nixos/pixelfed: init module

nixos/doc/manual/from_md/release-notes/rl-2211.section.xml

@@ -297,6 +297,126 @@
           Python now defaults to 3.10, updated from 3.9.
         </para>
       </listitem>
+      <listitem>
+        <para>
+          <literal>hardware.nvidia</literal> has a new option
+          <literal>open</literal> that can be used to opt in the
+          opensource version of NVIDIA kernel driver. Note that the
+          driver’s support for GeForce and Workstation GPUs is still
+          alpha quality, see
+          <link xlink:href="https://developer.nvidia.com/blog/nvidia-releases-open-source-gpu-kernel-modules/">NVIDIA
+          Releases Open-Source GPU Kernel Modules</link> for the
+          official announcement.
+        </para>
+      </listitem>
+    </itemizedlist>
+  </section>
+  <section xml:id="sec-release-22.11-new-services">
+    <title>New Services</title>
+    <itemizedlist>
+      <listitem>
+        <para>
+          <link xlink:href="https://github.com/jollheef/appvm">appvm</link>,
+          Nix based app VMs. Available as
+          <link xlink:href="options.html#opt-virtualisation.appvm.enable">virtualisation.appvm</link>.
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          <link xlink:href="https://github.com/mozilla-services/syncstorage-rs">syncstorage-rs</link>,
+          a self-hostable sync server for Firefox. Available as
+          <link xlink:href="options.html#opt-services.firefox-syncserver.enable">services.firefox-syncserver</link>.
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          <link xlink:href="https://dragonflydb.io/">dragonflydb</link>,
+          a modern replacement for Redis and Memcached. Available as
+          <link linkend="opt-services.dragonflydb.enable">services.dragonflydb</link>.
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          <link xlink:href="https://komga.org/">Komga</link>, a free and
+          open source comics/mangas media server. Available as
+          <link linkend="opt-services.komga.enable">services.komga</link>.
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          <link xlink:href="https://hbase.apache.org/">HBase
+          cluster</link>, a distributed, scalable, big data store.
+          Available as
+          <link xlink:href="options.html#opt-services.hadoop.hbase.enable">services.hadoop.hbase</link>.
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          <link xlink:href="https://github.com/leetronics/infnoise">infnoise</link>,
+          a hardware True Random Number Generator dongle. Available as
+          <link xlink:href="options.html#opt-services.infnoise.enable">services.infnoise</link>.
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          <link xlink:href="https://github.com/jtroo/kanata">kanata</link>,
+          a tool to improve keyboard comfort and usability with advanced
+          customization. Available as
+          <link xlink:href="options.html#opt-services.kanata.enable">services.kanata</link>.
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          <link xlink:href="https://www.getoutline.com/">Outline</link>,
+          a wiki and knowledge base similar to Notion. Available as
+          <link linkend="opt-services.outline.enable">services.outline</link>.
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          <link xlink:href="https://netbird.io">netbird</link>, a zero
+          configuration VPN. Available as
+          <link xlink:href="options.html#opt-services.netbird.enable">services.netbird</link>.
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          <link xlink:href="https://github.com/aiberia/persistent-evdev">persistent-evdev</link>,
+          a daemon to add virtual proxy devices that mirror a physical
+          input device but persist even if the underlying hardware is
+          hot-plugged. Available as
+          <link linkend="opt-services.persistent-evdev.enable">services.persistent-evdev</link>.
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          <link xlink:href="https://schleuder.org/">schleuder</link>, a
+          mailing list manager with PGP support. Enable using
+          <link linkend="opt-services.schleuder.enable">services.schleuder</link>.
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          <link xlink:href="https://www.expressvpn.com">expressvpn</link>,
+          the CLI client for ExpressVPN. Available as
+          <link linkend="opt-services.expressvpn.enable">services.expressvpn</link>.
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          <link xlink:href="https://www.grafana.com/oss/tempo/">Grafana
+          Tempo</link>, a distributed tracing store. Available as
+          <link linkend="opt-services.tempo.enable">services.tempo</link>.
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          <link xlink:href="https://github.com/zalando/patroni">Patroni</link>,
+          a template for PostgreSQL HA with ZooKeeper, etcd or Consul.
+          Available as
+          <link xlink:href="options.html#opt-services.patroni.enable">services.patroni</link>.
+        </para>
+      </listitem>
     </itemizedlist>
   </section>
   <section xml:id="sec-release-22.11-incompatibilities">

