dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #332061 from emilazy/push-lyoruqmmrqzx

Browse Source 
hydron: drop
This commit is contained in:
Donovan Glover 2024-08-09 15:40:54 +00:00 committed by GitHub
commit 0c4a828b0d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
7 changed files with 5 additions and 206 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
nixos/modules/misc/ids.nix
View File

@ -327,7 +327,7 @@ in
hdfs = 295;
mapred = 296;
hadoop = 297;
hydron = 298;
#hydron = 298; # removed 2024-08-03
cfssl = 299;
cassandra = 300;
qemu-libvirtd = 301;
@ -637,7 +637,7 @@ in
hdfs = 295;
mapred = 296;
hadoop = 297;
hydron = 298;
#hydron = 298; # removed 2024-08-03
cfssl = 299;
cassandra = 300;
qemu-libvirtd = 301;

1
nixos/modules/module-list.nix
View File

@ -1501,7 +1501,6 @@
./services/web-servers/fcgiwrap.nix
./services/web-servers/garage.nix
./services/web-servers/hitch/default.nix
./services/web-servers/hydron.nix
./services/web-servers/jboss/default.nix
./services/web-servers/keter
./services/web-servers/lighttpd/cgit.nix

1
nixos/modules/rename.nix
View File

@ -67,6 +67,7 @@ in
(mkRemovedOptionModule [ "services" "fprot" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "frab" ] "The frab module has been removed")
(mkRemovedOptionModule [ "services" "homeassistant-satellite"] "The `services.homeassistant-satellite` module has been replaced by `services.wyoming-satellite`.")
(mkRemovedOptionModule [ "services" "hydron" ] "The `services.hydron` module has been removed as the project has been archived upstream since 2022 and is affected by a severe remote code execution vulnerability.")
(mkRemovedOptionModule [ "services" "ihatemoney" ] "The ihatemoney module has been removed for lack of downstream maintainer")
(mkRemovedOptionModule [ "services" "kippo" ] "The corresponding package was removed from nixpkgs.")
(mkRemovedOptionModule [ "services" "mailpile" ] "The corresponding package was removed from nixpkgs.")

164
nixos/modules/services/web-servers/hydron.nix
View File

@ -1,164 +0,0 @@
{ config, lib, pkgs, ... }:
let
cfg = config.services.hydron;
in with lib; {
options.services.hydron = {
enable = mkEnableOption "hydron";
dataDir = mkOption {
type = types.path;
default = "/var/lib/hydron";
example = "/home/okina/hydron";
description = "Location where hydron runs and stores data.";
};
interval = mkOption {
type = types.str;
default = "weekly";
example = "06:00";
description = ''
How often we run hydron import and possibly fetch tags. Runs by default every week.
The format is described in
{manpage}`systemd.time(7)`.
'';
};
password = mkOption {
type = types.str;
default = "hydron";
example = "dumbpass";
description = "Password for the hydron database.";
};
passwordFile = mkOption {
type = types.path;
default = "/run/keys/hydron-password-file";
example = "/home/okina/hydron/keys/pass";
description = "Password file for the hydron database.";
};
postgresArgs = mkOption {
type = types.str;
description = "Postgresql connection arguments.";
example = ''
{
"driver": "postgres",
"connection": "user=hydron password=dumbpass dbname=hydron sslmode=disable"
}
'';
};
postgresArgsFile = mkOption {
type = types.path;
default = "/run/keys/hydron-postgres-args";
example = "/home/okina/hydron/keys/postgres";
description = "Postgresql connection arguments file.";
};
listenAddress = mkOption {
type = types.nullOr types.str;
default = null;
example = "127.0.0.1:8010";
description = "Listen on a specific IP address and port.";
};
importPaths = mkOption {
type = types.listOf types.path;
default = [];
example = [ "/home/okina/Pictures" ];
description = "Paths that hydron will recursively import.";
};
fetchTags = mkOption {
type = types.bool;
default = true;
description = "Fetch tags for imported images and webm from gelbooru.";
};
};
config = mkIf cfg.enable {
services.hydron.passwordFile = mkDefault (pkgs.writeText "hydron-password-file" cfg.password);
services.hydron.postgresArgsFile = mkDefault (pkgs.writeText "hydron-postgres-args" cfg.postgresArgs);
services.hydron.postgresArgs = mkDefault ''
{
"driver": "postgres",
"connection": "user=hydron password=${cfg.password} host=/run/postgresql dbname=hydron sslmode=disable"
}
'';
services.postgresql = {
enable = true;
ensureDatabases = [ "hydron" ];
ensureUsers = [
{ name = "hydron";
ensureDBOwnership = true;
}
];
};
systemd.tmpfiles.rules = [
"d '${cfg.dataDir}' 0750 hydron hydron - -"
"d '${cfg.dataDir}/.hydron' - hydron hydron - -"
"d '${cfg.dataDir}/images' - hydron hydron - -"
"Z '${cfg.dataDir}' - hydron hydron - -"
"L+ '${cfg.dataDir}/.hydron/db_conf.json' - - - - ${cfg.postgresArgsFile}"
];
systemd.services.hydron = {
description = "hydron";
after = [ "network.target" "postgresql.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = "hydron";
Group = "hydron";
ExecStart = "${pkgs.hydron}/bin/hydron serve"
+ optionalString (cfg.listenAddress != null) " -a ${cfg.listenAddress}";
};
};
systemd.services.hydron-fetch = {
description = "Import paths into hydron and possibly fetch tags";
serviceConfig = {
Type = "oneshot";
User = "hydron";
Group = "hydron";
ExecStart = "${pkgs.hydron}/bin/hydron import "
+ optionalString cfg.fetchTags "-f "
+ (escapeShellArg cfg.dataDir) + "/images " + (escapeShellArgs cfg.importPaths);
};
};
systemd.timers.hydron-fetch = {
description = "Automatically import paths into hydron and possibly fetch tags";
after = [ "network.target" "hydron.service" ];
wantedBy = [ "timers.target" ];
timerConfig = {
Persistent = true;
OnCalendar = cfg.interval;
};
};
users = {
groups.hydron.gid = config.ids.gids.hydron;
users.hydron = {
description = "hydron server service user";
home = cfg.dataDir;
group = "hydron";
uid = config.ids.uids.hydron;
};
};
};
imports = [
(mkRenamedOptionModule [ "services" "hydron" "baseDir" ] [ "services" "hydron" "dataDir" ])
];
meta.maintainers = with maintainers; [ Madouura ];
}

