awkawb/invoiceninja-nixos
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

Updated Invoice Ninja to v5.10.31

Browse Source 
* Changed php environment packages
* Added patch to switch back to Flutter
* Added patch to fix storage permissions
This commit is contained in:
Andrew Bryant 2024-10-06 21:48:09 -04:00
parent 1abeb7dc5a
commit 5f862fe8d3
6 changed files with 92 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
default.nix
View File

@ -9,19 +9,25 @@
php.buildComposerProject (finalAttrs: { php.buildComposerProject (finalAttrs: {
pname = "invoice-ninja"; pname = "invoice-ninja";
version = "5.10.29"; version = "5.10.31";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "invoiceninja"; owner = "invoiceninja";
repo = "invoiceninja"; repo = "invoiceninja";
rev = "v${finalAttrs.version}"; rev = "v${finalAttrs.version}";
hash = "sha256-nhLt3DXW0q07ZhDq23mHwbVmqHZor+p925/yrKXum54="; hash = "sha256-n3SpyXGUjw+qHEtnrclzIIdQ09UZBI+Rj7MXeUJVk6c=";
}; };
vendorHash = "sha256-NVvx1aKhbC5XuXt2+gS2c3ulNWoCKrYNnEleBuAcftQ="; vendorHash = "sha256-krGeVT6GyvkFkgeviA06dRneApEHDK61Tm+hXYTVYCM=";
# Patch sources to allow more restrictive permissions # Patch sources for more restrictive permissions
# patches = [ ./config-filesystems.patch ]; patches = [
./fix-storage-permissions.patch
./disable-react-for-admin.patch
# FIXME this patch should fix "Health Check" file permissions errors
#./fix-base-permissions.patch
];
# Upstream composer.json has invalid license, webpatser/laravel-countries package is pointing # Upstream composer.json has invalid license, webpatser/laravel-countries package is pointing
# to commit-ref, and php required in require and require-dev # to commit-ref, and php required in require and require-dev

13
disable-react-for-admin.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/app/Console/Commands/CreateAccount.php b/app/Console/Commands/CreateAccount.php
index 228f8e8283..1ff3c54a61 100644
--- a/app/Console/Commands/CreateAccount.php
+++ b/app/Console/Commands/CreateAccount.php
@@ -79,7 +79,7 @@ class CreateAccount extends Command
$company->save();
$account->default_company_id = $company->id;
- $account->set_react_as_default_ap = true;
+ $account->set_react_as_default_ap = false;
$account->save();
$email = $this->option('email') ?? 'admin@example.com';

8
config-filesystems.patch → fix-base-permissions.patch
View File

@ -1,13 +1,15 @@
diff --git a/config/filesystems.php b/config/filesystems.php diff --git a/config/filesystems.php b/config/filesystems.php
index a104af7a81..a4c87ba3ff 100644 index a104af7a81..3582c519a1 100644
--- a/config/filesystems.php --- a/config/filesystems.php
+++ b/config/filesystems.php +++ b/config/filesystems.php
@@ -37,7 +37,7 @@ return [ @@ -37,8 +37,8 @@ return [
'root' => base_path(), 'root' => base_path(),
'permissions' => [ 'permissions' => [
'file' => [ 'file' => [
- 'public' => 0664, - 'public' => 0664,
- 'private' => 0600,
+ 'public' => 0444, + 'public' => 0444,
'private' => 0600, + 'private' => 0400,
], ],
'dir' => [ 'dir' => [
'public' => 0775,

32
fix-storage-permissions.patch Normal file
View File

@ -0,0 +1,32 @@
diff --git a/config/filesystems.php b/config/filesystems.php
index a104af7a81..5294147710 100644
--- a/config/filesystems.php
+++ b/config/filesystems.php
@@ -53,11 +53,11 @@ return [
'root' => storage_path('app'),
'permissions' => [
'file' => [
- 'public' => 0664,
+ 'public' => 0660,
'private' => 0600,
],
'dir' => [
- 'public' => 0775,
+ 'public' => 0770,
'private' => 0700,
],
],
@@ -71,11 +71,11 @@ return [
'visibility' => 'public',
'permissions' => [
'file' => [
- 'public' => 0664,
+ 'public' => 0660,
'private' => 0600,
],
'dir' => [
- 'public' => 0775,
+ 'public' => 0770,
'private' => 0700,
],
],