nixos/doc/manual/from_md/release-notes/rl-2305.section.xml

@@ -44,6 +44,13 @@
           <link linkend="opt-services.atuin.enable">services.atuin</link>.
         </para>
       </listitem>
+      <listitem>
+        <para>
+          <link xlink:href="https://pixelfed.org/">Pixelfed</link>, a
+          federated image sharing application
+          <link linkend="opt-services.pixelfed.enable">services.pixelfed</link>.
+        </para>
+      </listitem>
       <listitem>
         <para>
           <link xlink:href="https://gitlab.com/kop316/mmsd">mmsd</link>,

nixos/doc/manual/release-notes/rl-2211.section.md

@@ -83,6 +83,45 @@ In addition to numerous new and upgraded packages, this release includes the fol
 
 - Python now defaults to 3.10, updated from 3.9.
 
+- `hardware.nvidia` has a new option `open` that can be used to opt in the opensource version of NVIDIA kernel driver. Note that the driver's support for GeForce and Workstation GPUs is still alpha quality, see [NVIDIA Releases Open-Source GPU Kernel Modules](https://developer.nvidia.com/blog/nvidia-releases-open-source-gpu-kernel-modules/) for the official announcement.
+
+<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
+
+## New Services {#sec-release-22.11-new-services}
+
+- [appvm](https://github.com/jollheef/appvm), Nix based app VMs. Available as [virtualisation.appvm](options.html#opt-virtualisation.appvm.enable).
+- [syncstorage-rs](https://github.com/mozilla-services/syncstorage-rs), a self-hostable sync server for Firefox. Available as [services.firefox-syncserver](options.html#opt-services.firefox-syncserver.enable).
+
+- [dragonflydb](https://dragonflydb.io/), a modern replacement for Redis and Memcached. Available as [services.dragonflydb](#opt-services.dragonflydb.enable).
+
+- [Komga](https://komga.org/), a free and open source comics/mangas media server. Available as [services.komga](#opt-services.komga.enable).
+
+- [HBase cluster](https://hbase.apache.org/), a distributed, scalable, big data store. Available as [services.hadoop.hbase](options.html#opt-services.hadoop.hbase.enable).
+
+- [infnoise](https://github.com/leetronics/infnoise), a hardware True Random Number Generator dongle.
+  Available as [services.infnoise](options.html#opt-services.infnoise.enable).
+
+- [kanata](https://github.com/jtroo/kanata), a tool to improve keyboard comfort and usability with advanced customization.
+  Available as [services.kanata](options.html#opt-services.kanata.enable).
+
+- [Outline](https://www.getoutline.com/), a wiki and knowledge base similar to Notion. Available as [services.outline](#opt-services.outline.enable).
+
+- [netbird](https://netbird.io), a zero configuration VPN.
+  Available as [services.netbird](options.html#opt-services.netbird.enable).
+
+- [persistent-evdev](https://github.com/aiberia/persistent-evdev), a daemon to add virtual proxy devices that mirror a physical input device but persist even if the underlying hardware is hot-plugged. Available as [services.persistent-evdev](#opt-services.persistent-evdev.enable).
+
+- [schleuder](https://schleuder.org/), a mailing list manager with PGP support. Enable using [services.schleuder](#opt-services.schleuder.enable).
+
+- [expressvpn](https://www.expressvpn.com), the CLI client for ExpressVPN. Available as [services.expressvpn](#opt-services.expressvpn.enable).
+
+- [Grafana Tempo](https://www.grafana.com/oss/tempo/), a distributed tracing store. Available as [services.tempo](#opt-services.tempo.enable).
+
+- [Patroni](https://github.com/zalando/patroni), a template for PostgreSQL HA with ZooKeeper, etcd or Consul.
+Available as [services.patroni](options.html#opt-services.patroni.enable).
+
+<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
+
 ## Backward Incompatibilities {#sec-release-22.11-incompatibilities}
 
 - Nixpkgs now requires Nix 2.3 or newer.

nixos/doc/manual/release-notes/rl-2305.section.md

@@ -20,6 +20,8 @@ In addition to numerous new and upgraded packages, this release has the followin
 
 - [atuin](https://github.com/ellie/atuin), a sync server for shell history. Available as [services.atuin](#opt-services.atuin.enable).
 
