nixos/filesender init

[jluttine]

Motivation for this change

Add Filesender package and NixOS service: https://filesender.org/

This is work in progress at the moment, that's why it's a draft PR. I wanted to open it anyway immediately so others can see that it's being worked on and it can be discussed here.

Things done

• Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
• Built on platform(s)
  • NixOS
  • macOS
  • other Linux distributions
• Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
• Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
• Tested execution of all binary files (usually in ./result/bin/)
• Determined the impact on package closure size (by running nix path-info -S before and after)
• Ensured that relevant documentation is up to date
• Fits CONTRIBUTING.md.

[jluttine]

If I understand correctly, FileSender requires a working installation of SImpleSAMLphp (step 4 in https://docs.filesender.org/v2.0/install/). However, SimpleSAMLphp has a lot of PHP dependencies and they should be installed with Composer: https://simplesamlphp.org/docs/development/simplesamlphp-install-repo It looks like a very deep rabbit hole to me.. I really don't know how to install this kind of PHP beast in NixOS. Any ideas? In addition, there's some npm stuff and I'm not familiar with that either, but probably nixpkgs has better support for that.

Alternatively, if FileSender can be installed without SimpleSAMLphp, that might be a good enough workaround.

I'm a bit stuck now. 😕

[nixos-discourse]

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/package-services-for-schools-covidsupport/6335/15

[monkeyiq]

You will want to use the latest stable release of SimpleSAMLphp. IIRC it is just a matter of extracting the archive for it. No additional npm install or composer usage required.

There are one or two commands in installation step 4 (from https://docs.filesender.org/v2.0/install/) before the extra suggestions for security starting with "There are some thoughts on updates to your SimpleSAMLphp configuration which may improve security". You might want to skip over the extra security suggestions for an initial build and add them if desired only once you know things are working.

As far as SimpleSAMLphp goes, if you are using apache the config template in filesender distribution at config-templates/apache/filesender.conf will allow the web server to access things if they are in the expected location. So SimpleSAMLphp installation should be close to expanding it to a known location and mv/cp a few files. If you are using the shortcut auth then the username and password information is stored in a config file and you have to touch modules/exampleauth/enable in the simplesamlphp install which might as well be done by the packaging.

[monkeyiq]

I am making a move toward allowing simpler local authentication if desired
filesender/filesender#761

This will still use SimpleSAMLphp but will authenticate against hashed passwords from the same database that filesender already needs. I don't have a web interface in FileSender for managing passwords yet, that should drop soon. This setup should become easier over time as I intend to upstream the SimpleSAMLphp module from the above PR.

[monkeyiq]

And a web interface for this should soon be merged
filesender/filesender#762

[stale]

Hello, I'm a bot and I thank you in the name of the community for your contributions.

Nixpkgs is a busy repository, and unfortunately sometimes PRs get left behind for too long. Nevertheless, we'd like to help committers reach the PRs that are still important. This PR has had no activity for 180 days, and so I marked it as stale, but you can rest assured it will never be closed by a non-human.

If this is still important to you and you'd like to remove the stale label, we ask that you leave a comment. Your comment can be as simple as "still important to me". But there's a bit more you can do:

If you received an approval by an unprivileged maintainer and you are just waiting for a merge, you can @ mention someone with merge permissions and ask them to help. You might be able to find someone relevant by using Git blame on the relevant files, or via GitHub's web interface. You can see if someone's a member of the nixpkgs-committers team, by hovering with the mouse over their username on the web interface, or by searching them directly on the list.

If your PR wasn't reviewed at all, it might help to find someone who's perhaps a user of the package or module you are changing, or alternatively, ask once more for a review by the maintainer of the package/module this is about. If you don't know any, you can use Git blame on the relevant files, or GitHub's web interface to find someone who touched the relevant files in the past.

If your PR has had reviews and nevertheless got stale, make sure you've responded to all of the reviewer's requests / questions. Usually when PR authors show responsibility and dedication, reviewers (privileged or not) show dedication as well. If you've pushed a change, it's possible the reviewer wasn't notified about your push via email, so you can always officially request them for a review, or just @ mention them and say you've addressed their comments.

Lastly, you can always ask for help at our Discourse Forum, or more specifically, at this thread or at #nixos' IRC channel.

[stale]

I marked this as stale due to inactivity. → More info

[JulienMalka]

This has been implemented in #313473, closing