{ config, lib, pkgs, ... }: let inherit (lib) mkEnableOption mkForce mkIf mkMerge mkOption optionalAttrs recursiveUpdate types maintainers; inherit (lib) concatMapStringsSep flatten mapAttrs mapAttrs' mapAttrsToList nameValuePair concatMapStringSep; eachSite = config.services.dokuwiki; user = "dokuwiki"; group = config.services.nginx.group; dokuwikiAclAuthConfig = cfg: pkgs.writeText "acl.auth.php" '' # acl.auth.php # <?php exit()?> # # Access Control Lists # ${toString cfg.acl} ''; dokuwikiLocalConfig = cfg: pkgs.writeText "local.php" '' <?php $conf['savedir'] = '${cfg.stateDir}'; $conf['superuser'] = '${toString cfg.superUser}'; $conf['useacl'] = '${toString cfg.aclUse}'; $conf['disableactions'] = '${cfg.disableActions}'; ${toString cfg.extraConfig} ''; dokuwikiPluginsLocalConfig = cfg: pkgs.writeText "plugins.local.php" '' <?php ${cfg.pluginsConfig} ''; pkg = hostName: cfg: pkgs.stdenv.mkDerivation rec { pname = "dokuwiki-${hostName}"; version = src.version; src = cfg.package; installPhase = '' mkdir -p $out cp -r * $out/ # symlink the dokuwiki config ln -s ${dokuwikiLocalConfig cfg} $out/share/dokuwiki/local.php # symlink plugins config ln -s ${dokuwikiPluginsLocalConfig cfg} $out/share/dokuwiki/plugins.local.php # symlink acl ln -s ${dokuwikiAclAuthConfig cfg} $out/share/dokuwiki/acl.auth.php # symlink additional plugin(s) and templates(s) ${concatMapStringsSep "\n" (template: "ln -s ${template} $out/share/dokuwiki/lib/tpl/${template.name}") cfg.templates} ${concatMapStringsSep "\n" (plugin: "ln -s ${plugin} $out/share/dokuwiki/lib/plugins/${plugin.name}") cfg.plugins} ''; }; siteOpts = { config, lib, name, ...}: { options = { enable = mkEnableOption "DokuWiki web application."; package = mkOption { type = types.package; default = pkgs.dokuwiki; description = "Which dokuwiki package to use."; }; hostName = mkOption { type = types.str; default = "localhost"; description = "FQDN for the instance."; }; stateDir = mkOption { type = types.path; default = "/var/lib/dokuwiki/${name}/data"; description = "Location of the dokuwiki state directory."; }; acl = mkOption { type = types.nullOr types.lines; default = null; example = "* @ALL 8"; description = '' Access Control Lists: see <link xlink:href="https://www.dokuwiki.org/acl"/> Mutually exclusive with services.dokuwiki.aclFile Set this to a value other than null to take precedence over aclFile option. Warning: Consider using aclFile instead if you do not want to store the ACL in the world-readable Nix store. ''; }; aclFile = mkOption { type = with types; nullOr str; default = if (config.aclUse && config.acl == null) then "/var/lib/dokuwiki/${name}/acl.auth.php" else null; description = '' Location of the dokuwiki acl rules. Mutually exclusive with services.dokuwiki.acl Mutually exclusive with services.dokuwiki.acl which is preferred. Consult documentation <link xlink:href="https://www.dokuwiki.org/acl"/> for further instructions. Example: <link xlink:href="https://github.com/splitbrain/dokuwiki/blob/master/conf/acl.auth.php.dist"/> ''; example = "/var/lib/dokuwiki/${name}/acl.auth.php"; }; aclUse = mkOption { type = types.bool; default = true; description = '' Necessary for users to log in into the system. Also limits anonymous users. When disabled, everyone is able to create and edit content. ''; }; pluginsConfig = mkOption { type = types.lines; default = '' $plugins['authad'] = 0; $plugins['authldap'] = 0; $plugins['authmysql'] = 0; $plugins['authpgsql'] = 0; ''; description = '' List of the dokuwiki (un)loaded plugins. ''; }; superUser = mkOption { type = types.nullOr types.str; default = "@admin"; description = '' You can set either a username, a list of usernames (βadmin1,admin2β), or the name of a group by prepending an @ char to the groupname Consult documentation <link