betanin: apply deadnix

modules/betanin: simplify configuration
Use secret settings configuration that a handful of other NixOS modules do. Remove assertions. Remove beets config file setting.
2023-09-27 17:16:58 +10:00 · 2023-09-27 17:15:57 +10:00 · 2023-09-27 16:32:01 +10:00
4 changed files with 164 additions and 249 deletions
--- a/modules/services/web-apps/betanin.nix
+++ b/modules/services/web-apps/betanin.nix
@ -1,47 +1,16 @@
 { config, lib, pkgs, ... }:
 let
-  inherit (lib) mkIf mkOption optionalAttrs optionalString types;
+  inherit (builtins) hashString;
  inherit (lib) mkIf mkOption optionalAttrs types;
  cfg = config.services.betanin;
  defaultUser = "betanin";
  defaultGroup = "betanin";
  defaultSettings = {
    notifications = {
      services = { };
      strings = {
        title = "[betanin] torrent `$name` $status";
        body = "@ $time. view/use the console at http://127.0.0.1:${toString cfg.port}/$console_path";
      };
    };
  };
  finalSettings =
    let
      base = lib.filterAttrsRecursive (n: _: !(lib.hasSuffix "_file" n)) cfg.settings;
      clean = {
        frontend.password =
          if cfg.settings.frontend.password_file != null
          then "@password@"
          else cfg.settings.frontend.password;
        clients.api_key =
          if cfg.settings.clients.api_key_file != null
          then "@api_key@"
          else cfg.settings.clients.api_key;
      };
    in
    lib.foldl' lib.recursiveUpdate defaultSettings [ base clean ];
  settingsFormat = pkgs.formats.toml { };
  settingsFile = settingsFormat.generate "betanin.toml" finalSettings;
  beetsFormat = pkgs.formats.yaml { };
  beetsFile =
    if (cfg.beetsFile != null)
    then cfg.beetsFile
    else if (cfg.beetsConfig != { })
    then beetsFormat.generate "betanin-beets.yaml" cfg.beetsConfig
    else null;
 in
 {
  options = {
@ -85,106 +54,50 @@ in
      };
      settings = mkOption {
-        type = types.submodule {
+        type = settingsFormat.type;
-          freeformType = settingsFormat.type;
+        default = { };
          options.frontend.username = mkOption {
            type = types.str;
            default = "";
            description = "Username used to log into the frontend. Must be set.";
          };
          options.frontend.password = mkOption {
            type = types.str;
            default = "";
            description = ''
              Password used to log into the frontend. Either password or
              password_file must be set.
            '';
          };
          options.frontend.password_file = mkOption {
            type = with types; nullOr (either str path);
            default = null;
            description = ''
              File containing the password used to log into the frontend. The
              file must be readable by the betanin user/group.
              Using a password file keeps the password out of the Nix store, but
              the password is still stored in plain text in the service data
              directory.
            '';
          };
          options.clients.api_key = mkOption {
            type = types.nullOr types.str;
            default = "";
            description = ''
              API key used to access Betanin (e.g., from other services).
            '';
          };
          options.clients.api_key_file = mkOption {
            type = with types; nullOr (either str path);
            default = null;
            description = ''
              File containing the API key used to access Betanin (e.g., from
              other services). The file must be readable by the betanin
              user/group.
              Using a API key file keeps the API key out of the Nix store, but
              the API key is still stored in plain text in the service data
              directory.
            '';
          };
        };
        default = defaultSettings;
        example = lib.literalExpression ''
          {
            frontend = {
              username = "foo";
-              password_file = "/run/secrets/betaninPasswordFile";
+              password { _secret = "/run/secrets/betaninPasswordFile"; };
            };
            clients = {
-              api_key_file = "/run/secrets/betaninApiKeyFile";
+              api_key = { _secret = "/run/secrets/betaninApiKeyFile"; };
            };
            server = {
              num_parallel_jobs = 1;
            };
          }
        '';
-        description = "Configuration for betanin.";
+        description = lib.mdDoc ''
          Configuration for betanin.