37
pkgs/servers/hydron/default.nix
View File

@ -1,37 +0,0 @@
{ lib
, buildGoModule
, fetchFromGitHub
, gitUpdater
, pkg-config
, ffmpeg_4
}:
buildGoModule rec {
pname = "hydron";
version = "3.3.6";
src = fetchFromGitHub {
owner = "bakape";
repo = "hydron";
rev = "v${version}";
hash = "sha256-Q1pZf5FPQw+pHItcZyOGx0N+iHmz9rW0+ANFsketh6E=";
};
vendorHash = "sha256-hKF2RCGnk/5hNS65vGoDdF1OUPSLe4PDegYlKTeqJDM=";
proxyVendor = true;
nativeBuildInputs = [ pkg-config ];
buildInputs = [ ffmpeg_4 ];
passthru.updateScript = gitUpdater {
rev-prefix = "v";
};
meta = with lib; {
homepage = "https://github.com/bakape/hydron";
description = "High performance media tagger and organizer";
license = with licenses; [ lgpl3Plus ];
knownVulnerabilities = [ "CVE-2023-4863" ]; # Via https://github.com/chai2010/webp dep
maintainers = with maintainers; [ Madouura ];
};
}

2
pkgs/top-level/aliases.nix
View File

@ -645,6 +645,8 @@ mapAliases ({
hll2390dw-cups = throw "The hll2390dw-cups package was dropped since it was unmaintained."; # Added 2024-06-21
ht-rust = xh; # Added 2021-02-13
hydra-unstable = hydra_unstable; # added 2022-05-10
hydron = throw "hydron has been removed as the project has been archived upstream since 2022 and is affected by a severe remote code execution vulnerability";
hyper-haskell = throw "'hyper-haskell' has been removed. reason: has been broken for a long time and depends on an insecure electron version"; # Added 2024-03-14
hyper-haskell-server-with-packages = throw "'hyper-haskell-server-with-packages' has been removed. reason: has been broken for a long time"; # Added 2024-03-14

2
pkgs/top-level/all-packages.nix
View File

@ -25185,8 +25185,6 @@ with pkgs;
https-dns-proxy = callPackage ../servers/dns/https-dns-proxy { };
hydron = callPackage ../servers/hydron { };
ic-keysmith = callPackage ../tools/security/ic-keysmith { };
icecream = callPackage ../servers/icecream { };