From f4f3f7d0ad49cfb9d73061997523f69c31716739 Mon Sep 17 00:00:00 2001
From: stuebinm
Date: Sat, 1 Apr 2023 02:54:35 +0200
Subject: add module for crs-tracker, for fun

please no one like, actually use this. unless you volunteer to at least
add a script to run database migrations, since currently these need to
be run by hand …
---
 flake.nix                    |   2 +-
 ilex/configuration.nix       |  33 ++++++++---
 modules/crs-tools.nix        | 132 +++++++++++++++++++++++++++++++++++++++++++
 pkgs/0001-add-lockfile.patch |  47 +++++++++++++++
 pkgs/crs-tools.nix           |  44 +++++++++++++++
 pkgs/overlay.nix             |   1 +
 6 files changed, 250 insertions(+), 9 deletions(-)
 create mode 100644 modules/crs-tools.nix
 create mode 100644 pkgs/0001-add-lockfile.patch
 create mode 100644 pkgs/crs-tools.nix

diff --git a/flake.nix b/flake.nix
index 2267990..c1c790f 100644
--- a/flake.nix
+++ b/flake.nix
@@ -118,7 +118,7 @@
     packages.x86_64-linux = {
       inherit (nixpkgs) galmon-core galmon-full glitchtip typst
         almanac kijetesantakaluotokieni showrt isabelle-utils isabat
-        emacs29;
+        emacs29 crs-tools;
     };
 
     nixosModules = {
diff --git a/ilex/configuration.nix b/ilex/configuration.nix
index 462cc3f..9b7f5fb 100644
--- a/ilex/configuration.nix
+++ b/ilex/configuration.nix
@@ -8,6 +8,7 @@
   imports = [
     ./hardware-configuration.nix
     ../modules/glitchtip.nix
+    ../modules/crs-tools.nix
   ];
 
   networking.firewall.allowedTCPPorts = [ 5000 ];
@@ -34,7 +35,7 @@
 
   services.postgresql = {
     enable = true;
-    ensureDatabases = [ "tracktrain" "glitchtrip" ];
+    ensureDatabases = [ "tracktrain" "glitchtrip" "crstracker" ];
     ensureUsers = [ {
       name = "tracktrain";
       ensurePermissions = {
@@ -45,25 +46,41 @@
       ensurePermissions = {
         "DATABASE glitchtrip" = "ALL PRIVILEGES";
       };
+    } {
+      name = "crstracker";
+      ensurePermissions = {
+        "DATABASE crstracker" = "ALL PRIVILEGES";
+      };
     } ];
     authentication = ''
       local   all   all                              trust
       host    all   all        127.0.0.1/32          trust
       host    all   all        ::1/127               trust
     '';
+    package = pkgs.postgresql_11;
   };
 
-  services.glitchtip = {
-    enable = true;
-    databaseUrl = "postgres://glitchtrip@localhost:5432/glitchtrip";
-  };
-  services.redis.servers.glitchtip = {
+  # services.glitchtip = {
+  #   enable = true;
+  #   databaseUrl = "postgres://glitchtrip@localhost:5432/glitchtrip";
+  # };
+  # services.redis.servers.glitchtip = {
+  #   enable = true;
+  #   port = 6379;
+  # };
+
+  services.crs-tracker = {
     enable = true;
-    port = 6379;
+    nginxVirtualHostConfig = {
+      listen = [{
+        addr = "127.0.0.1";
+        port = 8080;
+        ssl = false;
+      }];
+    };
   };
 