          Options containing secret data should be set to an attribute set
          containing the attribute `_secret` - a string pointing to a file
          containing the value the option should be set to.
        '';
      };
-      beetsConfig = mkOption {
+      beets.settings = mkOption {
        description = "beets configuration.";
        type = beetsFormat.type;
        default = { };
-      };
+        description = lib.mdDoc "Configuration for beets used by betanin.";
      beetsFile = mkOption {
        description = "beets configuration file.";
        type = with types; nullOr (either str path);
        default = null;
      };
    };
  };
  config = mkIf cfg.enable {
-    assertions = [
+    services.betanin.settings = {
-      {
+      notifications = {
-        assertion = cfg.settings.frontend.username != "";
+        # Required to exist.
-        message = "services.betanin.settings.frontend.username is required";
+        services = { };
-      }
+        strings = {
-      {
+          title = lib.mkDefault "[betanin] torrent `$name` $status";
-        assertion = (cfg.settings.frontend.password == "") != (cfg.settings.frontend.password_file == null);
+          body = lib.mkDefault "@ $time. view/use the console at http://127.0.0.1:${toString cfg.port}/$console_path";
-        message = "services.betanin.settings.frontend.password or services.betanin.settings.frontend.password_file is required";
+        };
-      }
+      };
-      {
+    };
        assertion = (cfg.settings.clients.api_key == "") != (cfg.settings.clients.api_key_file == null);
        message = "services.betanin.settings.clients.api_key or services.betanin.settings.clients.api_key_file is required";
      }
    ];
    networking.firewall = mkIf cfg.openFirewall {
      allowedTCPPorts = [ cfg.port ];
@ -192,12 +105,20 @@ in
    systemd.services.betanin =
      let
-        replaceSecret = secretFile: placeholder: targetFile:
+        isSecret = v: lib.isAttrs v && v ? _secret && lib.isString v._secret;
-          optionalString (secretFile != null) ''
+        sanitisedConfig = lib.mapAttrsRecursiveCond
-            ${pkgs.replace-secret}/bin/replace-secret ${placeholder} ${secretFile} ${targetFile}
+          (as: !isSecret as)
-          '';
+          (_: v: if isSecret v then hashString "sha256" v._secret else v)
-        replaceConfigSecret = secretFile: placeholder:
+          cfg.settings;
-          replaceSecret secretFile placeholder "${cfg.dataDir}/.config/betanin/config.toml";
+        settingsFile = settingsFormat.generate "betanin.toml" sanitisedConfig;
        secretPaths = lib.catAttrs "_secret" (lib.collect isSecret cfg.settings);
        mkSecretReplacement = file: ''
          replace-secret ${hashString "sha256" file} ${file} "${cfg.dataDir}/.config/betanin/config.toml"
        '';
        secretReplacements = lib.concatMapStrings mkSecretReplacement secretPaths;
        beetsFile = beetsFormat.generate "betanin-beets.yaml" cfg.beets.settings;
      in
      {
        description = "Betanin service";
@ -210,15 +131,12 @@ in
        script = ''
          mkdir -p ${cfg.dataDir}/.config/betanin \
-            ${cfg.dataDir}/.config/beets \
+            ${cfg.dataDir}/.local/share/betanin \
-            ${cfg.dataDir}/.local/share/betanin
+            ${cfg.dataDir}/.config/beets
          cat ${settingsFile} > ${cfg.dataDir}/.config/betanin/config.toml
-          ${optionalString (beetsFile != null) ''
+          ln -sf ${beetsFile} ${cfg.dataDir}/.config/betanin/config.toml
-            ln -sf ${beetsFile} ${cfg.dataDir}/.config/betanin/config.toml
+          cat ${settingsFile} > ${cfg.dataDir}/.config/betanin/config.toml
-          ''}
+          ${secretReplacements}
          ${replaceConfigSecret cfg.settings.frontend.password_file "@password@"}
          ${replaceConfigSecret cfg.settings.clients.api_key_file "@api_key@"}
          ${cfg.package}/bin/betanin --port ${toString cfg.port}
        '';
