Merge pull request #46370 from primeos/nixos-sks

sks,nixos/sks: Various minor improvements Module: - Add a webroot option (serve a website by default, makes the setup easier) - Explicitly set a group (instead of using 65534/nogroup) - Move pkgs.sks from environment.systemPackages to the "sks" user and add pkgs.db Package: - Adapt the output of "sks version" to NixOS - Copy the example webpages to $webSamples
6 years ago · b58a230c60
parent 0ce6e32cb7 53ef5441bb
commit b58a230c60
3 changed files with 69 additions and 13 deletions
--- a/nixos/modules/services/security/sks.nix
+++ b/nixos/modules/services/security/sks.nix
@ -53,39 +53,60 @@ in {
        type = types.ints.u16;
        description = "HKP port to listen on.";
      };
+
+      webroot = mkOption {
+        type = types.nullOr types.path;
+        default = "${sksPkg.webSamples}/OpenPKG";
+        defaultText = "\${pkgs.sks.webSamples}/OpenPKG";
+        description = ''
+          Source directory (will be symlinked, if not null) for the files the
+          built-in webserver should serve. SKS (''${pkgs.sks.webSamples})
+          provides the following examples: "HTML5", "OpenPKG", and "XHTML+ES".
+          The index file can be named index.html, index.htm, index.xhtm, or
+          index.xhtml. Files with the extensions .css, .es, .js, .jpg, .jpeg,
+          .png, or .gif are supported. Subdirectories and filenames with
+          anything other than alphanumeric characters and the '.' character
+          will be ignored.
+        '';
+      };
    };
  };

  config = mkIf cfg.enable {

-    environment.systemPackages = [ sksPkg ];
-    
-    users.users.sks = {
-      createHome = true;
-      home = cfg.dataDir;
-      isSystemUser = true;
-      shell = "${pkgs.coreutils}/bin/true";
+    users = {
+      users.sks = {
+        isSystemUser = true;
+        description = "SKS user";
+        home = cfg.dataDir;
+        createHome = true;
+        group = "sks";
+        useDefaultShell = true;
+        packages = [ sksPkg pkgs.db ];
+      };
+      groups.sks = { };
    };

    systemd.services = let
      hkpAddress = "'" + (builtins.concatStringsSep " " cfg.hkpAddress) + "'" ;
      hkpPort = builtins.toString cfg.hkpPort;
-      home = config.users.users.sks.home;
-      user = config.users.users.sks.name;
    in {
      "sks-db" = {
        description = "SKS database server";
        after = [ "network.target" ];
        wantedBy = [ "multi-user.target" ];
        preStart = ''
-          mkdir -p ${home}/dump
-          ${sksPkg}/bin/sks build ${home}/dump/*.gpg -n 10 -cache 100 || true #*/
+          ${lib.optionalString (cfg.webroot != null)
+            "ln -sfT \"${cfg.webroot}\" web"}
+          mkdir -p dump
+          ${sksPkg}/bin/sks build dump/*.gpg -n 10 -cache 100 || true #*/
          ${sksPkg}/bin/sks cleandb || true
          ${sksPkg}/bin/sks pbuild -cache 20 -ptree_cache 70 || true
        '';
        serviceConfig = {
-          WorkingDirectory = home;
-          User = user;
+          WorkingDirectory = "~";
+          User = "sks";
+          Group = "sks";
          Restart = "always";
          ExecStart = "${sksPkg}/bin/sks db -hkp_address ${hkpAddress} -hkp_port ${hkpPort}";
        };
--- a/pkgs/servers/sks/adapt-to-nixos.patch
+++ b/pkgs/servers/sks/adapt-to-nixos.patch
@ -0,0 +1,27 @@
+--- a/version.ml	2018-09-08 15:56:18.919154257 +0200
+++ b/version.ml	2018-09-08 15:56:07.544028575 +0200
+@@ -24,16 +24,6 @@
+ 
+ let run () =
+   let bdb_version = Bdb.version () in
+-  let dbstats_dir =
+-    let split = Str.regexp_string "." in
+-    let major_minor_string major minor =
+-      sprintf "Further details about the BDB environment can be seen by \
+-	  executing\ndb%s.%s_stat -x in the KDB and Ptree directories\n" major minor
+-    in
+-    match Str.split split bdb_version with
+-    | major :: minor :: _ -> major_minor_string major minor
+-    | [] | _ :: []        -> major_minor_string "X"   "Y"
+-  in
+   printf "SKS version %s%s\n"
+     Common.version Common.version_suffix;
+ 	
+@@ -44,5 +34,6 @@
+          requirement for recon of SKS %s\n"
+       Common.compatible_version_string;
+ 	
+-  printf "%s" dbstats_dir
+  printf "Further details about the BDB environment can be seen by executing\n\
+    db_stat -x in the KDB and PTree directories\n"
+ 
--- a/pkgs/servers/sks/default.nix
+++ b/pkgs/servers/sks/default.nix
@ -11,6 +11,11 @@ stdenv.mkDerivation rec {
    sha256 = "00q5ma5rvl10rkc6cdw8d69bddgrmvy0ckqj3hbisy65l4idj2zm";
  };

+  # pkgs.db provides db_stat, not db$major.$minor_stat
+  patches = [ ./adapt-to-nixos.patch ];
+
+  outputs = [ "out" "webSamples" ];
+
  buildInputs = [ ocaml zlib db perl camlp4 ];

  makeFlags = [ "PREFIX=$(out)" "MANDIR=$(out)/share/man" ];
@ -26,6 +31,9 @@ stdenv.mkDerivation rec {
  doCheck = true;
  checkPhase = "./sks unit_test";

+  # Copy the web examples for the NixOS module
+  postInstall = "cp -R sampleWeb $webSamples";
+
  meta = with stdenv.lib; {
    description = "An easily deployable & decentralized OpenPGP keyserver";
    longDescription = ''