-
-
Notifications
You must be signed in to change notification settings - Fork 13.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nixos/hedgedoc: refactor to reduce option count #244941
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice and much needed refactor ! Looking forward to use it :)
Link to RFC42: https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md
It would be nice to fix the broken eval though.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This has to wait until the next update which is scheduled for the coming days.
de5fd4a
to
5ade396
Compare
This is a bit unclear to me. What exactly is updating in a few days? Hedgedoc? |
Yes :) |
2b96658
to
e25c17f
Compare
e25c17f
to
59e624a
Compare
Reopening in light of #246259 |
Looking forward for this PR ! |
59e624a
to
1b22721
Compare
Okay, so here's the deal. I've played around with the ofborg eval a bit, and I found out that the reason behind the ofborg eval traces is that the manual itself depends on whether we use the name "codimd" or "hedgedoc" (which again depends on I'll remove the name from the relevant places and just say "hedgedoc" where needed, but I really think we should get rid of the name duality sooner rather than later. |
1b22721
to
18d4f36
Compare
18d4f36
to
720f3d9
Compare
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/prs-ready-for-review/3032/2571 |
Is a release note needed? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've applied this to my install and it works as expected.
As a sqlite user, I appreciate the default sqlite support. :) I was able to delete a few lines.
d46bdd7
to
456212d
Compare
@Artturin I've now added a release note |
- Remove lots of declared options that were not used outside of being included in settings. These should now be used through the freeform module. - Deprecate `cfg.workDir`, in favor of using systemds `StateDirectory` - Use sqlite as default database. Co-authored-by: Sandro Jäckel <sandro.jaeckel@gmail.com>
456212d
to
53fa77c
Compare
53fa77c
to
746b319
Compare
746b319
to
abe4688
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
didn't test this yet but if others tested it than it is probably fine
I have found that the hardening commit broke my SQLite-based installation upon upgrading to NixOS-23.11. Specially, it appears that the daemon is no longer able to open the database. Unfortunately I do not have time to investigate at the moment so I have reverted locally. I might suggest that upstream do the same to prevent others being put in this situation. |
We don't need to hastily revert everything, just that portion. Is you sqlite in the default location? hedgedoc should then be able to read that. Also we can probably get the path from the settings, too. |
@bgamari I'm trying to look into this now, but I'm unable to reproduce it. Would you mind sharing the relevant parts of your configuration, and maybe open a new issue? |
Strangely I now seem unable to reproduce as well after having upgraded to the current state of |
Actually, I take it back (the server is up, but all of the content is missing). I have opened #280588 to track this. |
Description of changes
Hello!
I've deleted most of the option declarations in
settings
, reducing the line count from ~1000 to~350~300 (thanks Sandro!). Some of them were old and didn't have any effect anymore, and there are also some new undeclared ones.I'm a little bit unsure about setting the database to sqlite as default, but it has the benefit that you can now only write
services.hedgedoc.enable = true
, and be up and running in no time.The systemd unit has also been hardened.
To address some backwards compatability concerns:
*Path
options where we had overridden the default to point at${cfg.package}/public/*
have been removed, and they have not had any effect since March 2019 in CodiMD 1.3.0. In order for this to affect you, you would have to use an older version of hedgedoc, and not have set the options. If you have a reason to use such an old version while still using the new module, I'd assume you probably know what you're doing (maybe).services.hedgedoc.settings.ldap.tlsca
has been overriden to default to/etc/ssl/certs/ca-certificates.crt
. I do not think this warrants messing around withmkRemovedOptionModule
workarounds for submodules.workDir
should have limited effect.uploadsPath
' default was defined in terms ofworkDir
, but it should still point to the same location. I've added a warning about the case where someone were to overrideworkDir
without touchinguploadsPath
. The other directories which would normally exist here (hedgedoc seems to assume its workdir to be its package), have been overriden to point directly into the package, so there should be no worries about these. HedgeDoc doesn't seem to store anything else here, as the rest is stored inside its database.I also want to raise the question about when, if ever, we could start removing the name duality in the module, but I think I will leave it as it is for this PR.
Things done
sandbox = true
set innix.conf
? (See Nix manual)nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)I've tested the module using
nix-build -A nixosTests.hedgedoc
and I've also been using the systemd hardening for about a week now. It has been working fine so far.