--- a/pkgs/by-name/be/betanin/client/composition.nix
+++ b/pkgs/by-name/be/betanin/client/composition.nix
@ -1,8 +1,11 @@
 # This file has been generated by node2nix 1.11.1. Do not edit!
-{pkgs ? import <nixpkgs> {
+{ pkgs ? import <nixpkgs> {
    inherit system;
-  }, system ? builtins.currentSystem, nodejs ? pkgs."nodejs_18"}:
+  }
 , system ? builtins.currentSystem
 , nodejs ? pkgs."nodejs_18"
 }:
 let
  nodeEnv = import ./node-env.nix {
--- a/pkgs/by-name/be/betanin/client/node-env.nix
+++ b/pkgs/by-name/be/betanin/client/node-env.nix
@ -1,6 +1,6 @@
 # This file originates from node2nix
-{lib, stdenv, nodejs, python2, pkgs, libtool, runCommand, writeTextFile, writeShellScript}:
+{ lib, stdenv, nodejs, python2, pkgs, libtool, runCommand, writeTextFile, writeShellScript }:
 let
  # Workaround to cope with utillinux in Nixpkgs 20.09 and util-linux in Nixpkgs master
@ -9,7 +9,7 @@ let
  python = if nodejs ? python then nodejs.python else python2;
  # Create a tar wrapper that filters all the 'Ignoring unknown extended header keyword' noise
-  tarWrapper = runCommand "tarWrapper" {} ''
+  tarWrapper = runCommand "tarWrapper" { } ''
    mkdir -p $out/bin
    cat > $out/bin/tar <<EOF
@ -90,26 +90,28 @@ let
  # Bundle the dependencies of the package
  #
  # Only include dependencies if they don't exist. They may also be bundled in the package.
-  includeDependencies = {dependencies}:
+  includeDependencies = { dependencies }:
-    lib.optionalString (dependencies != []) (
+    lib.optionalString (dependencies != [ ]) (
      ''
        mkdir -p node_modules
        cd node_modules
      ''
-      + (lib.concatMapStrings (dependency:
+      + (lib.concatMapStrings
-        ''
+        (dependency:
-          if [ ! -e "${dependency.packageName}" ]; then
+          ''
-              ${composePackage dependency}
+            if [ ! -e "${dependency.packageName}" ]; then
-          fi
+                ${composePackage dependency}
-        ''
+            fi
-      ) dependencies)
+          ''
        )
        dependencies)
      + ''
        cd ..
      ''
    );
  # Recursively composes the dependencies of a package
-  composePackage = { name, packageName, src, dependencies ? [], ... }@args:
+  composePackage = { packageName, src, dependencies ? [ ], ... }:
    builtins.addErrorContext "while evaluating node package '${packageName}'" ''
      installPackage "${packageName}" "${src}"
      ${includeDependencies { inherit dependencies; }}
@ -117,7 +119,7 @@ let
      ${lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."}
    '';
-  pinpointDependencies = {dependencies, production}:
+  pinpointDependencies = { dependencies, production }:
    let
      pinpointDependenciesFromPackageJSON = writeTextFile {
        name = "pinpointDependencies.js";