xlink:href="https://www.dokuwiki.org/config:superuser"/> for further instructions. ''; }; usersFile = mkOption { type = with types; nullOr str; default = if config.aclUse then "/var/lib/dokuwiki/${name}/users.auth.php" else null; description = '' Location of the dokuwiki users file. List of users. Format: login:passwordhash:Real Name:email:groups,comma,separated Create passwordHash easily by using:$ mkpasswd -5 password `pwgen 8 1` Example: <link xlink:href="https://github.com/splitbrain/dokuwiki/blob/master/conf/users.auth.php.dist"/> ''; example = "/var/lib/dokuwiki/${name}/users.auth.php"; }; disableActions = mkOption { type = types.nullOr types.str; default = ""; example = "search,register"; description = '' Disable individual action modes. Refer to <link xlink:href="https://www.dokuwiki.org/config:action_modes"/> for details on supported values. ''; }; extraConfig = mkOption { type = types.nullOr types.lines; default = null; example = '' $conf['title'] = 'My Wiki'; $conf['userewrite'] = 1; ''; description = '' DokuWiki configuration. Refer to <link xlink:href="https://www.dokuwiki.org/config"/> for details on supported values. ''; }; plugins = mkOption { type = types.listOf types.path; default = []; description = '' List of path(s) to respective plugin(s) which are copied from the 'plugin' directory. <note><para>These plugins need to be packaged before use, see example.</para></note> ''; example = '' # Let's package the icalevents plugin plugin-icalevents = pkgs.stdenv.mkDerivation { name = "icalevents"; # Download the plugin from the dokuwiki site src = pkgs.fetchurl { url = "https://github.com/real-or-random/dokuwiki-plugin-icalevents/releases/download/2017-06-16/dokuwiki-plugin-icalevents-2017-06-16.zip"; sha256 = "e40ed7dd6bbe7fe3363bbbecb4de481d5e42385b5a0f62f6a6ce6bf3a1f9dfa8"; }; sourceRoot = "."; # We need unzip to build this package buildInputs = [ pkgs.unzip ]; # Installing simply means copying all files to the output directory installPhase = "mkdir -p $out; cp -R * $out/"; }; # And then pass this theme to the plugin list like this: plugins = [ plugin-icalevents ]; ''; }; templates = mkOption { type = types.listOf types.path; default = []; description = '' List of path(s) to respective template(s) which are copied from the 'tpl' directory. <note><para>These templates need to be packaged before use, see example.</para></note> ''; example = '' # Let's package the bootstrap3 theme template-bootstrap3 = pkgs.stdenv.mkDerivation { name = "bootstrap3"; # Download the theme from the dokuwiki site src = pkgs.fetchurl { url = "https://github.com/giterlizzi/dokuwiki-template-bootstrap3/archive/v2019-05-22.zip"; sha256 = "4de5ff31d54dd61bbccaf092c9e74c1af3a4c53e07aa59f60457a8f00cfb23a6"; }; # We need unzip to build this package buildInputs = [ pkgs.unzip ]; # Installing simply means copying all files to the output directory installPhase = "mkdir -p $out; cp -R * $out/"; }; # And then pass this theme to the template list like this: templates = [ template-bootstrap3 ]; ''; }; poolConfig = mkOption { type = with types; attrsOf (oneOf [ str int bool ]); default = { "pm" = "dynamic"; "pm.max_children" = 32; "pm.start_servers" = 2; "pm.min_spare_servers" = 2; "pm.max_spare_servers" = 4; "pm.max_requests" = 500; }; description = '' Options for the dokuwiki PHP pool. See the documentation on <literal>php-fpm.conf</literal> for details on configuration directives. ''; }; nginx = mkOption { type = types.submodule ( recursiveUpdate (import ../web-servers/nginx/vhost-options.nix { inherit config lib; }) {} ); default = {}; example = { serverAliases = [ "wiki.