Loading nixos/modules/module-list.nix +1 −0 Original line number Diff line number Diff line Loading @@ -1270,6 +1270,7 @@ ./services/web-apps/kavita.nix ./services/web-apps/keycloak.nix ./services/web-apps/komga.nix ./services/web-apps/lanraragi.nix ./services/web-apps/lemmy.nix ./services/web-apps/limesurvey.nix ./services/web-apps/mainsail.nix Loading nixos/modules/services/web-apps/lanraragi.nix 0 → 100644 +100 −0 Original line number Diff line number Diff line { pkgs, lib, config, ... }: let cfg = config.services.lanraragi; in { meta.maintainers = with lib.maintainers; [ tomasajt ]; options.services = { lanraragi = { enable = lib.mkEnableOption (lib.mdDoc "LANraragi"); package = lib.mkPackageOptionMD pkgs "lanraragi" { }; port = lib.mkOption { type = lib.types.port; default = 3000; description = lib.mdDoc "Port for LANraragi's web interface."; }; passwordFile = lib.mkOption { type = lib.types.nullOr lib.types.path; default = null; example = "/run/keys/lanraragi-password"; description = lib.mdDoc '' A file containing the password for LANraragi's admin interface. ''; }; redis = { port = lib.mkOption { type = lib.types.port; default = 6379; description = lib.mdDoc "Port for LANraragi's Redis server."; }; passwordFile = lib.mkOption { type = lib.types.nullOr lib.types.path; default = null; example = "/run/keys/redis-lanraragi-password"; description = lib.mdDoc '' A file containing the password for LANraragi's Redis server. ''; }; }; }; }; config = lib.mkIf cfg.enable { services.redis.servers.lanraragi = { enable = true; port = cfg.redis.port; requirePassFile = cfg.redis.passwordFile; }; systemd.services.lanraragi = { description = "LANraragi main service"; after = [ "network.target" "redis-lanraragi.service" ]; requires = [ "redis-lanraragi.service" ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { ExecStart = lib.getExe cfg.package; DynamicUser = true; StateDirectory = "lanraragi"; RuntimeDirectory = "lanraragi"; LogsDirectory = "lanraragi"; Restart = "on-failure"; WorkingDirectory = "/var/lib/lanraragi"; }; environment = { "LRR_TEMP_DIRECTORY" = "/run/lanraragi"; "LRR_LOG_DIRECTORY" = "/var/log/lanraragi"; "LRR_NETWORK" = "http://*:${toString cfg.port}"; "HOME" = "/var/lib/lanraragi"; }; preStart = '' REDIS_PASS=${lib.optionalString (cfg.redis.passwordFile != null) "$(head -n1 ${cfg.redis.passwordFile})"} cat > lrr.conf <<EOF { redis_address => "127.0.0.1:${toString cfg.redis.port}", redis_password => "$REDIS_PASS", redis_database => "0", redis_database_minion => "1", redis_database_config => "2", redis_database_search => "3", } EOF '' + lib.optionalString (cfg.passwordFile != null) '' PASS_HASH=$( PASS=$(head -n1 ${cfg.passwordFile}) ${cfg.package.perlEnv}/bin/perl -I${cfg.package}/share/lanraragi/lib -e \ 'use LANraragi::Controller::Config; print LANraragi::Controller::Config::make_password_hash($ENV{PASS})' \ 2>/dev/null ) ${lib.getExe pkgs.redis} -h 127.0.0.1 -p ${toString cfg.redis.port} -a "$REDIS_PASS" <<EOF SELECT 2 HSET LRR_CONFIG password $PASS_HASH EOF ''; }; }; } nixos/tests/all-tests.nix +1 −0 Original line number Diff line number Diff line Loading @@ -432,6 +432,7 @@ in { kubo = import ./kubo { inherit recurseIntoAttrs runTest; }; ladybird = handleTest ./ladybird.nix {}; languagetool = handleTest ./languagetool.nix {}; lanraragi = handleTest ./lanraragi.nix {}; latestKernel.login = handleTest ./login.nix { latestKernel = true; }; leaps = handleTest ./leaps.nix {}; lemmy = handleTest ./lemmy.nix {}; Loading nixos/tests/lanraragi.nix 0 → 100644 +40 −0 Original line number Diff line number Diff line import ./make-test-python.nix ({ pkgs, lib, ... }: { name = "lanraragi"; meta.maintainers = with lib.maintainers; [ tomasajt ]; nodes = { machine1 = { pkgs, ... }: { services.lanraragi.enable = true; }; machine2 = { pkgs, ... }: { services.lanraragi = { enable = true; passwordFile = pkgs.writeText "lrr-test-pass" '' ultra-secure-password ''; port = 4000; redis = { port = 4001; passwordFile = pkgs.writeText "redis-lrr-test-pass" '' still-a-very-secure-password ''; }; }; }; }; testScript = '' start_all() machine1.wait_for_unit("lanraragi.service") machine1.wait_until_succeeds("curl -f localhost:3000") machine1.succeed("[ $(curl -o /dev/null -X post 'http://localhost:3000/login' --data-raw 'password=kamimamita' -w '%{http_code}') -eq 302 ]") machine2.wait_for_unit("lanraragi.service") machine2.wait_until_succeeds("curl -f localhost:4000") machine2.succeed("[ $(curl -o /dev/null -X post 'http://localhost:4000/login' --data-raw 'password=ultra-secure-password' -w '%{http_code}') -eq 302 ]") ''; }) pkgs/by-name/la/lanraragi/expose-password-hashing.patch 0 → 100644 +36 −0 Original line number Diff line number Diff line diff --git a/lib/LANraragi/Controller/Config.pm b/lib/LANraragi/Controller/Config.pm index 2cd2c999..0bd8ab6e 100644 --- a/lib/LANraragi/Controller/Config.pm +++ b/lib/LANraragi/Controller/Config.pm @@ -50,6 +50,15 @@ sub index { ); } +sub make_password_hash { + my $ppr = Authen::Passphrase::BlowfishCrypt->new( + cost => 8, + salt_random => 1, + passphrase => shift, + ); + return $ppr->as_rfc2307; +} + # Save the given parameters to the Redis config sub save_config { @@ -95,14 +104,7 @@ sub save_config { my $password = $self->req->param('newpassword'); if ( $password ne "" ) { - my $ppr = Authen::Passphrase::BlowfishCrypt->new( - cost => 8, - salt_random => 1, - passphrase => $password, - ); - - my $pass_hashed = $ppr->as_rfc2307; - $confhash{password} = $pass_hashed; + $confhash{password} = make_password_hash($password); } } Loading
nixos/modules/module-list.nix +1 −0 Original line number Diff line number Diff line Loading @@ -1270,6 +1270,7 @@ ./services/web-apps/kavita.nix ./services/web-apps/keycloak.nix ./services/web-apps/komga.nix ./services/web-apps/lanraragi.nix ./services/web-apps/lemmy.nix ./services/web-apps/limesurvey.nix ./services/web-apps/mainsail.nix Loading
nixos/modules/services/web-apps/lanraragi.nix 0 → 100644 +100 −0 Original line number Diff line number Diff line { pkgs, lib, config, ... }: let cfg = config.services.lanraragi; in { meta.maintainers = with lib.maintainers; [ tomasajt ]; options.services = { lanraragi = { enable = lib.mkEnableOption (lib.mdDoc "LANraragi"); package = lib.mkPackageOptionMD pkgs "lanraragi" { }; port = lib.mkOption { type = lib.types.port; default = 3000; description = lib.mdDoc "Port for LANraragi's web interface."; }; passwordFile = lib.mkOption { type = lib.types.nullOr lib.types.path; default = null; example = "/run/keys/lanraragi-password"; description = lib.mdDoc '' A file containing the password for LANraragi's admin interface. ''; }; redis = { port = lib.mkOption { type = lib.types.port; default = 6379; description = lib.mdDoc "Port for LANraragi's Redis server."; }; passwordFile = lib.mkOption { type = lib.types.nullOr lib.types.path; default = null; example = "/run/keys/redis-lanraragi-password"; description = lib.mdDoc '' A file containing the password for LANraragi's Redis server. ''; }; }; }; }; config = lib.mkIf cfg.enable { services.redis.servers.lanraragi = { enable = true; port = cfg.redis.port; requirePassFile = cfg.redis.passwordFile; }; systemd.services.lanraragi = { description = "LANraragi main service"; after = [ "network.target" "redis-lanraragi.service" ]; requires = [ "redis-lanraragi.service" ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { ExecStart = lib.getExe cfg.package; DynamicUser = true; StateDirectory = "lanraragi"; RuntimeDirectory = "lanraragi"; LogsDirectory = "lanraragi"; Restart = "on-failure"; WorkingDirectory = "/var/lib/lanraragi"; }; environment = { "LRR_TEMP_DIRECTORY" = "/run/lanraragi"; "LRR_LOG_DIRECTORY" = "/var/log/lanraragi"; "LRR_NETWORK" = "http://*:${toString cfg.port}"; "HOME" = "/var/lib/lanraragi"; }; preStart = '' REDIS_PASS=${lib.optionalString (cfg.redis.passwordFile != null) "$(head -n1 ${cfg.redis.passwordFile})"} cat > lrr.conf <<EOF { redis_address => "127.0.0.1:${toString cfg.redis.port}", redis_password => "$REDIS_PASS", redis_database => "0", redis_database_minion => "1", redis_database_config => "2", redis_database_search => "3", } EOF '' + lib.optionalString (cfg.passwordFile != null) '' PASS_HASH=$( PASS=$(head -n1 ${cfg.passwordFile}) ${cfg.package.perlEnv}/bin/perl -I${cfg.package}/share/lanraragi/lib -e \ 'use LANraragi::Controller::Config; print LANraragi::Controller::Config::make_password_hash($ENV{PASS})' \ 2>/dev/null ) ${lib.getExe pkgs.redis} -h 127.0.0.1 -p ${toString cfg.redis.port} -a "$REDIS_PASS" <<EOF SELECT 2 HSET LRR_CONFIG password $PASS_HASH EOF ''; }; }; }
nixos/tests/all-tests.nix +1 −0 Original line number Diff line number Diff line Loading @@ -432,6 +432,7 @@ in { kubo = import ./kubo { inherit recurseIntoAttrs runTest; }; ladybird = handleTest ./ladybird.nix {}; languagetool = handleTest ./languagetool.nix {}; lanraragi = handleTest ./lanraragi.nix {}; latestKernel.login = handleTest ./login.nix { latestKernel = true; }; leaps = handleTest ./leaps.nix {}; lemmy = handleTest ./lemmy.nix {}; Loading
nixos/tests/lanraragi.nix 0 → 100644 +40 −0 Original line number Diff line number Diff line import ./make-test-python.nix ({ pkgs, lib, ... }: { name = "lanraragi"; meta.maintainers = with lib.maintainers; [ tomasajt ]; nodes = { machine1 = { pkgs, ... }: { services.lanraragi.enable = true; }; machine2 = { pkgs, ... }: { services.lanraragi = { enable = true; passwordFile = pkgs.writeText "lrr-test-pass" '' ultra-secure-password ''; port = 4000; redis = { port = 4001; passwordFile = pkgs.writeText "redis-lrr-test-pass" '' still-a-very-secure-password ''; }; }; }; }; testScript = '' start_all() machine1.wait_for_unit("lanraragi.service") machine1.wait_until_succeeds("curl -f localhost:3000") machine1.succeed("[ $(curl -o /dev/null -X post 'http://localhost:3000/login' --data-raw 'password=kamimamita' -w '%{http_code}') -eq 302 ]") machine2.wait_for_unit("lanraragi.service") machine2.wait_until_succeeds("curl -f localhost:4000") machine2.succeed("[ $(curl -o /dev/null -X post 'http://localhost:4000/login' --data-raw 'password=ultra-secure-password' -w '%{http_code}') -eq 302 ]") ''; })
pkgs/by-name/la/lanraragi/expose-password-hashing.patch 0 → 100644 +36 −0 Original line number Diff line number Diff line diff --git a/lib/LANraragi/Controller/Config.pm b/lib/LANraragi/Controller/Config.pm index 2cd2c999..0bd8ab6e 100644 --- a/lib/LANraragi/Controller/Config.pm +++ b/lib/LANraragi/Controller/Config.pm @@ -50,6 +50,15 @@ sub index { ); } +sub make_password_hash { + my $ppr = Authen::Passphrase::BlowfishCrypt->new( + cost => 8, + salt_random => 1, + passphrase => shift, + ); + return $ppr->as_rfc2307; +} + # Save the given parameters to the Redis config sub save_config { @@ -95,14 +104,7 @@ sub save_config { my $password = $self->req->param('newpassword'); if ( $password ne "" ) { - my $ppr = Authen::Passphrase::BlowfishCrypt->new( - cost => 8, - salt_random => 1, - passphrase => $password, - ); - - my $pass_hashed = $ppr->as_rfc2307; - $confhash{password} = $pass_hashed; + $confhash{password} = make_password_hash($password); } }