+- [Pixelfed](https://pixelfed.org/), a federated image sharing application [services.pixelfed](#opt-services.pixelfed.enable).
+
 - [mmsd](https://gitlab.com/kop316/mmsd), a lower level daemon that transmits and recieves MMSes. Available as [services.mmsd](#opt-services.mmsd.enable).
 
 - [v2rayA](https://v2raya.org), a Linux web GUI client of Project V which supports V2Ray, Xray, SS, SSR, Trojan and Pingtunnel. Available as [services.v2raya](options.html#opt-services.v2raya.enable).

nixos/modules/module-list.nix

@@ -1119,6 +1119,7 @@
   ./services/web-apps/gerrit.nix
   ./services/web-apps/gotify-server.nix
   ./services/web-apps/grocy.nix
+  ./services/web-apps/pixelfed.nix
   ./services/web-apps/healthchecks.nix
   ./services/web-apps/hedgedoc.nix
   ./services/web-apps/hledger-web.nix

nixos/modules/services/web-apps/pixelfed.nix

@@ -0,0 +1,357 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+
+  cfg = config.services.pixelfed;
+
+  user = cfg.user;
+  group = cfg.group;
+
+  pixelfed = pkgs.pixelfed.override {
+    dataDir = cfg.dataDir;
+  };
+
+  configFile = pkgs.writeTextFile {
+    name = "env";
+    text = cfg.envFile + ''
+    APP_KEY = ${cfg.appKey}
+    DB_CONNECTION=${cfg.database.type}
+    DB_HOST=${cfg.database.host}
+    DB_PORT= ${toString cfg.database.port}
+    DB_DATABASE=${cfg.database.name}
+    DB_USERNAME=${cfg.database.user}
+    DB_PASSWORD=${cfg.database.password}
+    '';
+  };
+
+  pixelfed-artisan = pkgs.writeShellScriptBin "pixelfed-artisan" ''
+    cd ${pixelfed}
+    sudo=exec
+    if [[ "$USER" != ${user} ]]; then
+      sudo='exec /run/wrappers/bin/sudo -u ${user}'
+    fi
+    $sudo ${cfg.phpPackage}/bin/php artisan $*
+  '';
+
+
+in {
+  options.services = {
+    pixelfed = {
+      enable = mkEnableOption (lib.mdDoc "the pixelfed service");
+
+      user = mkOption {};
+      group = mkOption {};
+
+      envFile = mkOption {
+        type = types.str;
+        description = lib.mdDoc "Pixelfed .env file used to configure the application";
+        default = ''
+        ENABLE_CONFIG_CACHE=true
+        APP_NAME=Pixelfed
+        APP_ENV=production
+        APP_DEBUG=true
+
+        # Instance Configuration
+        OPEN_REGISTRATION=true
+        ENFORCE_EMAIL_VERIFICATION=false
+        PF_MAX_USERS=1000
+        OAUTH_ENABLED=false
+
+        # Media Configuration
+        PF_OPTIMIZE_IMAGES=true
+        IMAGE_QUALITY=80
+        MAX_PHOTO_SIZE=15000
+        MAX_CAPTION_LENGTH=500
+        MAX_ALBUM_LENGTH=4
+
+        # Instance URL Configuration
+        APP_URL=https://localhost
+        APP_DOMAIN=127.0.0.1
+        ADMIN_DOMAIN=127.0.0.1
+        SESSION_DOMAIN=127.0.0.1
+        TRUST_PROXIES=*
+
+
+        # Redis Configuration
+        REDIS_CLIENT=predis
+        REDIS_SCHEME=tcp
+        REDIS_HOST=127.0.0.1
+        REDIS_PASSWORD=null
+        REDIS_PORT=6379
+
+        # Laravel Configuration
+        SESSION_DRIVER=database
+        CACHE_DRIVER=redis
+        QUEUE_DRIVER=redis
+        BROADCAST_DRIVER=log
+        LOG_CHANNEL=stack
+        HORIZON_PREFIX=horizon-
+
+        # ActivityPub Configuration
+        ACTIVITY_PUB=false
+        AP_REMOTE_FOLLOW=false
+        AP_INBOX=false
+        AP_OUTBOX=false
+        AP_SHAREDINBOX=false
+
+        # Experimental Configuration
+        EXP_EMC=true
+
+        ## Mail Configuration (Post-Installer)
+        MAIL_DRIVER=log
+        MAIL_HOST=smtp.mailtrap.io
+        MAIL_PORT=2525
+        MAIL_USERNAME=null
+        MAIL_PASSWORD=null
+        MAIL_ENCRYPTION=null
+        MAIL_FROM_ADDRESS=pixelfed@example.com
+        MAIL_FROM_NAME=Pixelfed
+
+        ## S3 Configuration (Post-Installer)
+        PF_ENABLE_CLOUD=false
+        FILESYSTEM_DRIVER=local
+        FILESYSTEM_CLOUD=s3
+        #AWS_ACCESS_KEY_ID=
+        #AWS_SECRET_ACCESS_KEY=
+        #AWS_DEFAULT_REGION=
+        #AWS_BUCKET=<BucketName>
+        #AWS_URL=
+        #AWS_ENDPOINT=
+        #AWS_USE_PATH_STYLE_ENDPOINT=false
+        '';
+      };
+
+      # database config taken from zabbix.nix
+      database = {
+        type = mkOption {
