kimai: init at 2.10.0 #296049
kimai: init at 2.10.0 #296049
Conversation
github-actions
bot
added
6.topic: nixos
NixOSInfra
added
the
12. first-time contribution
| ln -s /var/lib/kimai/var/cache ./var/cache | ||
| ln -s /var/lib/kimai/var/log ./var/log | ||
| ln -s /var/lib/kimai/var/data ./var/data | ||
| ln -s /var/lib/kimai/var/plugins ./var/plugins |
There was a problem hiding this comment.
yeah this isn't great, but given that PHP's runtime thingy symfony insists on adding run-time data to the installation directory.... this was the only way around it.
There was a problem hiding this comment.
Works fine though! Look at systemd.services.phpfpm-kimai.preStart for the matching directory management.
| echo -e 'DATABASE_URL=${databaseUrl}\n' >> ./.env | ||
| echo -e 'MAILER_FROM=${mailerFrom}\n' >> ./.env | ||
| echo -e 'MAILER_URL=${mailerUrl}\n' >> ./.env | ||
| echo -e 'APP_SECRET=${appSecret}\n' >> ./.env | ||
| echo -e 'CORS_ALLOW_ORIGIN=${corsAllowOrigin}\n' >> ./.env |
There was a problem hiding this comment.
I tried passing these as env vars to the services.phpfpm.pools.${kimaiName} systemd service, but PHP just refused to parse the values without failing.
There was a problem hiding this comment.
These work fine in the .env file though :)
There was a problem hiding this comment.
This is a less than ideal way to configure a package, overriding shouldn't be necessary as it'll cause a rebuild.
Instead maybe look at making the module create a directory that mounts the sources and then generates a .env file.
Sleepful
force-pushed
the
add-pkg-kimai
branch
5 times, most recently
from
adb23a1 to
8cc6120
Compare
| @@ -0,0 +1,218 @@ | |||
| { config, pkgs, lib, ... }: | |||
|
|
|||
| with lib; | |||
There was a problem hiding this comment.
| with lib; |
There was a problem hiding this comment.
It makes difficult for anyone to immediately see what's being used from lib.
Instead use something like
let
inherit (lib) mkOption ...;
in
...There was a problem hiding this comment.
something wrong
with lib?
https://nix.dev/guides/best-practices#with-attrset-expression
|
and the trace says:
What does this mean? |
|
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/ofborg-pr-error-path-is-not-valid/41507/1 |
ofborg
bot
added
8.has: package (new)
|
Oh cool looks like it will pass CI :) I will rebase the commits to clean up |
|
Also tested with my fork of nixpkgs (which took way long to compile!), the service works fine on my machine :) |
|
Final rebase to clean up commits ^ |
|
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/prs-ready-for-review/3032/3642 |
| ln -s /var/lib/kimai/var/cache ./var/cache | ||
| ln -s /var/lib/kimai/var/log ./var/log | ||
| ln -s /var/lib/kimai/var/data ./var/data | ||
| ln -s /var/lib/kimai/var/plugins ./var/plugins |
There was a problem hiding this comment.
Doesn't this result in an impure package? It's altering stuff outside of its location in the nix store.
Instead this should be handled by a systemd service in a module that does this (maybe by setting the current working dir while running it or doing a bind mount of the source folders to a runtime directory).
This make it so that if people want to have 2 or more instances if kimai running on their server, they'll implicitly share the same directory as well.
There was a problem hiding this comment.
@GGG-KILLER It is not impure due to the creation of symlinks, the targets of the symlinks are not created, those must be created by the user on their system (or the service creates it for them).
I would like what you mention:
This make it so that if people want to have 2 or more instances if kimai running on their server, they'll implicitly share the same directory as well.
I am not sure if this is possible though. This particular PHP package insists on managing its cache (runtime) files in its installation directory.
See for example this issue: kimai/kimai#4589
It appears to be non-configurable right now.