@ -194,7 +196,7 @@ let
  # dependencies in the package.json file to the versions that are actually
  # being used.
-  pinpointDependenciesOfPackage = { packageName, dependencies ? [], production ? true, ... }@args:
+  pinpointDependenciesOfPackage = { packageName, dependencies ? [ ], production ? true, ... }:
    ''
      if [ -d "${packageName}" ]
      then
@ -207,7 +209,7 @@ let
  # Extract the Node.js source code which is used to compile packages with
  # native bindings
-  nodeSources = runCommand "node-sources" {} ''
+  nodeSources = runCommand "node-sources" { } ''
    tar --no-same-owner --no-same-permissions -xf ${nodejs.src}
    mv node-* $out
  '';
@ -414,64 +416,64 @@ let
    '';
  };
-  prepareAndInvokeNPM = {packageName, bypassCache, reconstructLock, npmFlags, production}:
+  prepareAndInvokeNPM = { packageName, bypassCache, reconstructLock, npmFlags, production }:
    let
      forceOfflineFlag = if bypassCache then "--offline" else "--registry http://www.example.com";
    in
    ''
-        # Pinpoint the versions of all dependencies to the ones that are actually being used
+      # Pinpoint the versions of all dependencies to the ones that are actually being used
-        echo "pinpointing versions of dependencies..."
+      echo "pinpointing versions of dependencies..."
-        source $pinpointDependenciesScriptPath
+      source $pinpointDependenciesScriptPath
-        # Patch the shebangs of the bundled modules to prevent them from
+      # Patch the shebangs of the bundled modules to prevent them from
-        # calling executables outside the Nix store as much as possible
+      # calling executables outside the Nix store as much as possible
-        patchShebangs .
+      patchShebangs .
-        # Deploy the Node.js package by running npm install. Since the
+      # Deploy the Node.js package by running npm install. Since the
-        # dependencies have been provided already by ourselves, it should not
+      # dependencies have been provided already by ourselves, it should not
-        # attempt to install them again, which is good, because we want to make
+      # attempt to install them again, which is good, because we want to make
-        # it Nix's responsibility. If it needs to install any dependencies
+      # it Nix's responsibility. If it needs to install any dependencies
-        # anyway (e.g. because the dependency parameters are
+      # anyway (e.g. because the dependency parameters are
-        # incomplete/incorrect), it fails.
+      # incomplete/incorrect), it fails.
-        #
+      #
-        # The other responsibilities of NPM are kept -- version checks, build
+      # The other responsibilities of NPM are kept -- version checks, build
-        # steps, postprocessing etc.
+      # steps, postprocessing etc.
-        export HOME=$TMPDIR
+      export HOME=$TMPDIR
-        cd "${packageName}"
+      cd "${packageName}"
-        runHook preRebuild
+      runHook preRebuild
-        ${lib.optionalString bypassCache ''
+      ${lib.optionalString bypassCache ''
-          ${lib.optionalString reconstructLock ''
+        ${lib.optionalString reconstructLock ''
-            if [ -f package-lock.json ]
+          if [ -f package-lock.json ]
-            then
+          then
-                echo "WARNING: Reconstruct lock option enabled, but a lock file already exists!"
+              echo "WARNING: Reconstruct lock option enabled, but a lock file already exists!"
-                echo "This will most likely result in version mismatches! We will remove the lock file and regenerate it!"
+              echo "This will most likely result in version mismatches! We will remove the lock file and regenerate it!"
-                rm package-lock.json
+              rm package-lock.json
-            else
+          else
-                echo "No package-lock.json file found, reconstructing..."
+              echo "No package-lock.json file found, reconstructing..."
-            fi
+          fi
-            node ${reconstructPackageLock}
+          node ${reconstructPackageLock}
          ''}
          node ${addIntegrityFieldsScript}
        ''}
-        npm ${forceOfflineFlag} --nodedir=${nodeSources} ${npmFlags} ${lib.optionalString production "--production"} rebuild
+        node ${addIntegrityFieldsScript}
      ''}
-        runHook postRebuild
+      npm ${forceOfflineFlag} --nodedir=${nodeSources} ${npmFlags} ${lib.optionalString production "--production"} rebuild
-        if [ "''${dontNpmInstall-}" != "1" ]