+          type = types.enum [ "mysql" "pgsql" ];
+          example = "pgsql";
+          default = "mysql";
+          description = lib.mdDoc "Database engine to use.";
+        };
+
+        host = mkOption {
+          type = types.str;
+          default = "127.0.0.1";
+          description = lib.mdDoc "Database host address.";
+        };
+
+        port = mkOption {
+          type = types.int;
+          default =
+            if cfg.database.type == "mysql" then (head config.services.mysql.settings.mysqld.port)
+            else config.services.postgresql.port;
+          defaultText = literalExpression ''
+            if config.services.pixelfed == "mysql" then config.services.mysql.port
+            else config.services.postgresql.port
+          '';
+          description = lib.mdDoc "Database host port.";
+        };
+
+        name = mkOption {
+          type = types.str;
+          default = "pixelfed";
+          description = lib.mdDoc "Database name.";
+        };
+
+        user = mkOption {
+          type = types.str;
+          default = "pixelfed";
+          description = lib.mdDoc "Database user.";
+        };
+
+        password = mkOption {
+          type = types.nullOr types.str;
+          default = null;
+          description = lib.mdDoc ''
+            The database user's password.
+          '';
+        };
+
+      };
+
+      appKey = mkOption {
+        type = types.str;
+        description = lib.mdDoc '' A random
+          32-character string to be used as an encryption key. No default value;
+          use php artisan key:generate in the dataDir to generate. '';
+      };
+
+      maxUploadSize = mkOption {
+        type =  types.ints.positive;
+        default = 8;
+        description = lib.mdDoc ''
+      Max upload size in megabytes.
+      '';
+      };
+
+      hostName = mkOption {
+        type = types.str;
+        description = lib.mdDoc ''
+        FQDN for the pixelfed instance.
+      '';
+      };
+
+      nginx.enableACME = mkOption {
+        type = types.bool;
+        default = false;
+        description = lib.mdDoc ''
+        Whether or not to enable ACME and let's encrypt for the pixelfed vhost.
+      '';
+      };
+
+      poolSettings = mkOption {
+        type = with types; attrsOf (oneOf [ int str bool ]);
+        default = {
+          "pm" = "dynamic";
+          "php_admin_value[error_log]" = "stderr";
+          "php_admin_flag[log_errors]" = true;
+          "catch_workers_output" = true;
+          "pm.max_children" = "32";
+          "pm.start_servers" = "2";
+          "pm.min_spare_servers" = "2";
+          "pm.max_spare_servers" = "4";
+          "pm.max_requests" = "500";
+        };
+
+        description = lib.mdDoc ''
+           Options for Pixelfed's PHP pool. See the documentation on `php-fpm.conf` for details on configuration directives.
+        '';
+      };
+
+      phpPackage = mkPackageOption pkgs "PHP package" {
+        default = "php80";
+      };
+
+      dataDir = mkOption {
+        type = types.str;
+        default = "/var/lib/pixelfed";
+        description = lib.mdDoc ''
+        Home directory of the `pixelfed` user which holds
+        the application's state.
+        '';
+      };
+
+    };
+  };
+
+
+  config = mkIf cfg.enable {
+    users.users.pixelfed = {
+      isSystemUser = true;
+      group = "nginx";
+      home = cfg.dataDir;
+      createHome = true;
+    };
+
+    environment.systemPackages = [ pixelfed-artisan ];
+
+    services.phpfpm.pools.pixelfed = {
+      user = "pixelfed";
+      group = "nginx";
+
+      inherit (cfg) phpPackage;
+
+      phpOptions = ''
+        post_max_size = ${toString cfg.maxUploadSize}M
+        upload_max_filesize = ${toString cfg.maxUploadSize}M
+        max_execution_time = 600;
+      '';
+
+      settings = {
+        inherit user group;
+        "listen.owner" = "nginx";
+        "listen.group" = "nginx";
+        "listen.mode" = "0660";
+      } // cfg.poolSettings;
+
+    };
+
+    systemd.services.pixelfed-data-setup = {
+      description = "Setup dataDir for pixelfed and change permissions";
