Merge pull request #275439 from RaghavSood/nitter/guest-accounts

nitter: unstable-2023-10-31 -> unstable-2023-12-03 (guest accounts support)
2023-12-21 14:03:35 +08:00 · 2023-12-21 14:03:35 +08:00 · 7d97d9ebd1
commit 7d97d9ebd1
parent d6863cbcbb d380604c44
5 changed files with 76 additions and 15 deletions
--- a/nixos/doc/manual/release-notes/rl-2405.section.md
+++ b/nixos/doc/manual/release-notes/rl-2405.section.md
@ -39,6 +39,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m

 - `k9s` was updated to v0.29. There have been breaking changes in the config file format, check out the [changelog](https://github.com/derailed/k9s/releases/tag/v0.29.0) for details.

+- `nitter` requires a `guest_accounts.jsonl` to be provided as a path or loaded into the default location at `/var/lib/nitter/guest_accounts.jsonl`. See [Guest Account Branch Deployment](https://github.com/zedeus/nitter/wiki/Guest-Account-Branch-Deployment) for details.
+
 - Invidious has changed its default database username from `kemal` to `invidious`. Setups involving an externally provisioned database (i.e. `services.invidious.database.createLocally == false`) should adjust their configuration accordingly. The old `kemal` user will not be removed automatically even when the database is provisioned automatically.(https://github.com/NixOS/nixpkgs/pull/265857)

 - `mkosi` was updated to v19. Parts of the user interface have changed. Consult the
--- a/nixos/modules/services/misc/nitter.nix
+++ b/nixos/modules/services/misc/nitter.nix
@ -304,6 +304,23 @@ in
        '';
      };

+      guestAccounts = mkOption {
+        type = types.path;
+        default = "/var/lib/nitter/guest_accounts.jsonl";
+        description = lib.mdDoc ''
+          Path to the guest accounts file.
+
+          This file contains a list of guest accounts that can be used to
+          access the instance without logging in. The file is in JSONL format,
+          where each line is a JSON object with the following fields:
+
+          {"oauth_token":"some_token","oauth_token_secret":"some_secret_key"}
+
+          See https://github.com/zedeus/nitter/wiki/Guest-Account-Branch-Deployment
+          for more information on guest accounts and how to generate them.
+        '';
+      };
+
      redisCreateLocally = mkOption {
        type = types.bool;
        default = true;
@ -333,8 +350,12 @@ in
        after = [ "network-online.target" ];
        serviceConfig = {
          DynamicUser = true;
+          LoadCredential="guestAccountsFile:${cfg.guestAccounts}";
          StateDirectory = "nitter";
-          Environment = [ "NITTER_CONF_FILE=/var/lib/nitter/nitter.conf" ];
+          Environment = [
+            "NITTER_CONF_FILE=/var/lib/nitter/nitter.conf"
+            "NITTER_ACCOUNTS_FILE=%d/guestAccountsFile"
+          ];
          # Some parts of Nitter expect `public` folder in working directory,
          # see https://github.com/zedeus/nitter/issues/414
          WorkingDirectory = "${cfg.package}/share/nitter";
--- a/nixos/tests/nitter.nix
+++ b/nixos/tests/nitter.nix
@ -1,13 +1,28 @@
 import ./make-test-python.nix ({ pkgs, ... }:

+let
+  # In a real deployment this should naturally not common from the nix store
+  # and be seeded via agenix or as a non-nix managed file.
+  #
+  # These credentials are from the nitter wiki and are expired. We must provide
+  # credentials in the correct format, otherwise nitter fails to start. They
+  # must not be valid, as unauthorized errors are handled gracefully.
+  guestAccountFile = pkgs.writeText "guest_accounts.jsonl" ''
+    {"oauth_token":"1719213587296620928-BsXY2RIJEw7fjxoNwbBemgjJhueK0m","oauth_token_secret":"N0WB0xhL4ng6WTN44aZO82SUJjz7ssI3hHez2CUhTiYqy"}
+  '';
+in
 {
  name = "nitter";
  meta.maintainers = with pkgs.lib.maintainers; [ erdnaxe ];

  nodes.machine = {
-    services.nitter.enable = true;
-    # Test CAP_NET_BIND_SERVICE
-    services.nitter.server.port = 80;
+    services.nitter = {
+      enable = true;
+      # Test CAP_NET_BIND_SERVICE
+      server.port = 80;
+      # Provide dummy guest accounts
+      guestAccounts = guestAccountFile;
+    };
  };

