Unverified Commit 2630f1f7 authored by Sandro Jäckel's avatar Sandro Jäckel Committed by GitHub
Browse files

nixos/stirling-pdf: fix external dependencies and service permissions (#374225)

parents a1a54943 8acf8946

nixos/modules/services/web-apps/stirling-pdf.nix

+12 −4
Original line number Diff line number Diff line
@@ -46,19 +46,27 @@ in 
    systemd.services.stirling-pdf = {

      environment = lib.mapAttrs (_: toString) cfg.environment;



      # following https://github.com/Stirling-Tools/Stirling-PDF#locally

      # following https://docs.stirlingpdf.com/Installation/Unix%20Installation

      path =

        with pkgs;

        [

          # `which` is used to test command availability

          # See https://github.com/Stirling-Tools/Stirling-PDF/blob/main/src/main/java/stirling/software/SPDF/config/ExternalAppDepConfig.java#L42

          which

          unpaper

          libreoffice

          qpdf

          ocrmypdf

          poppler_utils

          unoconv

          opencv

          pngquant

          tesseract

          python3Packages.weasyprint

          (python3.withPackages (

            p: with p; [

              weasyprint

              opencv-python-headless

            ]

          ))

          ghostscript_headless

        ]

        ++ lib.optional (cfg.environment.INSTALL_BOOK_AND_ADVANCED_HTML_OPS or "false" == "true") calibre;
@@ -102,7 +110,7 @@ in 
        RestrictRealtime = true;

        SystemCallArchitectures = "native";

        SystemCallFilter = [

          "~@cpu-emulation @debug @keyring @mount @obsolete @privileged @resources @clock @setuid @chown"

          "~@cpu-emulation @debug @keyring @mount @obsolete @privileged @clock @setuid @chown"

        ];

        UMask = "0077";

      };