli.nix
   ./services/misc/pinnwand.nix
   ./services/misc/pykms.nix

nixos/modules/services/misc/plikd.nix

@@ -0,0 +1,82 @@
+{ config, pkgs, lib, ... }:
+
+with lib;
+
+let
+  cfg = config.services.plikd;
+
+  format = pkgs.formats.toml {};
+  plikdCfg = format.generate "plikd.cfg" cfg.settings;
+in
+{
+  options = {
+    services.plikd = {
+      enable = mkEnableOption "the plikd server";
+
+      openFirewall = mkOption {
+        type = types.bool;
+        default = false;
+        description = "Open ports in the firewall for the plikd.";
+      };
+
+      settings = mkOption {
+        type = format.type;
+        default = {};
+        description = ''
+          Configuration for plikd, see <link xlink:href="https://github.com/root-gg/plik/blob/master/server/plikd.cfg"/>
+          for supported values.
+        '';
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.plikd.settings = mapAttrs (name: mkDefault) {
+      ListenPort = 8080;
+      ListenAddress = "localhost";
+      DataBackend = "file";
+      DataBackendConfig = {
+         Directory = "/var/lib/plikd";
+      };
+      MetadataBackendConfig = {
+        Driver = "sqlite3";
+        ConnectionString = "/var/lib/plikd/plik.db";
+      };
+    };
+
+    systemd.services.plikd = {
+      description = "Plikd file sharing server";
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        Type = "simple";
+        ExecStart = "${pkgs.plikd}/bin/plikd --config ${plikdCfg}";
+        Restart = "on-failure";
+        StateDirectory = "plikd";
+        LogsDirectory = "plikd";
+        DynamicUser = true;
+
+        # Basic hardening
+        NoNewPrivileges = "yes";
+        PrivateTmp = "yes";
+        PrivateDevices = "yes";
+        DevicePolicy = "closed";
+        ProtectSystem = "strict";
+        ProtectHome = "read-only";
+        ProtectControlGroups = "yes";
+        ProtectKernelModules = "yes";
+        ProtectKernelTunables = "yes";
+        RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6 AF_NETLINK";
+        RestrictNamespaces = "yes";
+        RestrictRealtime = "yes";
+        RestrictSUIDSGID = "yes";
+        MemoryDenyWriteExecute = "yes";
+        LockPersonality = "yes";
+      };
+    };
+
+    networking.firewall = mkIf cfg.openFirewall {
+      allowedTCPPorts = [ cfg.settings.ListenPort ];
+    };
+  };
+}

nixos/tests/all-tests.nix

@@ -313,6 +313,7 @@ in
   pinnwand = handleTest ./pinnwand.nix {};
   plasma5 = handleTest ./plasma5.nix {};
   pleroma = handleTestOn [ "x86_64-linux" "aarch64-linux" ] ./pleroma.nix {};
+  plikd = handleTest ./plikd.nix {};
   plotinus = handleTest ./plotinus.nix {};
   podman = handleTestOn ["x86_64-linux"] ./podman.nix {};
   postfix = handleTest ./postfix.nix {};

nixos/tests/plikd.nix

@@ -0,0 +1,27 @@
+import ./make-test-python.nix ({ lib, ... }: {
+  name = "plikd";
+  meta = with lib.maintainers; {
+    maintainers = [ freezeboy ];
+  };
+
+  machine = { pkgs, ... }: let
+  in {
+    services.plikd.enable = true;
+    environment.systemPackages = [ pkgs.plik ];
+  };
+
+  testScript = ''
+    # Service basic test
+    machine.wait_for_unit("plikd")
+
+    # Network test
+    machine.wait_for_open_port("8080")
+    machine.succeed("curl --fail -v http://localhost:8080")
+
+    # Application test
+    machine.execute("echo test > /tmp/data.txt")
+    machine.succeed("plik --server http://localhost:8080 /tmp/data.txt | grep curl")
+
+    machine.succeed("diff data.txt /tmp/data.txt")
+  '';
+})

pkgs/servers/plik/default.nix

@@ -0,0 +1,25 @@
+{ lib, fetchurl, makeWrapper, runCommand, callPackage }:
+
+let
+  version = "1.3.1";
+
+  programs = callPackage ./programs.nix {};
+
+  webapp = fetchurl {
+    url = "https://github.com/root-gg/plik/releases/download/${version}/plik-${version}-linux-amd64.tar.gz";
+    sha256 = "KN6cp29KKdGamYnfL3jYltx0EDx6syDPfV0jShOk7Zw=";
+  };
+
+in {
+
+  inherit (programs) plik plikd-unwrapped;
+
+  plikd = runCommand "plikd-${version}" { nativeBuildInputs = [ makeWrapper ]; } ''
+    mkdir -p $out/libexec/plikd/{bin,webapp} $out/bin
+    tar xf ${webapp} plik-${version}-linux-amd64/webapp/dist/
+    mv plik-*/webapp/dist $out/libexec/plikd/webapp
+    cp ${programs.plikd-unwrapped}/bin/plikd $out/libexec/plikd/bin/plikd
+    makeWrapper $out/libexec/plikd/bin/plikd $out/bin/plikd \
+      --run "cd $out/libexec/plikd/bin"
+  '';
+}

pkgs/servers/plik/programs.nix

@@ -0,0 +1,42 @@
+{ lib, buildGoModule, fetchFromGitHub, fetchurl, makeWrapper, runCommand }:
+
+let
+  version = "1.3.1";
+
+  src = fetchFromGitHub {
+    owner = "root-gg";
+    repo = "plik";
+    rev = version;
+    sha256 = "C/1Uwjsqd9n3WSXlnlq9K3EJHkLOSavS9cPqF2UqmGo=";
+  };
+
+  vendorSha256 = "klmWXC3tkoOcQHhiQZjR2C5jqaRJqMQOLtVxZ0cFq/Y=";
+
+  meta = with lib; {
+    homepage = "https://plik.root.gg/";
+    description = "Scalable & friendly temporary file upload system";
+    maintainers = with maintainers; [ freezeboy ];
+    license = licenses.mit;
+  };
+in {
+
+  plik = buildGoModule {
+    pname = "plik";
+    inherit version meta src vendorSha256;
+
+    subPackages = [ "client" ];
+    postInstall = ''
+      mv $out/bin/client $out/bin/plik
+    '';
+  };
+
+  plikd-unwrapped = buildGoModule {
+    pname = "plikd-unwrapped";
+    inherit version src vendorSha256;
+
+    subPackages = [ "server" ];
+    postFixup = ''
+      mv $out/bin/server $out/bin/plikd
+    '';
+  };
+}

pkgs/top-level/all-packages.nix

@@ -7210,6 +7210,9 @@ in
 
   plujain-ramp = callPackage ../applications/audio/plujain-ramp { };
 
+  inherit (callPackage ../servers/plik { })
+    plik plikd;
+
   plex = callPackage ../servers/plex { };
   plexRaw = callPackage ../servers/plex/raw.nix { };