{ config, lib, pkgs, ...}: with lib; let cfg = config.services.gitit; yesNo = b: if b then "yes" else "no"; gititConf = with cfg; pkgs.writeText "gitit.conf" '' address: ${address} port: ${toString port} wiki-title: ${wiki-title} repository-type: Git repository-path: /var/lib/gitit/wikidata user-file: /var/lib/gitit/gitit-users require-authentication: ${require-authentication} authentication-method: ${authentication-method} static-dir: ${toString static-dir} templates-dir: ${toString templates-dir} cache-dir: /var/lib/gitit/cache log-file: /var/lib/gitit/gitit.log disable-registration: ${yesNo disable-registration} access-question: ${access-question} access-question-answers: ${access-question-answers} ''; in { options.services.gitit = { enable = mkEnableOption "gitit"; address = mkOption { type = lib.types.str; default = "0.0.0.0"; description = "Sets the IP address on which the web server will listen."; }; port = mkOption { type = lib.types.int; default = 5001; description = "Sets the port on which the web server will run."; }; disable-registration = mkOption { type = lib.types.bool; default = false; description = "If true, disables registering new users on the wiki"; }; wiki-title = mkOption { type = lib.types.str; default = "Wiki"; description = "The title of the wiki."; }; access-question = mkOption { type = lib.types.str; default = ""; description = '' specifies a question that users must answer when they attempt to create an account, along with a comma-separated list of acceptable answers. This can be used to institute a rudimentary password for signing up as a user on the wiki, or as an alternative to reCAPTCHA. Example: access-question: What is the code given to you by Ms. X? access-question-answers: RED DOG, red dog ''; }; access-question-answers = mkOption { type = lib.types.str; default = ""; description = '' specifies the answer that users must answer when they attempt to create an account, along with a comma-separated list of acceptable answers. This can be used to institute a rudimentary password for signing up as a user on the wiki, or as an alternative to reCAPTCHA. Example: access-question: What is the code given to you by Ms. X? access-question-answers: RED DOG, red dog ''; }; require-authentication = mkOption { type = lib.types.enum ["none" "read" "modify"]; default = "modify"; description = '' if 'none' login is never required, and pages can be edited anonymously. if 'modify', login is required to modify the wiki (edit, add, delete pages, upload files) if 'read', login is required to see any wiki pages ''; }; static-dir = mkOption { type = lib.types.path; default = "/var/lib/gitit/data/static"; description = '' specifies the path of the static directory (containing javascript, css, and images). If it does not exist, gitit will create it and populate it with required scripts, stylesheets and images. ''; }; templates-dir = mkOption { type = lib.types.path; default = "/var/lib/gitit/data/templates"; description = '' specifies the path of the directory containing page templates. If it does not exist, gitit will create it with default templates. Users may with to edit the templates to customize the appearance of their wiki. The template files are HStringTemplate templates. Variables to be interpolated appear between $'s. Literal $'s must be backslash-escaped. ''; }; authentication-method = mkOption { type = lib.types.enum ["form" "http" "generic"]; default = "form"; description = '' 'form' means that users will be logged in and registered using forms in the gitit web interface. 'http' means that gitit will assume that HTTP authentication is in place and take the logged in username from the "Authorization" field of the HTTP request header (in addition, the login/logout and registration links will be suppressed). 'generic' means that gitit will assume that some form of authentication is in place that directly sets REMOTE_USER to the name of the authenticated user (e.g. mod_auth_cas on apache). 'rpx' means that gitit will attempt to log in through https://rpxnow.com. This requires that 'rpx-domain', 'rpx-key', and 'base-url' be set below, and that 'curl' be in the system path. 'github' means that you are redirected to github website and need to avail gitit to use your credential from there (github name and email). Your email is used to identify you when you push your wiki data to git to identify you as the author ''; }; }; config = lib.mkIf cfg.enable { users.users.gitit = { home = "/var/lib/gitit"; createHome = true; isSystemUser = true; group = "gitit"; }; users.groups.gitit = {}; systemd.services.gitit = { description = "Git and Pandoc Powered Wiki"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; path = with pkgs; [ curl git ]; preStart = '' chown gitit:gitit -R /var/lib/gitit ''; serviceConfig = { User = config.users.users.gitit.name; Group = config.users.groups.gitit.name; ExecStart = "${pkgs.gitit}/bin/gitit -f ${gititConf}"; }; }; }; }