\${config.networking.domain}" ]; # To enable encryption and let let's encrypt take care of certificate forceSSL = true; enableACME = true; }; description = '' With this option, you can customize the nginx virtualHost settings. ''; }; }; }; in { # interface options = { services.dokuwiki = mkOption { type = types.attrsOf (types.submodule siteOpts); default = {}; description = "Sepcification of one or more dokuwiki sites to serve."; }; }; # implementation config = mkIf (eachSite != {}) { warnings = mapAttrsToList (hostName: cfg: mkIf (cfg.superUser == null) "Not setting services.dokuwiki.${hostName} superUser will impair your ability to administer DokuWiki") eachSite; assertions = flatten (mapAttrsToList (hostName: cfg: [{ assertion = cfg.aclUse -> (cfg.acl != null || cfg.aclFile != null); message = "Either services.dokuwiki.${hostName}.acl or services.dokuwiki.${hostName}.aclFile is mandatory if aclUse true"; } { assertion = cfg.usersFile != null -> cfg.aclUse != false; message = "services.dokuwiki.${hostName}.aclUse must must be true if usersFile is not null"; } ]) eachSite); services.phpfpm.pools = mapAttrs' (hostName: cfg: ( nameValuePair "dokuwiki-${hostName}" { inherit user; inherit group; phpEnv = { DOKUWIKI_LOCAL_CONFIG = "${dokuwikiLocalConfig cfg}"; DOKUWIKI_PLUGINS_LOCAL_CONFIG = "${dokuwikiPluginsLocalConfig cfg}"; } // optionalAttrs (cfg.usersFile != null) { DOKUWIKI_USERS_AUTH_CONFIG = "${cfg.usersFile}"; } //optionalAttrs (cfg.aclUse) { DOKUWIKI_ACL_AUTH_CONFIG = if (cfg.acl != null) then "${dokuwikiAclAuthConfig cfg}" else "${toString cfg.aclFile}"; }; settings = { "listen.mode" = "0660"; "listen.owner" = user; "listen.group" = group; } // cfg.poolConfig; })) eachSite; services.nginx = { enable = true; virtualHosts = mapAttrs (hostName: cfg: mkMerge [ cfg.nginx { root = mkForce "${pkg hostName cfg}/share/dokuwiki"; extraConfig = lib.optionalString (cfg.nginx.addSSL || cfg.nginx.forceSSL || cfg.nginx.onlySSL || cfg.nginx.enableACME) "fastcgi_param HTTPS on;"; locations."~ /(conf/|bin/|inc/|install.php)" = { extraConfig = "deny all;"; }; locations."~ ^/data/" = { root = "${cfg.stateDir}"; extraConfig = "internal;"; }; locations."~ ^/lib.*\.(js|css|gif|png|ico|jpg|jpeg)$" = { extraConfig = "expires 365d;"; }; locations."/" = { priority = 1; index = "doku.php"; extraConfig = ''try_files $uri $uri/ @dokuwiki;''; }; locations."@dokuwiki" = { extraConfig = '' # rewrites "doku.php/" out of the URLs if you set the userwrite setting to .htaccess in dokuwiki config page rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; rewrite ^/(.*) /doku.php?id=$1&$args last; ''; }; locations."~ \.php$" = { extraConfig = '' try_files $uri $uri/ /doku.php; include ${pkgs.nginx}/conf/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param REDIRECT_STATUS 200; fastcgi_pass unix:${config.services.phpfpm.pools."dokuwiki-${hostName}".socket}; ${lib.optionalString (cfg.nginx.addSSL || cfg.nginx.forceSSL || cfg.nginx.onlySSL || cfg.nginx.enableACME) "fastcgi_param HTTPS on;"} ''; }; }]) eachSite; }; systemd.tmpfiles.rules = flatten (mapAttrsToList (hostName: cfg: [ "d ${cfg.stateDir}/attic 0750 ${user} ${group} - -" "d ${cfg.stateDir}/cache 0750 ${user} ${group} - -" "d ${cfg.stateDir}/index 0750 ${user} ${group} - -" "d ${cfg.stateDir}/locks 0750 ${user} ${group} - -" "d ${cfg.stateDir}/media 0750 ${user} ${group} - -" "d ${cfg.stateDir}/media_attic 0750 ${user} ${group} - -" "d ${cfg.stateDir}/media_meta 0750 ${user} ${group} - -" "d ${cfg.stateDir}/meta 0750 ${user} ${group} - -" "d ${cfg.stateDir}/pages 0750 ${user} ${group} - -" "d ${cfg.stateDir}/tmp 0750 ${user} ${group} - -" ] ++ lib.optional (cfg.aclFile != null) "C ${cfg.aclFile} 0640 ${user} ${group} - ${pkg hostName cfg}/share/dokuwiki/conf/acl.auth.php.dist" ++ lib.optional (cfg.usersFile != null) "C ${cfg.usersFile} 0640 ${user} ${group} - ${pkg hostName cfg}/share/dokuwiki/conf/users.auth.php.dist" ) eachSite); users.users.${user} = { group = group; isSystemUser = true; }; }; meta.maintainers = with maintainers; [ _1000101 ]; }