+      wantedBy = [ "multi-user.target" ];
+
+      script = ''
+        rm '${cfg.dataDir}/.env' -f
+        ln -s ${configFile} '${cfg.dataDir}/.env'
+
+        # migrate db
+        ${cfg.phpPackage}/bin/php artisan migrate --force
+
+        ${cfg.phpPackage}/bin/php artisan route:cache
+        ${cfg.phpPackage}/bin/php artisan view:cache
+        ${cfg.phpPackage}/bin/php artisan config:cache
+
+
+        chown -R ${user}:${group} '${cfg.dataDir}'/. # change user/group to pixelfed user and nginx group
+        chmod -R 755 ${cfg.dataDir}
+      '';
+    };
+
+    systemd.tmpfiles.rules = [
+      "d ${cfg.dataDir}                            0710 ${user} ${group} - -"
+      "d ${cfg.dataDir}/bootstrap                  0750 ${user} ${group} - -"
+      "d ${cfg.dataDir}/bootstrap/cache            0750 ${user} ${group} - -"
+      "d ${cfg.dataDir}/storage                    0755 ${user} ${group} - -"
+      "d ${cfg.dataDir}/storage/app                0755 ${user} ${group} - -"
+      "d ${cfg.dataDir}/storage/app/backups        0700 ${user} ${group} - -"
+      "d ${cfg.dataDir}/storage/app/public         0750 ${user} ${group} - -"
+      "d ${cfg.dataDir}/storage/app/public/avatars 0750 ${user} ${group} - -"
+      "d ${cfg.dataDir}/storage/app/public/emoji   0750 ${user} ${group} - -"
+      "d ${cfg.dataDir}/storage/app/public/headers 0750 ${user} ${group} - -"
+      "d ${cfg.dataDir}/storage/app/public/live-hls 0750 ${user} ${group} - -"
+      "d ${cfg.dataDir}/storage/app/public/m       0750 ${user} ${group} - -"
+      "d ${cfg.dataDir}/storage/app/public/textimg 0750 ${user} ${group} - -"
+      "d ${cfg.dataDir}/storage/app/remcache       0700 ${user} ${group} - -"
+      "d ${cfg.dataDir}/storage/debugbar           0700 ${user} ${group} - -"
+      "d ${cfg.dataDir}/storage/framework          0700 ${user} ${group} - -"
+      "d ${cfg.dataDir}/storage/framework/cache    0700 ${user} ${group} - -"
+      "d ${cfg.dataDir}/storage/framework/sessions 0700 ${user} ${group} - -"
+      "d ${cfg.dataDir}/storage/framework/views    0700 ${user} ${group} - -"
+      "d ${cfg.dataDir}/storage/framework/testing  0700 ${user} ${group} - -"
+      "d ${cfg.dataDir}/storage/logs               0700 ${user} ${group} - -"
+      "d ${cfg.dataDir}/storage/purify             0700 ${user} ${group} - -"
+      "d ${cfg.dataDir}/storage/uploads            0700 ${user} ${group} - -"
+      "d ${cfg.dataDir}/storage/private_uploads    0700 ${user} ${group} - -"
+    ];
+
+    services.nginx.virtualHosts."${cfg.hostName}" = mkMerge [
+        { root = ''${pixelfed}/public/'';
+          locations."/".extraConfig = ''
+            try_files $uri $uri/ /index.php?$query_string;
+          '';
+          locations."/favicon.ico".extraConfig = ''
+            access_log off; log_not_found off;
+          '';
+          locations."/robots.txt".extraConfig = ''
+            access_log off; log_not_found off;
+          '';
+          locations."~ \\.php$".extraConfig = ''
+            fastcgi_split_path_info ^(.+\.php)(/.+)$;
+            fastcgi_pass unix:${config.services.phpfpm.pools.pixelfed.socket}; # make sure this is correct
+            fastcgi_index index.php;
+            include ${config.services.nginx.package}/conf/fastcgi.conf;
+            include ${config.services.nginx.package}/conf/fastcgi_params;
+            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; # or $request_filename
+          '';
+          locations."~ /\\.(?!well-known).*".extraConfig = ''
+            deny all;
+          '';
+          extraConfig = ''
+              client_max_body_size ${cfg.maxUploadSize}M;
+              add_header X-Frame-Options "SAMEORIGIN";
+              add_header X-XSS-Protection "1; mode=block";
+              add_header X-Content-Type-Options "nosniff";
+              index index.html index.htm index.php;
+              error_page 404 /index.php;
+          '';
+          forceSSL = true; # pixelfed requires ssl
+        }
+        (mkIf cfg.nginx.enableACME {
+          enableACME = true;
+        })
+      ];
+  };
+}

