tjh.dev / nixpkgs
nixpkgs mirror (for testing) github.com/NixOS/nixpkgs
nix
fork atom

nixos/gotenberg: Add new settings for 8.10.0+ versions

Also fixes some issues that were reported.

authored by pyrox.dev and committed by

Sandro Jäckel 31aedcfb 348d126d

+123 -22
+3
nixos/doc/manual/release-notes/rl-2505.section.md
··· 258 258 - `services.paperless` now installs `paperless-manage` as a normal system package instead of creating a symlink in `/var/lib/paperless`. 259 259 `paperless-manage` now also changes to the appropriate user when being executed. 260 260 261 + - The `gotenberg` package has been updated to 8.16.0, which brings breaking changes to the configuration from version 8.13.0. See the [upstream release notes](https://github.com/gotenberg/gotenberg/releases/tag/v8.13.0) 262 + for that release to get all the details. The `services.gotenberg` module has been updated appropriately to ensure your configuration is valid with this new release. 263 + 261 264 - `asusd` has been upgraded to version 6 which supports multiple aura devices. To account for this, the single `auraConfig` configuration option has been replaced with `auraConfigs` which is an attribute set of config options per each device. The config files may also be now specified as either source files or text strings; to account for this you will need to specify that `text` is used for your existing configs, e.g.: 262 265 ```diff 263 266 -services.asusd.asusdConfig = '''file contents'''
+120 -22
nixos/modules/services/misc/gotenberg.nix
··· 16 16 "--chromium-max-queue-size=${toString cfg.chromium.maxQueueSize}" 17 17 "--libreoffice-restart-after=${toString cfg.libreoffice.restartAfter}" 18 18 "--libreoffice-max-queue-size=${toString cfg.libreoffice.maxQueueSize}" 19 - "--pdfengines-engines=${lib.concatStringsSep "," cfg.pdfEngines}" 19 + "--pdfengines-merge-engines=${lib.concatStringsSep "," cfg.pdfEngines.merge}" 20 + "--pdfengines-convert-engines=${lib.concatStringsSep "," cfg.pdfEngines.convert}" 21 + "--pdfengines-read-metadata-engines=${lib.concatStringsSep "," cfg.pdfEngines.readMetadata}" 22 + "--pdfengines-write-metadata-engines=${lib.concatStringsSep "," cfg.pdfEngines.writeMetadata}" 23 + "--api-download-from-allow-list=${cfg.downloadFrom.allowList}" 24 + "--api-download-from-max-retry=${toString cfg.downloadFrom.maxRetries}" 20 25 ] 21 26 ++ optional cfg.enableBasicAuth "--api-enable-basic-auth" 22 27 ++ optional cfg.chromium.autoStart "--chromium-auto-start" 23 28 ++ optional cfg.chromium.disableJavascript "--chromium-disable-javascript" 24 29 ++ optional cfg.chromium.disableRoutes "--chromium-disable-routes" 25 30 ++ optional cfg.libreoffice.autoStart "--libreoffice-auto-start" 26 - ++ optional cfg.libreoffice.disableRoutes "--libreoffice-disable-routes"; 31 + ++ optional cfg.libreoffice.disableRoutes "--libreoffice-disable-routes" 32 + ++ optional cfg.pdfEngines.disableRoutes "--pdfengines-disable-routes" 33 + ++ optional ( 34 + cfg.downloadFrom.denyList != null 35 + ) "--api-download-from-deny-list=${cfg.downloadFrom.denyList}" 36 + ++ optional cfg.downloadFrom.disable "--api-disable-download-from" 37 + ++ optional (cfg.bodyLimit != null) "--api-body-limit=${cfg.bodyLimit}" 38 + ++ lib.optionals (cfg.extraArgs != [ ]) cfg.extraArgs; 27 39 28 40 inherit (lib) 29 41 mkEnableOption ··· 63 51 description = "Port on which the API should listen."; 64 52 }; 65 53 54 + bindIP = mkOption { 55 + type = types.nullOr types.str; 56 + default = "127.0.0.1"; 57 + description = "Port the API listener should bind to. Set to 0.0.0.0 to listen on all available IPs."; 58 + }; 59 + 66 60 timeout = mkOption { 67 61 type = types.nullOr types.str; 68 62 default = "30s"; ··· 90 72 If you set this, be sure to set `GOTENBERG_API_BASIC_AUTH_USERNAME`and `GOTENBERG_API_BASIC_AUTH_PASSWORD` 91 73 in your `services.gotenberg.environmentFile` file. 92 74 ''; 75 + }; 76 + 77 + bodyLimit = mkOption { 78 + type = types.nullOr types.str; 79 + default = null; 80 + description = "Sets the max limit for `multipart/form-data` requests. Accepts values like '5M', '20G', etc."; 93 81 }; 94 82 95 83 extraFontPackages = mkOption { ··· 132 108 }; 133 109 }; 134 110 111 + downloadFrom = { 112 + allowList = mkOption { 113 + type = types.nullOr types.str; 114 + default = ".