nixos/moinmoin: init module #68327
nixos/moinmoin: init module #68327
Conversation
|
Thanks for the quick feedback guys! Regarding the farmconfig, I currently only run single wiki instance so I don't need it, though easy way of running multiple instances seemed like a nice thing to have. I see several possibilities here:
What do you think? Changes:
|
|
I've updated the module to use gunicorn instead of uWSGI as an application server. Personally, gunicorn seems easier to use than uWSGI, and it is possible to use systemd sandboxing options. Haven't enabled Changes:
|
|
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/prs-ready-for-review-may-2019/3032/62 |
|
@GrahamcOfBorg test moin |
| "d /run/moin 0750 ${user} ${group} - -" | ||
| "d ${dataDir} 0550 ${user} ${group} - -" | ||
| ] | ||
| ++ (concatLists (flip mapAttrsToList cfg.wikis (wikiIdent: wiki: [ |
There was a problem hiding this comment.
Is there any concept of 'migrations' in moinmoin which might have some problems introduced during version upgrades here (particularly the C entries in your tmpfiles)? While I do like the declarative nature of tmpfiles I have concerns that tmpfiles may not be flexible enough if upgrading between versions of moinmoin requires special handling.
I'm not familiar with moinmoin as a sysadmin, so if my question is of no concern please disregard.
There was a problem hiding this comment.
The data dir is supposed to be migrated to newer version using
moin --config-dir=/path/to/config_dir --wiki-url=wiki.example.org/ migration data.
Not sure whether we should do this automatically, however the C should be fine here for manual migrations.
Regarding the underlay dir the docs suggest to replace it with the one from the newer version. We can make preStart always replace it at the cost of slower startup. Symlinking doesn't work unfortunately.
References:
| indentLines = n: str: concatMapStrings (line: "${fixedWidthString n " " " "}${line}\n") (splitString "\n" str); | ||
|
|
||
| moinCliWrapper = wikiIdent: pkgs.writeShellScriptBin "moin-${wikiIdent}" '' | ||
| ${pkgs.su}/bin/su -s ${pkgs.runtimeShell} -c "${pkg}/bin/moin --config-dir=/var/lib/moin/${wikiIdent}/config $*" ${user} |
There was a problem hiding this comment.
If you didn't use su but instead just ran the command then nixos sysadmins could have better control over the access to this script with sudo rules. The sysadmin can always type sudo -u moin-ExampleWiki to be explicit.
There was a problem hiding this comment.
I wanted to make setting up simple instance as easy as possible, not sure whether a script that just adds single argument to the moin cli helps with that. For maximum flexibility the moin cli is added to systemPackages as well.
Or did you mean to use sudo with some default rules instead?
There was a problem hiding this comment.
Personally I don't like the approach taken here (a script using su) and my preference would certainly be to document setting up access via sudo rules. I want to be clear on this point what I state is only my opinion, and not a hard requirement preventing this PR from being merged. You may take either approach.
|
@GrahamcOfBorg test moin |
|
@GrahamcOfBorg test moinmoin Renamed the test as well:) |
|
@GrahamcOfBorg test moinmoin |
|
This looks good to me, @aanderse a final word? |
|
@GrahamcOfBorg test moinmoin |
|
Thx for the review everyone! |
Motivation for this change
Migrating my wiki instance from CentOS->NixOS.
Things done
sandboxinnix.confon non-NixOS)nix-shell -p nix-review --run "nix-review wip"./result/bin/)nix path-info -Sbefore and after)Notify maintainers
cc @abbradar @danieldk