Merge pull request #332061 from emilazy/push-lyoruqmmrqzx

      hdfs = 295;

      mapred = 296;

      hadoop = 297;

      hydron = 298;

      #hydron = 298; # removed 2024-08-03

      cfssl = 299;

      cassandra = 300;

      qemu-libvirtd = 301;

      hdfs = 295;

      mapred = 296;

      hadoop = 297;

      hydron = 298;

      #hydron = 298; # removed 2024-08-03

      cfssl = 299;

      cassandra = 300;

      qemu-libvirtd = 301;

  ./services/web-servers/fcgiwrap.nix

  ./services/web-servers/garage.nix

  ./services/web-servers/hitch/default.nix

  ./services/web-servers/hydron.nix

  ./services/web-servers/jboss/default.nix

  ./services/web-servers/keter

  ./services/web-servers/lighttpd/cgit.nix

    (mkRemovedOptionModule [ "services" "fprot" ] "The corresponding package was removed from nixpkgs.")

    (mkRemovedOptionModule [ "services" "frab" ] "The frab module has been removed")

    (mkRemovedOptionModule [ "services" "homeassistant-satellite"] "The `services.homeassistant-satellite` module has been replaced by `services.wyoming-satellite`.")

    (mkRemovedOptionModule [ "services" "hydron" ] "The `services.hydron` module has been removed as the project has been archived upstream since 2022 and is affected by a severe remote code execution vulnerability.")

    (mkRemovedOptionModule [ "services" "ihatemoney" ] "The ihatemoney module has been removed for lack of downstream maintainer")

    (mkRemovedOptionModule [ "services" "kippo" ] "The corresponding package was removed from nixpkgs.")

    (mkRemovedOptionModule [ "services" "mailpile" ] "The corresponding package was removed from nixpkgs.")

{ config, lib, pkgs, ... }:

let

  cfg = config.services.hydron;

in with lib; {

  options.services.hydron = {

    enable = mkEnableOption "hydron";

    dataDir = mkOption {

      type = types.path;

      default = "/var/lib/hydron";

      example = "/home/okina/hydron";

      description = "Location where hydron runs and stores data.";

    };

    interval = mkOption {

      type = types.str;

      default = "weekly";

      example = "06:00";

      description = ''

        How often we run hydron import and possibly fetch tags. Runs by default every week.

        The format is described in

        {manpage}`systemd.time(7)`.

      '';

    };

    password = mkOption {

      type = types.str;

      default = "hydron";

      example = "dumbpass";

      description = "Password for the hydron database.";

    };

    passwordFile = mkOption {

      type = types.path;

      default = "/run/keys/hydron-password-file";

      example = "/home/okina/hydron/keys/pass";

      description = "Password file for the hydron database.";

    };

    postgresArgs = mkOption {

      type = types.str;

      description = "Postgresql connection arguments.";

      example = ''

        {

          "driver": "postgres",

          "connection": "user=hydron password=dumbpass dbname=hydron sslmode=disable"

        }

      '';

    };

    postgresArgsFile = mkOption {

      type = types.path;

      default = "/run/keys/hydron-postgres-args";

      example = "/home/okina/hydron/keys/postgres";

      description = "Postgresql connection arguments file.";

    };

    listenAddress = mkOption {

      type = types.nullOr types.str;

      default = null;

      example = "127.0.0.1:8010";

      description = "Listen on a specific IP address and port.";

    };

    importPaths = mkOption {

      type = types.listOf types.path;

      default = [];

      example = [ "/home/okina/Pictures" ];

      description = "Paths that hydron will recursively import.";

    };

    fetchTags = mkOption {

      type = types.bool;

      default = true;

      description = "Fetch tags for imported images and webm from gelbooru.";

    };

  };

  config = mkIf cfg.enable {

    services.hydron.passwordFile = mkDefault (pkgs.writeText "hydron-password-file" cfg.password);

    services.hydron.postgresArgsFile = mkDefault (pkgs.writeText "hydron-postgres-args" cfg.postgresArgs);

    services.hydron.postgresArgs = mkDefault ''

      {

        "driver": "postgres",

        "connection": "user=hydron password=${cfg.password} host=/run/postgresql dbname=hydron sslmode=disable"

      }

    '';

    services.postgresql = {

      enable = true;

      ensureDatabases = [ "hydron" ];

      ensureUsers = [

        { name = "hydron";

          ensureDBOwnership = true;

        }

      ];

    };

    systemd.tmpfiles.rules = [

      "d '${cfg.dataDir}' 0750 hydron hydron - -"

      "d '${cfg.dataDir}/.hydron' - hydron hydron - -"

      "d '${cfg.dataDir}/images' - hydron hydron - -"

      "Z '${cfg.dataDir}' - hydron hydron - -"

      "L+ '${cfg.dataDir}/.hydron/db_conf.json' - - - - ${cfg.postgresArgsFile}"

    ];

    systemd.services.hydron = {

      description = "hydron";

      after = [ "network.target" "postgresql.service" ];

      wantedBy = [ "multi-user.target" ];

      serviceConfig = {

        User = "hydron";

        Group = "hydron";

        ExecStart = "${pkgs.hydron}/bin/hydron serve"

        + optionalString (cfg.listenAddress != null) " -a ${cfg.listenAddress}";

      };

    };

    systemd.services.hydron-fetch = {

      description = "Import paths into hydron and possibly fetch tags";

      serviceConfig = {

        Type = "oneshot";

        User = "hydron";

        Group = "hydron";

        ExecStart = "${pkgs.hydron}/bin/hydron import "

        + optionalString cfg.fetchTags "-f "

        + (escapeShellArg cfg.dataDir) + "/images " + (escapeShellArgs cfg.importPaths);

      };

    };

    systemd.timers.hydron-fetch = {

      description = "Automatically import paths into hydron and possibly fetch tags";

      after = [ "network.target" "hydron.service" ];

      wantedBy = [ "timers.target" ];

      timerConfig = {

        Persistent = true;

        OnCalendar = cfg.interval;

      };

    };

    users = {

      groups.hydron.gid = config.ids.gids.hydron;

      users.hydron = {

        description = "hydron server service user";

        home = cfg.dataDir;

        group = "hydron";

        uid = config.ids.uids.hydron;

      };

    };

  };

  imports = [

    (mkRenamedOptionModule [ "services" "hydron" "baseDir" ] [ "services" "hydron" "dataDir" ])

  ];

  meta.maintainers = with maintainers; [ Madouura ];

}

{ lib

, buildGoModule

, fetchFromGitHub

, gitUpdater

, pkg-config

, ffmpeg_4

}:

buildGoModule rec {

  pname = "hydron";

  version = "3.3.6";

  src = fetchFromGitHub {

    owner = "bakape";

    repo = "hydron";

    rev = "v${version}";

    hash = "sha256-Q1pZf5FPQw+pHItcZyOGx0N+iHmz9rW0+ANFsketh6E=";

  };

  vendorHash = "sha256-hKF2RCGnk/5hNS65vGoDdF1OUPSLe4PDegYlKTeqJDM=";

  proxyVendor = true;

  nativeBuildInputs = [ pkg-config ];

  buildInputs = [ ffmpeg_4 ];

  passthru.updateScript = gitUpdater {

    rev-prefix = "v";

  };

  meta = with lib; {

    homepage = "https://github.com/bakape/hydron";

    description = "High performance media tagger and organizer";

    license = with licenses; [ lgpl3Plus ];

    knownVulnerabilities = [ "CVE-2023-4863" ];  # Via https://github.com/chai2010/webp dep

    maintainers = with maintainers; [ Madouura ];

  };

}