pkgs/servers/web-apps/pixelfed/composer-env.nix

@@ -0,0 +1,244 @@
+# This file originates from composer2nix
+
+{ stdenv, lib, writeTextFile, fetchurl, php, unzip, phpPackages }:
+
+let
+  inherit (phpPackages) composer;
+
+  filterSrc = src:
+    builtins.filterSource (path: type: type != "directory" || (baseNameOf path != ".git" && baseNameOf path != ".git" && baseNameOf path != ".svn")) src;
+
+  buildZipPackage = { name, src }:
+    stdenv.mkDerivation {
+      inherit name src;
+      nativeBuildInputs = [ unzip ];
+      buildCommand = ''
+        shopt -s dotglob
+        unzip $src
+        baseDir=$(find . -type d -mindepth 1 -maxdepth 1)
+        cd $baseDir
+        mkdir -p $out
+        mv * $out
+      '';
+    };
+
+  buildPackage =
+    { name
+    , src
+    , packages ? {}
+    , devPackages ? {}
+    , buildInputs ? []
+    , symlinkDependencies ? false
+    , executable ? false
+    , removeComposerArtifacts ? false
+    , postInstall ? ""
+    , noDev ? false
+    , composerExtraArgs ? ""
+    , unpackPhase ? "true"
+    , buildPhase ? "true"
+    , ...}@args:
+
+    let
+      reconstructInstalled = writeTextFile {
+        name = "reconstructinstalled.php";
+        executable = true;
+        text = ''
+          #! ${php}/bin/php
+          <?php
+          if(file_exists($argv[1]))
+          {
+              $composerLockStr = file_get_contents($argv[1]);
+
+              if($composerLockStr === false)
+              {
+                  fwrite(STDERR, "Cannot open composer.lock contents\n");
+                  exit(1);
+              }
+              else
+              {
+                  $config = json_decode($composerLockStr, true);
+
+                  if(array_key_exists("packages", $config))
+                      $allPackages = $config["packages"];
+                  else
+                      $allPackages = array();
+
+                  ${lib.optionalString (!noDev) ''
+                    if(array_key_exists("packages-dev", $config))
+                        $allPackages = array_merge($allPackages, $config["packages-dev"]);
+                  ''}
+
+                  $packagesStr = json_encode($allPackages, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES);
+                  print($packagesStr);
+              }
+          }
+          else
+              print("[]");
+          ?>
+        '';
+      };
+
+      constructBin = writeTextFile {
+        name = "constructbin.php";
+        executable = true;
+        text = ''
+          #! ${php}/bin/php
+          <?php
+          $composerJSONStr = file_get_contents($argv[1]);
+
+          if($composerJSONStr === false)
+          {
+              fwrite(STDERR, "Cannot open composer.json contents\n");
+              exit(1);
+          }
+          else
+          {
+              $config = json_decode($composerJSONStr, true);
+
+              if(array_key_exists("bin-dir", $config))
+                  $binDir = $config["bin-dir"];
+              else
+                  $binDir = "bin";
+
+              if(array_key_exists("bin", $config))
+              {
+                  if(!file_exists("vendor/".$binDir))
+                      mkdir("vendor/".$binDir);
+
+                  foreach($config["bin"] as $bin)
+                      symlink("../../".$bin, "vendor/".$binDir."/".basename($bin));
+              }
+          }
+          ?>
+        '';
+      };
+
+      bundleDependencies = dependencies:
+        lib.concatMapStrings (dependencyName:
+          let
+            dependency = dependencies.${dependencyName};
+          in
+          ''
+            ${if dependency.targetDir == "" then ''
+              vendorDir="$(dirname ${dependencyName})"
+              mkdir -p "$vendorDir"
+              ${if symlinkDependencies then
+                ''ln -s "${dependency.src}" "$vendorDir/$(basename "${dependencyName}")"''
+                else
+                ''cp -av "${dependency.src}" "$vendorDir/$(basename "${dependencyName}")"''
+              }
+            '' else ''