Let me know if you think of a way in which this could be improved, but right now it seems impossible to tell Kimai to NOT use its installation directory for runtime cache. This is why the symlinks are created during installation, so that during runtime it can write outside of the store (where the symlinks point). Without the symlinks, it just fails to work properly because it attempts to write on the nix store, which it cant of course.
There was a problem hiding this comment.
I agree these paths should be configurable
| users.users.${kimaiName} = { | ||
| description = "The Kimai service user"; | ||
| isSystemUser = true; | ||
| group = kimaiName; | ||
| }; | ||
| users.groups.${kimaiName} = {}; |
There was a problem hiding this comment.
User and group should only be created if it is the default user and group.
| mkdir -p /var/lib/kimai/var/log | ||
| mkdir -p /var/lib/kimai/var/cache | ||
| mkdir -p /var/lib/kimai/var/data | ||
| mkdir -p /var/lib/kimai/var/plugins |
There was a problem hiding this comment.
These paths should be configurable so people can host multiple instances of it or use non-standard locations.
There was a problem hiding this comment.
More importantly they should be using tmpfiles.d
| mailerUrl ? "", | ||
| appSecret ? "", | ||
| corsAllowOrigin ? "", | ||
| ... |
| # https://www.kimai.org/documentation/commands.html | ||
| mv ./bin/console ./bin/${consoleCmd} | ||
| ''; | ||
| buildInputs = [ pkgs.cacert pkgs.curl pkgs.git ]; |
There was a problem hiding this comment.
| buildInputs = [ pkgs.cacert pkgs.curl pkgs.git ]; | |
| buildInputs = [ cacert curl git ]; |
| ensureUsers = [ | ||
| { | ||
| name = kimaiName; | ||
| ensurePermissions = { |
There was a problem hiding this comment.
This doesn't eval anymore.
| Unlikely, that you need to change this one | ||
| ''; | ||
| }; | ||
| nginxProxy = { |
There was a problem hiding this comment.
Please use the nginx vhost suboptions or omit this
| }; | ||
| appSecret = mkOption { | ||
| type = types.str; | ||
| default = "change_this_to_something_unique"; |
There was a problem hiding this comment.
This should be read from a file to be secure
There was a problem hiding this comment.
@SuperSandro2000
Is it considered safer to ask for a file path instead of a string? Because I have not seen that in a lot of other packages.
| Mysql package to use. | ||
| Note: changing this may require changing the `databaseUrl` option too. | ||
| ''; | ||
| }; |
There was a problem hiding this comment.
| Mysql package to use. | |
| Note: changing this may require changing the `databaseUrl` option too. | |
| ''; | |
| }; | |
| Mysql package to use. | |
| Note: changing this may require changing the `databaseUrl` option, too. | |
| ''; | |
| }; |
Why not use buildComposerProject instead which involves less code gen? |
wegank
added
the
2.status: merge conflict
@SuperSandro2000 No specific reason. I did not know of Additionally it took me a good amount of work to get this working with the current configuration. Do you consider that I should re-write the PR to use |
But that's exactly what we want to do. We want to link against the system libraries provided by us and not some vendored things. Also both composer2nix and node2nix rely on code generation which is not the preferred method anymore as it makes upgrades harder and more complicated and requiring bigger custom update scripts.
Yeah, that would probably be the best solution.
That shouldn't be a problem. |
ofborg
bot
removed
the
2.status: merge conflict
|
Obsolete by #353187 |
Adds Kimai package and module for NixOS
Kimai is a time-tracking app for freelancers and enterprises, offers many configurations. I have been using it for a while in my NixOS instance and I figured it was time I contribute it back here.
I am contributing the release I have been using:
https://github.com/kimai/kimai/releases/tag/2.10.0
The tool composer2nix was used to some extent to generate some of the nix files for the php package.
Things done
nix.conf? (See Nix manual)sandbox = relaxedsandbox = truenix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/)