Unverified Commit 33b4adb6 authored by Thomas Gerbet's avatar Thomas Gerbet Committed by GitHub
Browse files

pyload-ng: drop (#502033)

parents f867ec79 12856d01

nixos/doc/manual/release-notes/rl-2405.section.md

+1 −1
Original line number Diff line number Diff line
@@ -164,7 +164,7 @@ The pre-existing `services.ankisyncd` has been marked deprecated and will be dro 


- [prometheus-nats-exporter](https://github.com/nats-io/prometheus-nats-exporter), a Prometheus exporter for NATS. Available as [services.prometheus.exporters.nats](#opt-services.prometheus.exporters.nats.enable).



- [pyLoad](https://pyload.net/), a FOSS download manager written in Python. Available as [services.pyload](#opt-services.pyload.enable).

- [pyLoad](https://pyload.net/), a FOSS download manager written in Python. Available as `services.pyload`.



- [Python Matter Server](https://github.com/home-assistant-libs/python-matter-server), a

  Matter Controller Server exposing websocket connections for use with other services, notably Home Assistant.

nixos/doc/manual/release-notes/rl-2605.section.md

+2 −0
Original line number Diff line number Diff line
@@ -129,6 +129,8 @@ 


- `services.statsd` has been removed because the packages it relies on do not exist anymore in nixpkgs.



- `services.pyload` has been removed because the package it relies on does not exist anymore in nixpkgs due to vulnerabilities and being unmaintained.



- `services.tandoor-recipes` now uses a sub-directory for media files by default starting with `26.05`. Existing setups should move media files out of the data directory and adjust `services.tandoor-recipes.extraConfig.MEDIA_ROOT` accordingly. See [Migrating media files for pre 26.05 installations](#module-services-tandoor-recipes-migrating-media).



- `rustic` was upgraded to `0.11.x`, which contains breaking [changes to command-line parameters and configuration file](https://rustic.cli.rs/docs/breaking_changes.html#0110).

nixos/modules/module-list.nix

+0 −1
Original line number Diff line number Diff line
@@ -1347,7 +1347,6 @@ 
  ./services/networking/pptpd.nix

  ./services/networking/privoxy.nix

  ./services/networking/prosody.nix

  ./services/networking/pyload.nix

  ./services/networking/quassel.nix

  ./services/networking/quicktun.nix

  ./services/networking/r53-ddns.nix

nixos/modules/rename.nix

+3 −0
Original line number Diff line number Diff line
@@ -486,6 +486,9 @@ in 
    (mkRemovedOptionModule [ "programs" "spacefm" ] ''

      spacefm has been removed since it was unmaintained upstream.

    '')

    (mkRemovedOptionModule [ "services" "pyload" ] ''

      services.pyload has been removed since the pyload-ng package had vulnerabilities and was unmaintained in nixpkgs.

    '')

    # Do NOT add any option renames here, see top of the file

  ];

}

nixos/modules/services/networking/pyload.nix

deleted100644 → 0
+0 −176
Original line number Diff line number Diff line 
{

  config,

  lib,

  pkgs,

  utils,

  ...

}:

let

  cfg = config.services.pyload;



  stateDir = "/var/lib/pyload";

in

{

  meta.maintainers = with lib.maintainers; [ ambroisie ];



  options = with lib; {

    services.pyload = {

      enable = mkEnableOption "pyLoad download manager";



      package = mkPackageOption pkgs "pyLoad" { default = [ "pyload-ng" ]; };



      listenAddress = mkOption {

        type = types.str;

        default = "localhost";

        example = "0.0.0.0";

        description = "Address to listen on for the web UI.";

      };



      port = mkOption {

        type = types.port;

        default = 8000;

        example = 9876;

        description = "Port to listen on for the web UI.";

      };



      downloadDirectory = mkOption {

        type = types.path;

        default = "${stateDir}/downloads";

        example = "/mnt/downloads";

        description = "Directory to store downloads.";

      };



      user = mkOption {

        type = types.str;

        default = "pyload";

        description = "User under which pyLoad runs, and which owns the download directory.";

      };



      group = mkOption {

        type = types.str;

        default = "pyload";

        description = "Group under which pyLoad runs, and which owns the download directory.";

      };



      credentialsFile = mkOption {

        type = with types; nullOr path;

        default = null;

        example = "/run/secrets/pyload-credentials.env";

        description = ''

          File containing {env}`PYLOAD_DEFAULT_USERNAME` and

          {env}`PYLOAD_DEFAULT_PASSWORD` in the format of an `EnvironmentFile=`,

          as described by {manpage}`systemd.exec(5)`.



