awkawb/invoiceninja-nixos
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

Updated Invoice Ninja to v5.10.31

Browse Source 
* Changed php environment packages
* Added patch to switch back to Flutter
* Added patch to fix storage permissions
This commit is contained in:
Andrew Bryant 2024-10-06 21:48:09 -04:00
parent 1abeb7dc5a
commit 5f862fe8d3
6 changed files with 92 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
default.nix
View File

@ -9,19 +9,25 @@
php.buildComposerProject (finalAttrs: {
pname = "invoice-ninja";
version = "5.10.29";
version = "5.10.31";
src = fetchFromGitHub {
owner = "invoiceninja";
repo = "invoiceninja";
rev = "v${finalAttrs.version}";
hash = "sha256-nhLt3DXW0q07ZhDq23mHwbVmqHZor+p925/yrKXum54=";
hash = "sha256-n3SpyXGUjw+qHEtnrclzIIdQ09UZBI+Rj7MXeUJVk6c=";
};
vendorHash = "sha256-NVvx1aKhbC5XuXt2+gS2c3ulNWoCKrYNnEleBuAcftQ=";
vendorHash = "sha256-krGeVT6GyvkFkgeviA06dRneApEHDK61Tm+hXYTVYCM=";
# Patch sources to allow more restrictive permissions
# patches = [ ./config-filesystems.patch ];
# Patch sources for more restrictive permissions
patches = [
./fix-storage-permissions.patch
./disable-react-for-admin.patch
# FIXME this patch should fix "Health Check" file permissions errors
#./fix-base-permissions.patch
];
# Upstream composer.json has invalid license, webpatser/laravel-countries package is pointing
# to commit-ref, and php required in require and require-dev

13
disable-react-for-admin.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/app/Console/Commands/CreateAccount.php b/app/Console/Commands/CreateAccount.php
index 228f8e8283..1ff3c54a61 100644
--- a/app/Console/Commands/CreateAccount.php
+++ b/app/Console/Commands/CreateAccount.php
@@ -79,7 +79,7 @@ class CreateAccount extends Command
$company->save();
$account->default_company_id = $company->id;
- $account->set_react_as_default_ap = true;
+ $account->set_react_as_default_ap = false;
$account->save();
$email = $this->option('email') ?? 'admin@example.com';

8
config-filesystems.patch → fix-base-permissions.patch
View File

@ -1,13 +1,15 @@
diff --git a/config/filesystems.php b/config/filesystems.php
index a104af7a81..a4c87ba3ff 100644
index a104af7a81..3582c519a1 100644
--- a/config/filesystems.php
+++ b/config/filesystems.php
@@ -37,7 +37,7 @@ return [
@@ -37,8 +37,8 @@ return [
'root' => base_path(),
'permissions' => [
'file' => [
- 'public' => 0664,
- 'private' => 0600,
+ 'public' => 0444,
'private' => 0600,
+ 'private' => 0400,
],
'dir' => [
'public' => 0775,

32
fix-storage-permissions.patch Normal file
View File

@ -0,0 +1,32 @@
diff --git a/config/filesystems.php b/config/filesystems.php
index a104af7a81..5294147710 100644
--- a/config/filesystems.php
+++ b/config/filesystems.php
@@ -53,11 +53,11 @@ return [
'root' => storage_path('app'),
'permissions' => [
'file' => [
- 'public' => 0664,
+ 'public' => 0660,
'private' => 0600,
],
'dir' => [
- 'public' => 0775,
+ 'public' => 0770,
'private' => 0700,
],
],
@@ -71,11 +71,11 @@ return [
'visibility' => 'public',
'permissions' => [
'file' => [
- 'public' => 0664,
+ 'public' => 0660,
'private' => 0600,
],
'dir' => [
- 'public' => 0775,
+ 'public' => 0770,
'private' => 0700,
],
],