+      runHook postRebuild
        then
            # NPM tries to download packages even when they already exist if npm-shrinkwrap is used.
            rm -f npm-shrinkwrap.json
-            npm ${forceOfflineFlag} --nodedir=${nodeSources} --no-bin-links --ignore-scripts ${npmFlags} ${lib.optionalString production "--production"} install
+      if [ "''${dontNpmInstall-}" != "1" ]
-        fi
+      then
          # NPM tries to download packages even when they already exist if npm-shrinkwrap is used.
          rm -f npm-shrinkwrap.json
-        # Link executables defined in package.json
+          npm ${forceOfflineFlag} --nodedir=${nodeSources} --no-bin-links --ignore-scripts ${npmFlags} ${lib.optionalString production "--production"} install
-        node ${linkBinsScript}
+      fi
      # Link executables defined in package.json
      node ${linkBinsScript}
    '';
  # Builds and composes an NPM package including all its dependencies
@ -479,8 +481,7 @@ let
    { name
    , packageName
    , version ? null
-    , dependencies ? []
+    , buildInputs ? [ ]
    , buildInputs ? []
    , production ? true
    , npmFlags ? ""
    , dontNpmInstall ? false
@ -490,8 +491,9 @@ let
    , dontStrip ? true
    , unpackPhase ? "true"
    , buildPhase ? "true"
-    , meta ? {}
+    , meta ? { }
-    , ... }@args:
+    , ...
    }@args:
    let
      extraArgs = removeAttrs args [ "name" "dependencies" "buildInputs" "dontStrip" "dontNpmInstall" "preRebuild" "unpackPhase" "buildPhase" "meta" ];
@ -572,8 +574,8 @@ let
    , packageName
    , version ? null
    , src
-    , dependencies ? []
+    , dependencies ? [ ]
-    , buildInputs ? []
+    , buildInputs ? [ ]
    , production ? true
    , npmFlags ? ""
    , dontNpmInstall ? false
@ -582,78 +584,70 @@ let
    , dontStrip ? true
    , unpackPhase ? "true"
    , buildPhase ? "true"
-    , ... }@args:
+    , ...
    }@args:
    let
      extraArgs = removeAttrs args [ "name" "dependencies" "buildInputs" ];
    in
-      stdenv.mkDerivation ({
+    stdenv.mkDerivation ({
-        name = "node-dependencies-${name}${if version == null then "" else "-${version}"}";
+      name = "node-dependencies-${name}${if version == null then "" else "-${version}"}";
-        buildInputs = [ tarWrapper python nodejs ]
+      buildInputs = [ tarWrapper python nodejs ]
-          ++ lib.optional (stdenv.isLinux) utillinux
+        ++ lib.optional (stdenv.isLinux) utillinux
-          ++ lib.optional (stdenv.isDarwin) libtool
+        ++ lib.optional (stdenv.isDarwin) libtool
-          ++ buildInputs;
+        ++ buildInputs;
-        inherit dontStrip; # Stripping may fail a build for some package deployments
+      inherit dontStrip; # Stripping may fail a build for some package deployments
-        inherit dontNpmInstall unpackPhase buildPhase;
+      inherit dontNpmInstall unpackPhase buildPhase;
-        includeScript = includeDependencies { inherit dependencies; };
+      includeScript = includeDependencies { inherit dependencies; };
-        pinpointDependenciesScript = pinpointDependenciesOfPackage args;
+      pinpointDependenciesScript = pinpointDependenciesOfPackage args;
-        passAsFile = [ "includeScript" "pinpointDependenciesScript" ];
+      passAsFile = [ "includeScript" "pinpointDependenciesScript" ];
-        installPhase = ''
+      installPhase = ''
-          source ${installPackage}
+        source ${installPackage}
-          mkdir -p $out/${packageName}
+        mkdir -p $out/${packageName}
-          cd $out/${packageName}
+        cd $out/${packageName}
-          source $includeScriptPath
+        source $includeScriptPath
-          # Create fake package.json to make the npm commands work properly
+        # Create fake package.json to make the npm commands work properly
-          cp ${src}/package.json .