50
invoice-ninja.nix
View File

@ -16,7 +16,7 @@ let
# PHP environment # PHP environment
phpPackage = cfg.phpPackage.buildEnv { phpPackage = cfg.phpPackage.buildEnv {
extensions = { enabled, all }: enabled ++ (with all; extensions = { enabled, all }: enabled ++ (with all;
[ bcmath ctype curl fileinfo gd gmp iconv imagick mbstring mysqli openssl pdo tokenizer zip ] [ bcmath ctype curl fileinfo gd gmp iconv imagick intl mbstring mysqli openssl pdo soap tokenizer zip ]
); );
extraConfig = "memory_limit = 1024M"; extraConfig = "memory_limit = 1024M";
@ -245,10 +245,13 @@ in
services.invoice-ninja.settings = services.invoice-ninja.settings =
let let
app_http_url = "http://${cfg.hostName}"; url = ({ hostName, react ? false }:
app_https_url = "https://${cfg.hostName}"; if (hostName == "localhost")
react_http_url = "http://${cfg.hostName}:3001"; then
react_https_url = "https://${cfg.hostName}:3001"; (if (react == true) then ("http://" + hostName + ":3001") else ("http://" + hostName))
else
(if (react == true) then ("https://" + hostName + ":3001") else ("https://" + hostName))
);
chromium = lib.lists.findSingle (x: x == pkgs.chromium) "none" "multiple" extraPrograms; chromium = lib.lists.findSingle (x: x == pkgs.chromium) "none" "multiple" extraPrograms;
in in
lib.mkMerge [ lib.mkMerge [
@ -256,8 +259,8 @@ in
APP_NAME = lib.mkDefault "\"Invoice Ninja\""; APP_NAME = lib.mkDefault "\"Invoice Ninja\"";
APP_ENV = lib.mkDefault "production"; APP_ENV = lib.mkDefault "production";
APP_DEBUG = lib.mkDefault false; APP_DEBUG = lib.mkDefault false;
APP_URL = lib.mkDefault (if (cfg.hostName != "localhost") then "${app_https_url}" else "${app_http_url}"); APP_URL = lib.mkDefault (url { hostName = cfg.hostName; });
REACT_URL = lib.mkDefault (if (cfg.hostName != "localhost") then "${react_https_url}" else "${react_http_url}"); REACT_URL = lib.mkDefault (url { hostName = cfg.hostName; react = true; });
DB_CONNECTION = lib.mkDefault "mysql"; DB_CONNECTION = lib.mkDefault "mysql";
MULTI_DB_ENABLED = lib.mkDefault false; MULTI_DB_ENABLED = lib.mkDefault false;
DEMO_MODE = lib.mkDefault false; DEMO_MODE = lib.mkDefault false;
@ -310,6 +313,11 @@ in
{ {
root = lib.mkForce "${invoice-ninja}/public"; root = lib.mkForce "${invoice-ninja}/public";
locations = { locations = {
"= /index.php".extraConfig = ''
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:${config.services.phpfpm.pools.invoice-ninja.socket};
fastcgi_index index.php;
'';
"/" = { "/" = {
tryFiles = "$uri $uri/ /index.php?$query_string"; tryFiles = "$uri $uri/ /index.php?$query_string";
extraConfig = '' extraConfig = ''
@ -318,11 +326,7 @@ in
} }
''; '';
}; };
"~ \\.php$".extraConfig = '' "~ \\.php$".extraConfig = "return 403;";
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:${config.services.phpfpm.pools.invoice-ninja.socket};
fastcgi_index index.php;
'';
"~ /\\.ht".extraConfig = "deny all;"; "~ /\\.ht".extraConfig = "deny all;";
}; };
extraConfig = '' extraConfig = ''
@ -435,17 +439,15 @@ in
# Perform the first migration # Perform the first migration
[[ ! -f ${cfg.dataDir}/.initial-migration ]] && invoice-ninja-manage migrate --force && touch ${cfg.dataDir}/.initial-migration [[ ! -f ${cfg.dataDir}/.initial-migration ]] && invoice-ninja-manage migrate --force && touch ${cfg.dataDir}/.initial-migration
# Seed database with records
# Necessary for languages, currencies, countries, etc.
invoice-ninja-manage db:seed --force
# Create Invoice Ninja admin account # Create Invoice Ninja admin account
[[ ! -f ${cfg.dataDir}/.admin-created ]] \ [[ ! -f ${cfg.dataDir}/.admin-created ]] \
&& invoice-ninja-manage ninja:create-account --email=${cfg.adminEmail} --password=${cfg.adminPassword} \ && invoice-ninja-manage ninja:create-account --email=${cfg.adminEmail} --password=${cfg.adminPassword} \
&& touch ${cfg.dataDir}/.admin-created && touch ${cfg.dataDir}/.admin-created
# Recent releases make the React interface default
# Currently this is broken so we switch back to the Flutter interface
[[ ! -f ${cfg.dataDir}/.react-disabled ]] \
&& mysql -D ${cfg.database.name} -e 'UPDATE accounts SET set_react_as_default_ap = 0;' \
&& touch ${cfg.dataDir}/.react-disabled
invoice-ninja-manage route:cache invoice-ninja-manage route:cache
invoice-ninja-manage view:cache invoice-ninja-manage view:cache
invoice-ninja-manage config:cache invoice-ninja-manage config:cache
@ -460,16 +462,24 @@ in
"${cfg.dataDir}/storage/framework" "${cfg.dataDir}/storage/framework"
"${cfg.dataDir}/storage/framework/cache" "${cfg.dataDir}/storage/framework/cache"
"${cfg.dataDir}/storage/framework/sessions" "${cfg.dataDir}/storage/framework/sessions"
"${cfg.dataDir}/storage/framework/testing"
"${cfg.dataDir}/storage/framework/views" "${cfg.dataDir}/storage/framework/views"
"${cfg.dataDir}/storage/logs" "${cfg.dataDir}/storage/logs"
cfg.runtimeDir
"${cfg.runtimeDir}/cache"
] (n: { ] (n: {
d = { d = {
user = user; user = user;
group = group; group = group;
mode = "0770"; mode = "0770";
}; };
}) // lib.attrsets.genAttrs [
cfg.runtimeDir
"${cfg.runtimeDir}/cache"
] (n: {
d = {
user = user;
group = group;
mode = "0750";
};
}); });
}; };
} }

2
tests/test-config.nix
View File

@ -13,7 +13,7 @@
users.users.test = { users.users.test = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" ]; extraGroups = [ "wheel" ];
initialPassword = "testing"; initialPassword = "test";
}; };
services.invoice-ninja = { services.invoice-ninja = {