50
invoice-ninja.nix
View File

@ -16,7 +16,7 @@ let
# PHP environment
phpPackage = cfg.phpPackage.buildEnv {
extensions = { enabled, all }: enabled ++ (with all;
[ bcmath ctype curl fileinfo gd gmp iconv imagick mbstring mysqli openssl pdo tokenizer zip ]
[ bcmath ctype curl fileinfo gd gmp iconv imagick intl mbstring mysqli openssl pdo soap tokenizer zip ]
);
extraConfig = "memory_limit = 1024M";
@ -245,10 +245,13 @@ in
services.invoice-ninja.settings =
let
app_http_url = "http://${cfg.hostName}";
app_https_url = "https://${cfg.hostName}";
react_http_url = "http://${cfg.hostName}:3001";
react_https_url = "https://${cfg.hostName}:3001";
url = ({ hostName, react ? false }:
if (hostName == "localhost")
then
(if (react == true) then ("http://" + hostName + ":3001") else ("http://" + hostName))
else
(if (react == true) then ("https://" + hostName + ":3001") else ("https://" + hostName))
);
chromium = lib.lists.findSingle (x: x == pkgs.chromium) "none" "multiple" extraPrograms;
in
lib.mkMerge [
@ -256,8 +259,8 @@ in
APP_NAME = lib.mkDefault "\"Invoice Ninja\"";
APP_ENV = lib.mkDefault "production";
APP_DEBUG = lib.mkDefault false;
APP_URL = lib.mkDefault (if (cfg.hostName != "localhost") then "${app_https_url}" else "${app_http_url}");
REACT_URL = lib.mkDefault (if (cfg.hostName != "localhost") then "${react_https_url}" else "${react_http_url}");
APP_URL = lib.mkDefault (url { hostName = cfg.hostName; });
REACT_URL = lib.mkDefault (url { hostName = cfg.hostName; react = true; });
DB_CONNECTION = lib.mkDefault "mysql";
MULTI_DB_ENABLED = lib.mkDefault false;
DEMO_MODE = lib.mkDefault false;
@ -310,6 +313,11 @@ in
{
root = lib.mkForce "${invoice-ninja}/public";
locations = {
"= /index.php".extraConfig = ''
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:${config.services.phpfpm.pools.invoice-ninja.socket};
fastcgi_index index.php;
'';
"/" = {
tryFiles = "$uri $uri/ /index.php?$query_string";
extraConfig = ''
@ -318,11 +326,7 @@ in
}
'';
};
"~ \\.php$".extraConfig = ''
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:${config.services.phpfpm.pools.invoice-ninja.socket};
fastcgi_index index.php;
'';
"~ \\.php$".extraConfig = "return 403;";
"~ /\\.ht".extraConfig = "deny all;";
};
extraConfig = ''
@ -435,17 +439,15 @@ in
# Perform the first migration
[[ ! -f ${cfg.dataDir}/.initial-migration ]] && invoice-ninja-manage migrate --force && touch ${cfg.dataDir}/.initial-migration
# Seed database with records
# Necessary for languages, currencies, countries, etc.
invoice-ninja-manage db:seed --force
# Create Invoice Ninja admin account
[[ ! -f ${cfg.dataDir}/.admin-created ]] \
&& invoice-ninja-manage ninja:create-account --email=${cfg.adminEmail} --password=${cfg.adminPassword} \
&& touch ${cfg.dataDir}/.admin-created
# Recent releases make the React interface default
# Currently this is broken so we switch back to the Flutter interface
[[ ! -f ${cfg.dataDir}/.react-disabled ]] \
&& mysql -D ${cfg.database.name} -e 'UPDATE accounts SET set_react_as_default_ap = 0;' \
&& touch ${cfg.dataDir}/.react-disabled
invoice-ninja-manage route:cache
invoice-ninja-manage view:cache
invoice-ninja-manage config:cache
@ -460,16 +462,24 @@ in
"${cfg.dataDir}/storage/framework"
"${cfg.dataDir}/storage/framework/cache"
"${cfg.dataDir}/storage/framework/sessions"
"${cfg.dataDir}/storage/framework/testing"
"${cfg.dataDir}/storage/framework/views"
"${cfg.dataDir}/storage/logs"
cfg.runtimeDir
"${cfg.runtimeDir}/cache"
] (n: {
d = {
user = user;
group = group;
mode = "0770";
};
}) // lib.attrsets.genAttrs [
cfg.runtimeDir
"${cfg.runtimeDir}/cache"
] (n: {
d = {
user = user;
group = group;
mode = "0750";
};
});
};
}

2
tests/test-config.nix
View File

@ -13,7 +13,7 @@
users.users.test = {
isNormalUser = true;
extraGroups = [ "wheel" ];
initialPassword = "testing";
initialPassword = "test";
};
services.invoice-ninja = {