+        cp ${src}/package.json .
-          chmod 644 package.json
+        chmod 644 package.json
-          ${lib.optionalString bypassCache ''
+        ${lib.optionalString bypassCache ''
-            if [ -f ${src}/package-lock.json ]
+          if [ -f ${src}/package-lock.json ]
-            then
+          then
-                cp ${src}/package-lock.json .
+              cp ${src}/package-lock.json .
-                chmod 644 package-lock.json
+              chmod 644 package-lock.json
-            fi
+          fi
-          ''}
+        ''}
-          # Go to the parent folder to make sure that all packages are pinpointed
+        # Go to the parent folder to make sure that all packages are pinpointed
-          cd ..
+        cd ..
-          ${lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."}
+        ${lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."}
-          ${prepareAndInvokeNPM { inherit packageName bypassCache reconstructLock npmFlags production; }}
+        ${prepareAndInvokeNPM { inherit packageName bypassCache reconstructLock npmFlags production; }}
-          # Expose the executables that were installed
+        # Expose the executables that were installed
-          cd ..
+        cd ..
-          ${lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."}
+        ${lib.optionalString (builtins.substring 0 1 packageName == "@") "cd .."}
-          mv ${packageName} lib
+        mv ${packageName} lib
-          ln -s $out/lib/node_modules/.bin $out/bin
+        ln -s $out/lib/node_modules/.bin $out/bin
-        '';
+      '';
-      } // extraArgs);
+    } // extraArgs);
  # Builds a development shell
  buildNodeShell =
    { name
    , packageName
    , version ? null
-    , src
+    , dependencies ? [ ]
-    , dependencies ? []
+    , buildInputs ? [ ]
-    , buildInputs ? []
+    , ...
-    , production ? true
+    }@args:
    , npmFlags ? ""
    , dontNpmInstall ? false
    , bypassCache ? false
    , reconstructLock ? false
    , dontStrip ? true
    , unpackPhase ? "true"
    , buildPhase ? "true"
    , ... }@args:
    let
      nodeDependencies = buildNodeDependencies args;
@ -675,7 +669,7 @@ let
      # Provide the dependencies in a development shell through the NODE_PATH environment variable
      inherit nodeDependencies;
-      shellHook = lib.optionalString (dependencies != []) ''
+      shellHook = lib.optionalString (dependencies != [ ]) ''
        export NODE_PATH=${nodeDependencies}/lib/node_modules
        export PATH="${nodeDependencies}/bin:$PATH"
      '';
--- a/pkgs/by-name/be/betanin/client/packages.nix
+++ b/pkgs/by-name/be/betanin/client/packages.nix
@ -1,6 +1,6 @@
 # This file has been generated by node2nix 1.11.1. Do not edit!
-{nodeEnv, fetchurl, fetchgit, nix-gitignore, stdenv, lib, globalBuildInputs ? []}:
+{ nodeEnv, fetchurl, nix-gitignore, stdenv, lib, globalBuildInputs ? [ ] }:
 let
  sources = {
@ -9196,8 +9196,7 @@ let
      })
    ];
    buildInputs = globalBuildInputs;
-    meta = {
+    meta = { };
    };
    production = false;
    bypassCache = true;
    reconstructLock = false;
@ -9216,7 +9215,8 @@ in
        "*"
        "!package.json"
        "!package-lock.json"
-      ] args.src;
+      ]
        args.src;
      dontBuild = true;
      installPhase = "mkdir -p $out; cp -r ./* $out;";
    };
Author	SHA1	Message	Date
xeals	bcd4c4a269	betanin: apply deadnix	2023-09-27 17:16:58 +10:00
xeals	5f261acb3b	modules/betanin: simplify configuration Use secret settings configuration that a handful of other NixOS modules do. Remove assertions. Remove beets config file setting.	2023-09-27 17:15:57 +10:00
xeals	55936a1641	betanin: format files	2023-09-27 16:32:01 +10:00