 
-
   services.tlp = {
     enable = true;
     settings = {
diff --git a/modules/crs-tools.nix b/modules/crs-tools.nix
new file mode 100644
index 0000000..fb43136
--- /dev/null
+++ b/modules/crs-tools.nix
@@ -0,0 +1,132 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+with lib;
+
+let
+  cfg = config.services.crs-tracker;
+  configFile = pkgs.writeText "crs-tracker-config.php" ''
+    <?php
+      Log::setPath(ROOT . '../log/application.log');
+      Log::setLevel(Log::INFO);
+      Log::colorize(true);
+
+      Database_PostgreSQL::init(
+              '${cfg.dbHost}',
+              '${cfg.dbUsername}',
+              '${cfg.dbPassword}',
+              '${cfg.dbDatabase}'
+      );
+
+      // TODO: make timezone a user setting or get it from browser
+      Database::$Instance->query(
+              'SET timezone = ' . Database::$Instance->quote(date_default_timezone_get())
+      );
+
+      requires('Cache/Adapter/APC');
+      Cache::setAdapter(new Cache_Adapter_APC());
+
+      session_set_cookie_params(0, '/', null, false, true);
+
+      libxml_disable_entity_loader(true);
+    ?>
+  '';
+  tracker = pkgs.stdenv.mkDerivation {
+    src = pkgs.crs-tools.tracker;
+    name = "tracker-with-config";
+    buildPhase = ''
+      mkdir $out
+      cp -r $src/* $out
+      chmod +w $out/src/Config/
+      ln -s ${configFile} $out/src/Config/Config.php
+    '';
+    phases = [ "buildPhase" ];
+  };
+in {
+  options.services.crs-tracker = {
+    enable = mkOption {
+      type = types.bool;
+      default = false;
+      description = "tracker fahren.";
+    };
+
+    dbHost = mkOption {
+      type = types.str;
+      default = "localhost";
+      description =
+        "domain the database runs on. This must be a postgres < 12.";
+    };
+
+    dbUsername = mkOption {
+      type = types.str;
+      default = "crstracker";
+    };
+
+    dbPassword = mkOption {
+      type = types.str;
+      default = "";
+    };
+
+    dbDatabase = mkOption {
+      type = types.str;
+      default = "crstracker";
+    };
+
+    nginxVirtualHostConfig = mkOption {
+      type = types.submodule (import "${modulesPath}/services/web-servers/nginx/vhost-options.nix" {
+        inherit config lib;
+      });
+      default = {};
+    };
+  };
+
+  config = mkIf cfg.enable {
+
+    services.phpfpm = {
+      pools.crs-tracker = {
+        phpPackage = pkgs.crs-tools.php;
+        user = "crs-tools";
+        group = "crs-tools";
+        settings = {
+          "listen.owner" = config.services.nginx.user;
+          "listen.group" = config.services.nginx.group;
+          "pm" = "dynamic";
+          "pm.max_children" = "32";
+          "pm.start_servers" = "2";
+          "pm.min_spare_servers" = "2";
+          "pm.max_spare_servers" = "4";
+          "pm.max_requests" = "500";
+          "access.log" = "/var/log/$pool.access.log";
+        };
+      };
+    };
+    users.users.crs-tools = {
+      group = "crs-tools";
+      isSystemUser = true;
+      home = tracker.outPath;
+    };
+    users.groups.crs-tools.members = [ "crs-tools" ];
+
+    services.nginx = {
+      enable = mkDefault true;
+
+      virtualHosts."crs-tools" = cfg.nginxVirtualHostConfig // {
+        root = "${tracker}/src/Public";
+        locations."~ ^/(downloads|css|images|thumbnails|javascript|fahrplan)/".priority = 900;
+        locations."/" = {
+          extraConfig = ''
+            # include ${config.services.nginx.package}/conf/fastcgi.conf;
+            include ${config.services.nginx.package}/conf/fastcgi_params;
