From 2a04b5f5e9c4f21024ae8c2ce2f411183317ce3e Mon Sep 17 00:00:00 2001
From: schnusch <schnusch@users.noreply.github.com>
Date: Sun, 1 May 2022 13:10:17 +0200
Subject: [PATCH 1/2] xandikos: backport systemd socket activation

see https://github.com/jelmer/xandikos/pull/155
---
 pkgs/servers/xandikos/default.nix | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/pkgs/servers/xandikos/default.nix b/pkgs/servers/xandikos/default.nix
index d76f28f99809d..39ad90e1c6288 100644
--- a/pkgs/servers/xandikos/default.nix
+++ b/pkgs/servers/xandikos/default.nix
@@ -1,5 +1,6 @@
 { lib
 , fetchFromGitHub
+, fetchpatch
 , python3Packages
 , nixosTests
 }:
@@ -15,6 +16,14 @@ python3Packages.buildPythonApplication rec {
     sha256 = "sha256-KDDk0QSOjwivJFz3vLk+g4vZMlSuX2FiOgHJfDJkpwg=";
   };
 
+  patches = [
+    # add support for systemd socket activation
+    (fetchpatch {
+      url = "https://github.com/jelmer/xandikos/pull/155.diff";
+      sha256 = "sha256-h2E0DSeWMkuUytMiu+uUsEJI22fszNCOxEqvPlXMYek=";
+    })
+  ];
+
   propagatedBuildInputs = with python3Packages; [
     aiohttp
     dulwich
@@ -23,6 +32,7 @@ python3Packages.buildPythonApplication rec {
     jinja2
     multidict
     prometheus-client
+    systemd
   ];
 
   passthru.tests.xandikos = nixosTests.xandikos;

From a624b26d45ffa17eb2afb6d614bd7ce77bca57a3 Mon Sep 17 00:00:00 2001
From: schnusch <schnusch@users.noreply.github.com>
Date: Thu, 24 Feb 2022 18:09:44 +0100
Subject: [PATCH 2/2] nixos/xandikos: support UNIX sockets, use systemd socket
 activation

This way systemd takes care of the owner and the permissions of the socket.
---
 .../modules/services/networking/xandikos.nix  | 37 ++++++++++++++-----
 nixos/tests/xandikos.nix                      | 10 +----
 2 files changed, 30 insertions(+), 17 deletions(-)

diff --git a/nixos/modules/services/networking/xandikos.nix b/nixos/modules/services/networking/xandikos.nix
index 6d1ddc74c719a..62cb77e721d1b 100644
--- a/nixos/modules/services/networking/xandikos.nix
+++ b/nixos/modules/services/networking/xandikos.nix
@@ -4,6 +4,24 @@ with lib;
 
 let
   cfg = config.services.xandikos;
+
+  listenStream =
+    if cfg.address == null then
+      [ "[::1]:${toString cfg.port}" "127.0.0.1:${toString cfg.port}" ]
+    else if hasInfix "/" cfg.address then
+      [ cfg.address ]
+    else if hasInfix ":" cfg.address then
+      [ "[${cfg.address}]:${toString cfg.port}" ]
+    else
+      [ "${cfg.address}:${toString cfg.port}" ]
+    ;
+
+  nginxProxyAddress =
+    if hasInfix "/" (head listenStream) then
+      "unix:${head listenStream}"
+    else
+      head listenStream
+    ;
 in
 {
 
@@ -19,12 +37,13 @@ in
       };
 
       address = mkOption {
-        type = types.str;
-        default = "localhost";
+        type = types.nullOr types.str;
+        default = null;
         description = lib.mdDoc ''
-          The IP address on which Xandikos will listen.
+          The IP address or socket path on which Xandikos will listen.
           By default listens on localhost.
         '';
+        example = "/run/xandikos/socket";
       };
 
       port = mkOption {
@@ -92,11 +111,13 @@ in
       {
         meta.maintainers = with lib.maintainers; [ _0x4A6F ];
 
+        systemd.sockets.xandikos = {
+          wantedBy = [ "sockets.target" ];
+          socketConfig.ListenStream = listenStream;
+        };
+
         systemd.services.xandikos = {
           description = "A Simple Calendar and Contact Server";
-          after = [ "network.target" ];
-          wantedBy = [ "multi-user.target" ];
-
           serviceConfig = {
             User = "xandikos";
             Group = "xandikos";
@@ -122,8 +143,6 @@ in
             ExecStart = ''
               ${cfg.package}/bin/xandikos \
                 --directory /var/lib/xandikos \
-                --listen-address ${cfg.address} \
-                --port ${toString cfg.port} \
                 --route-prefix ${cfg.routePrefix} \
                 ${lib.concatStringsSep " " cfg.extraOptions}
             '';
@@ -137,7 +156,7 @@ in
             enable = true;
             virtualHosts."${cfg.nginx.hostName}" = {
               locations."/" = {
-                proxyPass = "http://${cfg.address}:${toString cfg.port}/";
+                proxyPass = "http://${nginxProxyAddress}";
               };
             };
           };
diff --git a/nixos/tests/xandikos.nix b/nixos/tests/xandikos.nix
index 69d78ee21e767..8289e9755aaca 100644
--- a/nixos/tests/xandikos.nix
+++ b/nixos/tests/xandikos.nix
@@ -15,8 +15,6 @@ import ./make-test-python.nix (
         xandikos_proxy = {
           networking.firewall.allowedTCPPorts = [ 80 8080 ];
           services.xandikos.enable = true;
-          services.xandikos.address = "localhost";
-          services.xandikos.port = 8080;
           services.xandikos.routePrefix = "/xandikos-prefix/";
           services.xandikos.extraOptions = [
             "--defaults"
@@ -39,9 +37,7 @@ import ./make-test-python.nix (
         start_all()
 
         with subtest("Xandikos default"):
-            xandikos_default.wait_for_unit("multi-user.target")
-            xandikos_default.wait_for_unit("xandikos.service")
-            xandikos_default.wait_for_open_port(8080)
+            xandikos_default.wait_for_unit("sockets.target")
             xandikos_default.succeed("curl --fail http://localhost:8080/")
             xandikos_default.succeed(
                 "curl -s --fail --location http://localhost:8080/ | grep -i Xandikos"
@@ -50,9 +46,7 @@ import ./make-test-python.nix (
             xandikos_client.fail("curl --fail http://xandikos_default:8080/")
 
         with subtest("Xandikos proxy"):
-            xandikos_proxy.wait_for_unit("multi-user.target")
-            xandikos_proxy.wait_for_unit("xandikos.service")
-            xandikos_proxy.wait_for_open_port(8080)
+            xandikos_proxy.wait_for_unit("sockets.target")
             xandikos_proxy.succeed("curl --fail http://localhost:8080/")
             xandikos_proxy.succeed(
                 "curl -s --fail --location http://localhost:8080/ | grep -i Xandikos"