+              namespaceDir="${dependencyName}/$(dirname "${dependency.targetDir}")"
+              mkdir -p "$namespaceDir"
+              ${if symlinkDependencies then
+                ''ln -s "${dependency.src}" "$namespaceDir/$(basename "${dependency.targetDir}")"''
+              else
+                ''cp -av "${dependency.src}" "$namespaceDir/$(basename "${dependency.targetDir}")"''
+              }
+            ''}
+          '') (builtins.attrNames dependencies);
+
+      extraArgs = removeAttrs args [ "packages" "devPackages" "buildInputs" ];
+    in
+    stdenv.mkDerivation ({
+      buildInputs = [ php composer ] ++ buildInputs;
+
+      inherit unpackPhase buildPhase;
+
+      installPhase = ''
+        ${if executable then ''
+          mkdir -p $out/share/php
+          cp -av $src $out/share/php/$name
+          chmod -R u+w $out/share/php/$name
+          cd $out/share/php/$name
+        '' else ''
+          cp -av $src $out
+          chmod -R u+w $out
+          cd $out
+        ''}
+
+        # Remove unwanted files
+        rm -f *.nix
+
+        export HOME=$TMPDIR
+
+        # Remove the provided vendor folder if it exists
+        rm -Rf vendor
+
+        # If there is no composer.lock file, compose a dummy file.
+        # Otherwise, composer attempts to download the package.json file from
+        # the registry which we do not want.
+        if [ ! -f composer.lock ]
+        then
+            cat > composer.lock <<EOF
+        {
+            "packages": []
+        }
+        EOF
+        fi
+
+        # Reconstruct the installed.json file from the lock file
+        mkdir -p vendor/composer
+        ${php}/bin/php ${reconstructInstalled} composer.lock > vendor/composer/installed.json
+
+        # Copy or symlink the provided dependencies
+        cd vendor
+        ${bundleDependencies packages}
+        ${lib.optionalString (!noDev) (bundleDependencies devPackages)}
+        cd ..
+
+        # Reconstruct autoload scripts
+        # We use the optimize feature because Nix packages cannot change after they have been built
+        # Using the dynamic loader for a Nix package is useless since there is nothing to dynamically reload.
+        composer dump-autoload --optimize ${lib.optionalString noDev "--no-dev"} ${composerExtraArgs}
+
+        # Run the install step as a validation to confirm that everything works out as expected
+        composer install --optimize-autoloader ${lib.optionalString noDev "--no-dev"} ${composerExtraArgs}
+
+        ${lib.optionalString executable ''
+          # Reconstruct the bin/ folder if we deploy an executable project
+          ${php}/bin/php ${constructBin} composer.json
+          ln -s $(pwd)/vendor/bin $out/bin
+        ''}
+
+        ${lib.optionalString (!symlinkDependencies) ''
+          # Patch the shebangs if possible
+          if [ -d $(pwd)/vendor/bin ]
+          then
+              # Look for all executables in bin/
+              for i in $(pwd)/vendor/bin/*
+              do
+                  # Look for their location
+                  realFile=$(readlink -f "$i")
+
+                  # Restore write permissions
+                  chmod u+wx "$(dirname "$realFile")"
+                  chmod u+w "$realFile"
+
+                  # Patch shebang
+                  sed -e "s|#!/usr/bin/php|#!${php}/bin/php|" \
+                      -e "s|#!/usr/bin/env php|#!${php}/bin/php|" \
+                      "$realFile" > tmp
+                  mv tmp "$realFile"
+                  chmod u+x "$realFile"
+              done
+          fi
+        ''}
+
+        if [ "$removeComposerArtifacts" = "1" ]
+        then
+            # Remove composer stuff
+            rm -f composer.json composer.lock
+        fi
+
+        # Execute post install hook
+        runHook postInstall
+    '';
+  } // extraArgs);
+in
+{
+  inherit filterSrc;
+  composer = lib.makeOverridable composer;
+  buildZipPackage = lib.makeOverridable buildZipPackage;
+  buildPackage = lib.makeOverridable buildPackage;
+}