+            fastcgi_split_path_info ^(.+?)(\\/.*)$;
+            fastcgi_param PATH_INFO $fastcgi_path_info;
+            fastcgi_param SCRIPT_FILENAME $document_root/index.php;
+            fastcgi_index index.php;
+            fastcgi_pass unix:${config.services.phpfpm.pools.crs-tracker.socket};
+            # remove trailing slash
+            rewrite ^(.+)/$ $1 permanent;
+            rewrite ^(.*)$ /index.php$1 break;
+          '';
+        };
+      };
+    };
+  };
+}
diff --git a/pkgs/0001-add-lockfile.patch b/pkgs/0001-add-lockfile.patch
new file mode 100644
index 0000000..a8cd3ce
--- /dev/null
+++ b/pkgs/0001-add-lockfile.patch
@@ -0,0 +1,47 @@
+From 339d2c0c3df062eee919691740e8d5b4d4b5bc30 Mon Sep 17 00:00:00 2001
+From: stuebinm <stuebinm@disroot.org>
+Date: Tue, 28 Mar 2023 01:54:24 +0200
+Subject: [PATCH] add lockfile
+
+---
+ composer.lock | 28 ++++++++++++++++++++++++++++
+ 1 file changed, 28 insertions(+)
+ create mode 100644 composer.lock
+
+diff --git a/composer.lock b/composer.lock
+new file mode 100644
+index 00000000..d2b67b38
+--- /dev/null
++++ b/composer.lock
+@@ -0,0 +1,28 @@
++{
++    "_readme": [
++        "This file locks the dependencies of your project to a known state",
++        "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
++        "This file is @generated automatically"
++    ],
++    "content-hash": "b3c1951928eb81c8bcfcace0c956b376",
++    "packages": [],
++    "packages-dev": [],
++    "aliases": [],
++    "minimum-stability": "stable",
++    "stability-flags": [],
++    "prefer-stable": false,
++    "prefer-lowest": false,
++    "platform": {
++        "php": ">=7.1.0",
++        "ext-apcu": "*",
++        "ext-curl": "*",
++        "ext-intl": "*",
++        "ext-mbstring": "*",
++        "ext-openssl": "*",
++        "ext-xdiff": "*",
++        "ext-xmlrpc": "*",
++        "ext-xsl": "*"
++    },
++    "platform-dev": [],
++    "plugin-api-version": "2.3.0"
++}
+-- 
+2.38.4
+
diff --git a/pkgs/crs-tools.nix b/pkgs/crs-tools.nix
new file mode 100644
index 0000000..def657c
--- /dev/null
+++ b/pkgs/crs-tools.nix
@@ -0,0 +1,44 @@
+{ stdenv, lib, fetchFromGitHub, system, ... }:
+
+let
+  # we need php < 8; some of the tracker's code is kinda deprecated
+  nixpkgs = fetchFromGitHub {
+    owner = "NixOS";
+    repo = "nixpkgs";
+    rev = "21.05";
+    sha256 = "sha256-ZjBd81a6J3TwtlBr3rHsZspYUwT9OdhDk+a/SgSEf7I=";
+  };
+in
+
+rec {
+  php = (import nixpkgs { inherit system; }).php73.withExtensions
+    (e: with e.all; e.enabled ++ [curl intl mbstring openssl xsl apcu]);
+
+  tracker = stdenv.mkDerivation {
+    pname = "crs-tracker";
+    version = "yolo";
+
+    src = fetchFromGitHub {
+      owner = "crs-tools";
+      repo = "tracker";
+      rev = "7763c665522c7c027ed7f70cba00d7eef47b0644";
+      sha256 = "sha256-MA04yiDLquKmiJ/6kUXigFPt7JtNB7/HI9SA60bRhH0=";
+      fetchSubmodules = true;
+    };
+
+    patches = [
+      ./0001-add-lockfile.patch
+    ];
+
+    buildInputs = [ php php.packages.composer ];
+
+    buildPhase = ''
+      composer install --ignore-platform-req=ext-xdiff --ignore-platform-req=ext-xmlrpc
+    '';
+
+    installPhase = ''
+      mkdir -p $out
+      cp -r * $out
+    '';
+  };
+}
diff --git a/pkgs/overlay.nix b/pkgs/overlay.nix
index bfc0175..0995095 100644
--- a/pkgs/overlay.nix
+++ b/pkgs/overlay.nix
@@ -75,4 +75,5 @@ self: super:
       withX = false;
     };
 
+  crs-tools = self.callPackage ./crs-tools.nix {};
 }
-- 
cgit v1.2.3