nixos/etesync-dav: init module #83479
Conversation
ofborg
bot
added
6.topic: nixos
There was a problem hiding this comment.
What a great module 👍 Very clean and simple! A few points:
- regarding the steps required I think that sounds fine, but is there a need to document/describe to the user what to do, or is that obvious for users of this software?
- I'm not familiar with this software but it sounds like something that should be behind ssl if exposed outside of
localhost. Is this correct?
|
Hi Aaron, thanks for the review!
I think that should be obvious from the README of the software itself. I'm still new to the Nix Community though so correct me if I'm wrong.
As noted above, I'll add support for this via |
matt-snider
force-pushed
the
nixos/etesync-dav
branch
2 times, most recently
from
9b48b58 to
e011cee
Compare
|
@aanderse I updated the PR. The SSL cert handling was modeled after the syncthing module. Let me know what you think! |
There was a problem hiding this comment.
@matt-snider is there an opportunity to write a test for this module? That would really make this PR a home run ⚾
matt-snider
force-pushed
the
nixos/etesync-dav
branch
from
e011cee to
3a28c91
Compare
ofborg
bot
added
10.rebuild-linux: 1-10
10.rebuild-linux: 1
and removed
10.rebuild-linux: 0
|
@aanderse Great idea on the test! I found a few issues as a result:
Anyways, the test cases are quite simple and basically just check that the login screen is reachable. I don't know if there is much else that can be tested. Note: I commented out a test that checks for the redirect from http -> https. I noticed this doesn't currently work. There is however already an unreleased fix, so it should work in the next release. @Valodim: Just an FYI about the test since you are the maintainer of the etesync-dav package. It can likely be added in the next release (> 0.16.0) |
|
Hey @aanderse can you take a look again when you have some time? EDIT: used the "Re-request review" action - didn't know about that feature :-) |
|
Sorry @matt-snider this dropped off my radar. |
|
@aanderse No problem. Hmm tests were passing before, but it looks like etesync-dav was upgraded to 0.16.0 in the meantime (see #85061). I'll have a look and see if I can also uncomment the other test for the https redirect. EDIT: woops I had thought the https redirect would be in 0.16.0 but as I wrote about it'll be in the next release |
matt-snider
force-pushed
the
nixos/etesync-dav
branch
from
3a28c91 to
883ea06
Compare
|
@aanderse I rebased and fixed the test. The problem was that I referenced the Anyways, I realized I don't need to do this step as root (via |
|
@GrahamcOfBorg test etesync-dav |
|
Oh wow, this one kind of slipped past me! At a first glance this looks great! I'll try to give it a full review soon. Meanwhile I updated etesync-dav #93556, which broke somewhere along the way. Quick review on that would be welcome to bring this back on track. |
|
@Valodim A review would be great - thanks! Since you've updated to 0.20, the other test for the http to https redirect should also work now. I'lll try it out soon |
|
So I started reviewing this, and as noted before things seem mostly straightforward :) However, I wondered one thing: Is setup for non-local access really a use case we want to support in this module? etesync-dav is intended to be run as a local proxy, so that the dav client becomes the actual cryptographic endpoint, to make things "end to end". As a concrete proposal for discussion: We could drop those options listed above in favor of a generic For comparison, I pushed the etesync-dav module I use in home-manager for the same purpose: nix-community/home-manager#1398 |
|
ping @matt-snider |
|
@Valodim Thanks for having a look and making some suggestions!
That's a good point - it's something I hadn't considered. I certainly don't use etesync-dav this way, but I'm not sure we should lump all of those options into the "non-local access" bucket. SSL is properly supported by etesync-dav and it seems like it might make sense for us to support it too. In the windows instructions it's mentioned that some clients won't work without SSL configured. Although Windows-specific instructions are irrelevant to us, I could foresee other clients having the same quirk.
If we decide to keep the SSL options, then it's really just What do you think? |
|
Oh wow... this sure dropped off the radar. @Valodim are you able to provide the feedback requested by @matt-snider? |
|
@aanderse I don't know that we will get a response from @Valodim -- do you have an opinion on the above? The main part is this:
Basically, we are just mapping nix options to ETESYNC environment variables for the most part, and I'm inclined to allow setting all of the supported variables. |
|
@aanderse Another question: on another PR is submitted, there was a comment about how the tests aren't very useful. The same could probably be said about this one. I still didn't receive an answer on that comment about alternative ways to test. Do you think I should remove or change the tests for this PR too? |
SuperSandro2000
added
the
2.status: merge conflict
|
@matt-snider I'll trust your judgement on this one - either way you see fit. Aside from the merge conflict I think this is ready to merge 👍 Possible future PRs against this module include:
Thanks for your work (and patience!) on this. |
|
@aanderse I will remove the tests, as I think the criticism in the above linked comment holds about them testing relatively little compared to the cost of evaluation. Those are some interesting suggestions and something I will think about adding going forwards. In particular, I wasn't aware of the systemd I will look into updating the PR ASAP! |
matt-snider
force-pushed
the
nixos/etesync-dav
branch
from
883ea06 to
b5a1f4f
Compare
ofborg
bot
removed
the
2.status: merge conflict
|
@aanderse I removed the test so there are no conflicts anymore. I think we can merge it |
|
@matt-snider I'm really sorry I missed this before another merge conflict came up. I moved last week so I wasn't able to react as fast as I would have liked. 😞 |
matt-snider
force-pushed
the
nixos/etesync-dav
branch
from
b5a1f4f to
5805851
Compare
|
@aanderse Hey thanks for staying on this. Now I'm the one who's sorry for the slow response! I rebased and fixed the conflict Congrats on the move :-) |
|
Thanks @matt-snider! |
|
Thank you for all your work reviewing this @aanderse ! |
Motivation for this change
etesync-dav was recently packaged in #76886 and since then I've been using this module locally. I think it could be useful to others.
One thing to consider is that the current implementation requires that the user go to the management panel once the service is running (default
http://localhost:37358), use their etesync credentials to login, and then copy the generated password for use in other programs that want to use etesync-dav to bridge the connection to etesync. It might be possible to have the credentials generated on startup from some additional module options (e.g.etesyncUsername,etesyncPasswordCommand) similarly to here, but I'm not sure this would work nicely, and the generated password still needs to be passed back to the user securely.Things done
sandboxinnix.confon non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"./result/bin/)nix path-info -Sbefore and after)