          If not given, they default to the username/password combo of

          pyload/pyload.

        '';

      };

    };

  };



  config = lib.mkIf cfg.enable {

    systemd.tmpfiles.settings.pyload = {

      ${cfg.downloadDirectory}.d = { inherit (cfg) user group; };

    };



    systemd.services.pyload = {

      description = "pyLoad download manager";

      wantedBy = [ "multi-user.target" ];

      after = [ "network.target" ];



      # NOTE: unlike what the documentation says, it looks like `HOME` is not

      # defined with this service definition...

      # Since pyload tries to do the equivalent of `cd ~`, it needs to be able

      # to resolve $HOME, which fails when `RootDirectory` is set.

      # FIXME: check if `SetLoginEnvironment` fixes this issue in version 255

      environment = {

        HOME = stateDir;

        PYLOAD__WEBUI__HOST = cfg.listenAddress;

        PYLOAD__WEBUI__PORT = toString cfg.port;

      };



      serviceConfig = {

        ExecStart = utils.escapeSystemdExecArgs [

          (lib.getExe cfg.package)

          "--userdir"

          "${stateDir}/config"

          "--storagedir"

          cfg.downloadDirectory

        ];



        User = cfg.user;

        Group = cfg.group;



        EnvironmentFile = lib.optional (cfg.credentialsFile != null) cfg.credentialsFile;



        StateDirectory = "pyload";

        WorkingDirectory = stateDir;

        RuntimeDirectory = "pyload";

        RuntimeDirectoryMode = "0700";

        RootDirectory = "/run/pyload";

        BindReadOnlyPaths = [

          builtins.storeDir # Needed to run the python interpreter

        ];

        BindPaths = [

          cfg.downloadDirectory

        ];



        # Hardening options

        LockPersonality = true;

        NoNewPrivileges = true;

        PrivateDevices = true;

        PrivateMounts = true;

        PrivateTmp = true;

        PrivateUsers = true;

        ProcSubset = "pid";

        ProtectClock = true;

        ProtectControlGroups = true;

        ProtectHome = true;

        ProtectHostname = true;

        ProtectKernelLogs = true;

        ProtectKernelModules = true;

        ProtectKernelTunables = true;

        ProtectProc = "invisible";

        ProtectSystem = "strict";

        RemoveIPC = true;

        RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX";

        RestrictNamespaces = true;

        RestrictRealtime = true;

        RestrictSUIDSGID = true;

        SystemCallArchitectures = "native";

        SystemCallFilter = [

          "@system-service"

          "~@resources"

          "~@privileged"

        ];

        UMask = "0002";

        CapabilityBoundingSet = [

          "~CAP_BLOCK_SUSPEND"

          "~CAP_BPF"

          "~CAP_CHOWN"

          "~CAP_IPC_LOCK"

          "~CAP_KILL"

          "~CAP_LEASE"

          "~CAP_LINUX_IMMUTABLE"

          "~CAP_NET_ADMIN"

          "~CAP_SYS_ADMIN"

          "~CAP_SYS_BOOT"

          "~CAP_SYS_CHROOT"

          "~CAP_SYS_NICE"

          "~CAP_SYS_PACCT"

          "~CAP_SYS_PTRACE"

          "~CAP_SYS_RESOURCE"

          "~CAP_SYS_TTY_CONFIG"

        ];

      };

    };



    users.users.pyload = lib.mkIf (cfg.user == "pyload") {

      isSystemUser = true;

      group = cfg.group;

      home = stateDir;

    };



    users.groups.pyload = lib.mkIf (cfg.group == "pyload") { };

  };

}