pkgs/servers/web-apps/pixelfed/composition.nix

@@ -0,0 +1,14 @@
+{pkgs ? import <nixpkgs> {
+    inherit system;
+  }, system ? builtins.currentSystem, noDev ? false, php ? pkgs.php, phpPackages ? pkgs.phpPackages}:
+
+let
+  composerEnv = import ./composer-env.nix {
+    inherit (pkgs) stdenv lib writeTextFile fetchurl unzip;
+    inherit php phpPackages;
+  };
+in
+import ./php-packages.nix {
+  inherit composerEnv noDev;
+  inherit (pkgs) fetchurl fetchgit fetchhg fetchsvn;
+}

pkgs/servers/web-apps/pixelfed/default.nix

@@ -0,0 +1,45 @@
+{ lib
+, stdenv
+, fetchFromGitHub
+, phpPackages
+, pkgs
+, dataDir ? "/var/lib/pixelfed"
+}:
+
+let
+  package = (import ./composition.nix {
+    inherit pkgs;
+    inherit (stdenv.hostPlatform) system;
+    noDev = true; # Disable development dependencies
+  }).overrideAttrs (attrs : {
+    installPhase = attrs.installPhase + ''
+      rm -R $out/bootstrap/cache $out/storage
+      ln -s ${dataDir}/.env $out/.env
+      ln -s ${dataDir}/storage $out/
+      ln -s ${dataDir}/storage/app/public $out/public/storage
+      ln -s ${dataDir}/bootstrap/cache $out/bootstrap/cache
+      chmod +x $out/artisan
+    '';
+  });
+
+in package.override rec {
+  pname = "pixelfed";
+  version = "UNSTABLE-01-09-2022";
+
+  # GitHub distribution does not include vendored files
+  src = fetchFromGitHub {
+    owner = "pixelfed";
+    repo = pname;
+    # use an unstable version until a release contains composer.lock
+    rev = "ee0cb393c642aa3781a7ed2eec43b3113843b566";
+    hash = "sha256-cw/9oXz15tigMlOV8QW6/DIrRlXgQhpdSIexZUlxNOA=";
+  };
+
+  meta = with lib; {
+    description = "A federated image sharing platform";
+    license = licenses.agpl3Only;
+    homepage = "https://pixelfed.org/";
+    maintainers = with maintainers; [ bezmuth ];
+    platforms = platforms.all;
+  };
+}

pkgs/top-level/all-packages.nix

@@ -29590,6 +29590,8 @@ with pkgs;
 
   pixel2svg = python310Packages.callPackage ../tools/graphics/pixel2svg { };
 
+  pixelfed = callPackage ../servers/web-apps/pixelfed { };
+
   pixelnuke = callPackage ../applications/graphics/pixelnuke { };
 
   pixelorama = callPackage ../applications/editors/pixelorama { };