160 lines
5.6 KiB
Nix
160 lines
5.6 KiB
Nix
|
{ config, lib, pkgs, ...}:
|
||
|
|
||
|
with lib;
|
||
|
|
||
|
let
|
||
|
|
||
|
cfg = config.services.gitit;
|
||
|
yesNo = b: if b then "yes" else "no";
|
||
|
gititConf = with cfg; pkgs.writeText "gitit.conf" ''
|
||
|
address: ${address}
|
||
|
port: ${toString port}
|
||
|
wiki-title: ${wiki-title}
|
||
|
repository-type: Git
|
||
|
repository-path: /var/lib/gitit/wikidata
|
||
|
require-authentication: ${require-authentication}
|
||
|
authentication-method: ${authentication-method}
|
||
|
static-dir: ${toString static-dir}
|
||
|
templates-dir: ${toString templates-dir}
|
||
|
cache-dir: /var/lib/gitit/cache
|
||
|
log-file: /var/lib/gitit/gitit.log
|
||
|
disable-registration: ${yesNo disable-registration}
|
||
|
access-question: ${access-question}
|
||
|
access-question-answers: ${access-question-answers}
|
||
|
'';
|
||
|
|
||
|
in
|
||
|
|
||
|
{
|
||
|
options.services.gitit = {
|
||
|
enable = mkEnableOption "gitit";
|
||
|
address = mkOption {
|
||
|
type = lib.types.str;
|
||
|
default = "0.0.0.0";
|
||
|
description = "Sets the IP address on which the web server will listen.";
|
||
|
};
|
||
|
port = mkOption {
|
||
|
type = lib.types.int;
|
||
|
default = 5001;
|
||
|
description = "Sets the port on which the web server will run.";
|
||
|
};
|
||
|
disable-registration = mkOption {
|
||
|
type = lib.types.bool;
|
||
|
default = false;
|
||
|
description = "If true, disables registering new users on the wiki";
|
||
|
};
|
||
|
wiki-title = mkOption {
|
||
|
type = lib.types.str;
|
||
|
default = "Wiki";
|
||
|
description = "The title of the wiki.";
|
||
|
};
|
||
|
access-question = mkOption {
|
||
|
type = lib.types.str;
|
||
|
default = "";
|
||
|
description = ''
|
||
|
specifies a question that users must answer when they attempt to create
|
||
|
an account, along with a comma-separated list of acceptable answers.
|
||
|
This can be used to institute a rudimentary password for signing up as
|
||
|
a user on the wiki, or as an alternative to reCAPTCHA.
|
||
|
Example:
|
||
|
access-question: What is the code given to you by Ms. X?
|
||
|
access-question-answers: RED DOG, red dog
|
||
|
'';
|
||
|
};
|
||
|
access-question-answers = mkOption {
|
||
|
type = lib.types.str;
|
||
|
default = "";
|
||
|
description = ''
|
||
|
specifies the answer that users must answer when they attempt to create
|
||
|
an account, along with a comma-separated list of acceptable answers.
|
||
|
This can be used to institute a rudimentary password for signing up as
|
||
|
a user on the wiki, or as an alternative to reCAPTCHA.
|
||
|
Example:
|
||
|
access-question: What is the code given to you by Ms. X?
|
||
|
access-question-answers: RED DOG, red dog
|
||
|
'';
|
||
|
};
|
||
|
require-authentication = mkOption {
|
||
|
type = lib.types.enum ["none" "read" "modify"];
|
||
|
default = "modify";
|
||
|
description = ''
|
||
|
if 'none' login is never required, and pages can be edited anonymously.
|
||
|
if 'modify', login is required to modify the wiki (edit, add, delete pages, upload files)
|
||
|
if 'read', login is required to see any wiki pages
|
||
|
'';
|
||
|
};
|
||
|
static-dir = mkOption {
|
||
|
type = lib.types.path;
|
||
|
default = "/var/lib/gitit/data/static";
|
||
|
description = ''
|
||
|
specifies the path of the static directory (containing javascript, css,
|
||
|
and images). If it does not exist, gitit will create it and populate it
|
||
|
with required scripts, stylesheets and images.
|
||
|
'';
|
||
|
};
|
||
|
templates-dir = mkOption {
|
||
|
type = lib.types.path;
|
||
|
default = "/var/lib/gitit/data/templates";
|
||
|
description = ''
|
||
|
specifies the path of the directory containing page templates. If it
|
||
|
does not exist, gitit will create it with default templates. Users may
|
||
|
with to edit the templates to customize the appearance of their wiki.
|
||
|
The template files are HStringTemplate templates. Variables to be
|
||
|
interpolated appear between $'s. Literal $'s must be backslash-escaped.
|
||
|
'';
|
||
|
};
|
||
|
authentication-method = mkOption {
|
||
|
type = lib.types.enum ["form" "http" "generic"];
|
||
|
default = "form";
|
||
|
description = ''
|
||
|
'form' means that users will be logged in and registered using forms in
|
||
|
the gitit web interface.
|
||
|
|
||
|
'http' means that gitit will assume that HTTP authentication is in
|
||
|
place and take the logged in username from the "Authorization" field of
|
||
|
the HTTP request header (in addition, the login/logout and registration
|
||
|
links will be suppressed).
|
||
|
|
||
|
'generic' means that gitit will assume that some form of authentication
|
||
|
is in place that directly sets REMOTE_USER to the name of the
|
||
|
authenticated user (e.g. mod_auth_cas on apache).
|
||
|
|
||
|
'rpx' means that gitit will attempt to log in through
|
||
|
https://rpxnow.com. This requires that 'rpx-domain', 'rpx-key', and
|
||
|
'base-url' be set below, and that 'curl' be in the system path.
|
||
|
|
||
|
'github' means that you are redirected to github website and need to
|
||
|
avail gitit to use your credential from there (github name and email).
|
||
|
Your email is used to identify you when you push your wiki data to git
|
||
|
to identify you as the author
|
||
|
'';
|
||
|
};
|
||
|
};
|
||
|
|
||
|
config = lib.mkIf cfg.enable {
|
||
|
users.users.gitit = {
|
||
|
home = "/var/lib/gitit";
|
||
|
createHome = true;
|
||
|
isSystemUser = true;
|
||
|
group = "gitit";
|
||
|
};
|
||
|
users.groups.gitit = {};
|
||
|
systemd.services.gitit = {
|
||
|
description = "Git and Pandoc Powered Wiki";
|
||
|
after = [ "network.target" ];
|
||
|
wantedBy = [ "multi-user.target" ];
|
||
|
path = with pkgs; [ curl git ];
|
||
|
preStart = ''
|
||
|
chown gitit:gitit -R /var/lib/gitit
|
||
|
'';
|
||
|
serviceConfig = {
|
||
|
User = config.users.users.gitit.name;
|
||
|
Group = config.users.groups.gitit.name;
|
||
|
ExecStart = "${pkgs.gitit}/bin/gitit -f ${gititConf}";
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
}
|
||
|
|
||
|
|