  testScript = ''
--- a/pkgs/by-name/ni/nitter/lock.json
+++ b/pkgs/by-name/ni/nitter/lock.json
@ -62,11 +62,11 @@
      "packages": [
        "jsony"
      ],
-      "path": "/nix/store/bzcq8q439rdsqhhihikzv3rsx4l4ybdm-source",
-      "rev": "ea811be",
-      "sha256": "1720iqsxjhqmhw1zhhs7d2ncdz25r8fqadls1p1iry1wfikjlnba",
+      "path": "/nix/store/l84av0wdc0s4r4alsvkaxcxhpd6j4bzg-source",
+      "rev": "1de1f08",
+      "sha256": "0rj205cs3v6g80h8ys9flbdq4wyd1csmkwdxv0lz21972zcsrcfh",
      "srcDir": "src",
-      "url": "https://github.com/treeform/jsony/archive/ea811be.tar.gz"
+      "url": "https://github.com/treeform/jsony/archive/1de1f08.tar.gz"
    },
    {
      "method": "fetchzip",
@ -95,11 +95,22 @@
      "packages": [
        "nimcrypto"
      ],
-      "path": "/nix/store/dnj20qh97ylf57nka9wbxs735wbw7yxv-source",
-      "rev": "4014ef9",
-      "sha256": "1kgqr2lqaffglc1fgbanwcvhkqcbbd20d5b6w4lf0nksfl9c357a",
+      "path": "/nix/store/zyr8zwh7vaiycn1s4r8cxwc71f2k5l0h-source",
+      "rev": "a079df9",
+      "sha256": "1dmdmgb6b9m5f8dyxk781nnd61dsk3hdxqks7idk9ncnpj9fng65",
      "srcDir": "",
-      "url": "https://github.com/cheatfate/nimcrypto/archive/4014ef9.tar.gz"
+      "url": "https://github.com/cheatfate/nimcrypto/archive/a079df9.tar.gz"
+    },
+    {
+      "method": "fetchzip",
+      "packages": [
+        "oauth"
+      ],
+      "path": "/nix/store/bwmrrzs6xpwizmww35461x3lqpgd0942-source",
+      "rev": "b8c163b",
+      "sha256": "0k5slyzjngbdr6g0b0dykhqmaf8r8n2klbkg2gpid4ckm8hg62v5",
+      "srcDir": "src",
+      "url": "https://github.com/CORDEA/oauth/archive/b8c163b.tar.gz"
    },
    {
      "method": "fetchzip",
@ -156,6 +167,18 @@
      "srcDir": "src",
      "url": "https://github.com/dom96/sass/archive/7dfdd03.tar.gz"
    },
+    {
+      "method": "fetchzip",
+      "packages": [
+        "sha1"
+      ],
+      "path": "/nix/store/a6a0ycxsaxpqks42aq9wicj8ars7z7ai-source",
+      "ref": "master",
+      "rev": "92ccc5800bb0ac4865b275a2ce3c1544e98b48bc",
+      "sha256": "00zvvd8ssy22srg74xzapknmgmi82v534npjdrk5805shswfhqdm",
+      "srcDir": "",
+      "url": "https://github.com/onionhammer/sha1/archive/92ccc5800bb0ac4865b275a2ce3c1544e98b48bc.tar.gz"
+    },
    {
      "method": "fetchzip",
      "packages": [
--- a/pkgs/by-name/ni/nitter/package.nix
+++ b/pkgs/by-name/ni/nitter/package.nix
@ -8,13 +8,13 @@

 buildNimPackage (finalAttrs: prevAttrs: {
  pname = "nitter";
-  version = "unstable-2023-10-31";
+  version = "unstable-2023-12-03";

  src = fetchFromGitHub {
    owner = "zedeus";
    repo = "nitter";
-    rev = "b62d73dbd373f08af07c7a79efcd790d3bc1a49c";
-    hash = "sha256-yCD7FbqWZMY0fyFf9Q3Ka06nw5Ha7jYLpmPONAhEVIM=";
+    rev = "583c858cdf3486451ed6a0627640844f27009dbe";
+    hash = "sha256-3E6nfmOFhQ2bjwGMWdTmZ38Fg/SE36s6fxYDXwSJaTw=";
  };

  lockFile = ./lock.json;