nixos-gitit/modules/gitit/default.nix

173 lines
6.1 KiB
Nix

{ config, lib, pkgs, ...}:
with lib;
let
cfg = config.services.gitit;
yesNo = b: if b then "yes" else "no";
gititConf = with cfg; pkgs.writeText "gitit.conf" ''
address: ${address}
port: ${toString port}
wiki-title: ${wiki-title}
repository-type: Git
repository-path: /var/lib/gitit/wikidata
user-file: /var/lib/gitit/gitit-users
require-authentication: ${require-authentication}
authentication-method: ${authentication-method}
static-dir: ${toString static-dir}
templates-dir: ${toString templates-dir}
cache-dir: /var/lib/gitit/cache
log-file: /var/lib/gitit/gitit.log
disable-registration: ${yesNo disable-registration}
access-question: ${access-question}
access-question-answers: ${access-question-answers}
max-upload-size: ${toString max-upload-size}K
'';
in
{
options.services.gitit = {
enable = mkEnableOption "gitit";
address = mkOption {
type = lib.types.str;
default = "0.0.0.0";
description = "Sets the IP address on which the web server will listen.";
};
port = mkOption {
type = lib.types.int;
default = 5001;
description = "Sets the port on which the web server will run.";
};
disable-registration = mkOption {
type = lib.types.bool;
default = false;
description = "If true, disables registering new users on the wiki";
};
wiki-title = mkOption {
type = lib.types.str;
default = "Wiki";
description = "The title of the wiki.";
};
max-upload-size = mkOption {
type = lib.types.int;
default = 100;
description = ''
specifies an upper limit on the size (in kilobytes) of files uploaded
through the wiki's web interface.
To disable uploads, set this to 0.
This will result in the uploads link disappearing
and the _upload url becoming inactive.
'';
};
access-question = mkOption {
type = lib.types.str;
default = "";
description = ''
specifies a question that users must answer when they attempt to create
an account, along with a comma-separated list of acceptable answers.
This can be used to institute a rudimentary password for signing up as
a user on the wiki, or as an alternative to reCAPTCHA.
Example:
access-question: What is the code given to you by Ms. X?
access-question-answers: RED DOG, red dog
'';
};
access-question-answers = mkOption {
type = lib.types.str;
default = "";
description = ''
specifies the answer that users must answer when they attempt to create
an account, along with a comma-separated list of acceptable answers.
This can be used to institute a rudimentary password for signing up as
a user on the wiki, or as an alternative to reCAPTCHA.
Example:
access-question: What is the code given to you by Ms. X?
access-question-answers: RED DOG, red dog
'';
};
require-authentication = mkOption {
type = lib.types.enum ["none" "read" "modify"];
default = "modify";
description = ''
if 'none' login is never required, and pages can be edited anonymously.
if 'modify', login is required to modify the wiki (edit, add, delete pages, upload files)
if 'read', login is required to see any wiki pages
'';
};
static-dir = mkOption {
type = lib.types.path;
default = "/var/lib/gitit/data/static";
description = ''
specifies the path of the static directory (containing javascript, css,
and images). If it does not exist, gitit will create it and populate it
with required scripts, stylesheets and images.
'';
};
templates-dir = mkOption {
type = lib.types.path;
default = "/var/lib/gitit/data/templates";
description = ''
specifies the path of the directory containing page templates. If it
does not exist, gitit will create it with default templates. Users may
with to edit the templates to customize the appearance of their wiki.
The template files are HStringTemplate templates. Variables to be
interpolated appear between $'s. Literal $'s must be backslash-escaped.
'';
};
authentication-method = mkOption {
type = lib.types.enum ["form" "http" "generic"];
default = "form";
description = ''
'form' means that users will be logged in and registered using forms in
the gitit web interface.
'http' means that gitit will assume that HTTP authentication is in
place and take the logged in username from the "Authorization" field of
the HTTP request header (in addition, the login/logout and registration
links will be suppressed).
'generic' means that gitit will assume that some form of authentication
is in place that directly sets REMOTE_USER to the name of the
authenticated user (e.g. mod_auth_cas on apache).
'rpx' means that gitit will attempt to log in through
https://rpxnow.com. This requires that 'rpx-domain', 'rpx-key', and
'base-url' be set below, and that 'curl' be in the system path.
'github' means that you are redirected to github website and need to
avail gitit to use your credential from there (github name and email).
Your email is used to identify you when you push your wiki data to git
to identify you as the author
'';
};
};
config = lib.mkIf cfg.enable {
users.users.gitit = {
home = "/var/lib/gitit";
createHome = true;
isSystemUser = true;
group = "gitit";
};
users.groups.gitit = {};
systemd.services.gitit = {
description = "Git and Pandoc Powered Wiki";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
path = with pkgs; [ curl git ];
preStart = ''
chown gitit:gitit -R /var/lib/gitit
'';
serviceConfig = {
User = config.users.users.gitit.name;
Group = config.users.groups.gitit.name;
ExecStart = "${pkgs.gitit}/bin/gitit -f ${gititConf}";
};
};
};
}