*"; 115 + description = "Allow these URLs to be used in the `downloadFrom` API field. Accepts a regular expression."; 116 + }; 117 + denyList = mkOption { 118 + type = types.nullOr types.str; 119 + default = null; 120 + description = "Deny accepting URLs from these domains in the `downloadFrom` API field. Accepts a regular expression."; 121 + }; 122 + maxRetries = mkOption { 123 + type = types.int; 124 + default = 4; 125 + description = "The maximum amount of times to retry downloading a file specified with `downloadFrom`."; 126 + }; 127 + disable = mkOption { 128 + type = types.bool; 129 + default = false; 130 + description = "Whether to disable the ability to download files for conversion from outside sources."; 131 + }; 132 + }; 133 + 135 134 libreoffice = { 136 135 package = mkPackageOption pkgs "libreoffice" { }; 137 136 ··· 183 136 }; 184 137 }; 185 138 186 - pdfEngines = mkOption { 187 - type = types.listOf ( 188 - types.enum [ 189 - "pdftk" 139 + pdfEngines = { 140 + merge = mkOption { 141 + type = types.listOf ( 142 + types.enum [ 143 + "qpdf" 144 + "pdfcpu" 145 + "pdftk" 146 + ] 147 + ); 148 + default = [ 190 149 "qpdf" 191 - "libreoffice-pdfengine" 192 - "exiftool" 193 150 "pdfcpu" 194 - ] 195 - ); 196 - default = [ 197 - "pdftk" 198 - "qpdf" 199 - "libreoffice-pdfengine" 200 - "exiftool" 201 - "pdfcpu" 202 - ]; 203 - description = '' 204 - PDF engines to enable. Each one can be used to perform a specific task. 205 - See [the documentation](https://gotenberg.dev/docs/configuration#pdf-engines) for more details. 206 - Defaults to all possible PDF engines. 207 - ''; 151 + "pdftk" 152 + ]; 153 + description = "PDF Engines to use for merging files."; 154 + }; 155 + convert = mkOption { 156 + type = types.listOf ( 157 + types.enum [ 158 + "libreoffice-pdfengine" 159 + ] 160 + ); 161 + default = [ 162 + "libreoffice-pdfengine" 163 + ]; 164 + description = "PDF Engines to use for converting files."; 165 + }; 166 + readMetadata = mkOption { 167 + type = types.listOf ( 168 + types.enum [ 169 + "exiftool" 170 + ] 171 + ); 172 + default = [ 173 + "exiftool" 174 + ]; 175 + description = "PDF Engines to use for reading metadata from files."; 176 + }; 177 + writeMetadata = mkOption { 178 + type = types.listOf ( 179 + types.enum [ 180 + "exiftool" 181 + ] 182 + ); 183 + default = [ 184 + "exiftool" 185 + ]; 186 + description = "PDF Engines to use for writing metadata to files."; 187 + }; 188 + 189 + disableRoutes = mkOption { 190 + type = types.bool; 191 + default = false; 192 + description = "Disable routes related to PDF engines."; 193 + }; 208 194 }; 209 195 210 196 logLevel = mkOption { ··· 276 196 See `services.gotenberg.enableBasicAuth` for the names of those variables. 277 197 ''; 278 198 } 199 + { 200 + assertion = !(lib.isList cfg.pdfEngines); 201 + message = '' 202 + Setting `services.gotenberg.pdfEngines` to a list is now deprecated. 203 + Use the new `pdfEngines.mergeEngines`, `pdfEngines.convertEngines`, `pdfEngines.readMetadataEngines`, and `pdfEngines.writeMetadataEngines` settings instead. 204 + 205 + The previous option was using a method that is now deprecated by upstream. 206 + ''; 207 + } 279 208 ]; 280 209 281 210 systemd.services.gotenberg = { ··· 298 209 FONTCONFIG_FILE = pkgs.makeFontsConf { 299 210 fontDirectories = [ pkgs.liberation_ttf_v2 ] ++ cfg.extraFontPackages; 300 211 }; 212 + # Needed for LibreOffice to work correctly. 213 + # https://github.com/NixOS/nixpkgs/issues/349123#issuecomment-2418330936 214 + HOME = "/run/gotenberg"; 301 215 }; 302 216 serviceConfig = { 303 217 Type = "simple"; 304 218 DynamicUser = true; 305 219 ExecStart = "${lib.getExe cfg.package} ${lib.escapeShellArgs args}"; 220 + 221 + # Needed for LibreOffice to work correctly. 222 + # See above issue comment. 223 + WorkingDirectory = "/run/gotenberg"; 224 + RuntimeDirectory = "gotenberg"; 306 225 307 226 # Hardening options 308 227 PrivateDevices = true; ··· 340 243 SystemCallFilter = [ 341 244 "@sandbox" 342 245 "@system-service" 246 + "@chown" 343 247 ]; 344 248 SystemCallArchitectures = "native"; 345 249