Merge pull request #66492 from aanderse/extra-subservice-cleanup

nixos/httpd: extraSubservices cleanup
This commit is contained in:
Aaron Andersen 2019-08-20 18:55:08 -04:00 committed by GitHub
commit 249b4ad942
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 53 additions and 378 deletions

View File

@ -263,6 +263,16 @@
<literal>false</literal>. <literal>false</literal>.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
The <option>services.systemhealth</option> module has been removed from nixpkgs due to lack of maintainer.
</para>
</listitem>
<listitem>
<para>
The <option>services.mantisbt</option> module has been removed from nixpkgs due to lack of maintainer.
</para>
</listitem>
</itemizedlist> </itemizedlist>
</section> </section>

View File

@ -437,7 +437,6 @@
./services/misc/logkeys.nix ./services/misc/logkeys.nix
./services/misc/leaps.nix ./services/misc/leaps.nix
./services/misc/lidarr.nix ./services/misc/lidarr.nix
./services/misc/mantisbt.nix
./services/misc/mathics.nix ./services/misc/mathics.nix
./services/misc/matrix-synapse.nix ./services/misc/matrix-synapse.nix
./services/misc/mbpfan.nix ./services/misc/mbpfan.nix
@ -522,7 +521,6 @@
./services/monitoring/scollector.nix ./services/monitoring/scollector.nix
./services/monitoring/smartd.nix ./services/monitoring/smartd.nix
./services/monitoring/sysstat.nix ./services/monitoring/sysstat.nix
./services/monitoring/systemhealth.nix
./services/monitoring/teamviewer.nix ./services/monitoring/teamviewer.nix
./services/monitoring/telegraf.nix ./services/monitoring/telegraf.nix
./services/monitoring/thanos.nix ./services/monitoring/thanos.nix

View File

@ -4,6 +4,7 @@ with lib;
let let
cfg = config.services.awstats; cfg = config.services.awstats;
httpd = config.services.httpd;
package = pkgs.awstats; package = pkgs.awstats;
in in
@ -67,29 +68,32 @@ in
environment.etc."awstats/awstats.conf".source = pkgs.runCommand "awstats.conf" environment.etc."awstats/awstats.conf".source = pkgs.runCommand "awstats.conf"
{ preferLocalBuild = true; } { preferLocalBuild = true; }
( let ( let
cfg-httpd = config.services.httpd;
logFormat = logFormat =
if cfg-httpd.logFormat == "combined" then "1" else if httpd.logFormat == "combined" then "1" else
if cfg-httpd.logFormat == "common" then "4" else if httpd.logFormat == "common" then "4" else
throw "awstats service doesn't support Apache log format `${cfg-httpd.logFormat}`"; throw "awstats service doesn't support Apache log format `${httpd.logFormat}`";
in in
'' ''
sed \ sed \
-e 's|^\(DirData\)=.*$|\1="${cfg.vardir}"|' \ -e 's|^\(DirData\)=.*$|\1="${cfg.vardir}"|' \
-e 's|^\(DirIcons\)=.*$|\1="icons"|' \ -e 's|^\(DirIcons\)=.*$|\1="icons"|' \
-e 's|^\(CreateDirDataIfNotExists\)=.*$|\1=1|' \ -e 's|^\(CreateDirDataIfNotExists\)=.*$|\1=1|' \
-e 's|^\(SiteDomain\)=.*$|\1="${cfg-httpd.hostName}"|' \ -e 's|^\(SiteDomain\)=.*$|\1="${httpd.hostName}"|' \
-e 's|^\(LogFile\)=.*$|\1="${cfg-httpd.logDir}/access_log"|' \ -e 's|^\(LogFile\)=.*$|\1="${httpd.logDir}/access_log"|' \
-e 's|^\(LogFormat\)=.*$|\1=${logFormat}|' \ -e 's|^\(LogFormat\)=.*$|\1=${logFormat}|' \
< '${package.out}/wwwroot/cgi-bin/awstats.model.conf' > "$out" < '${package.out}/wwwroot/cgi-bin/awstats.model.conf' > "$out"
echo '${cfg.extraConfig}' >> "$out" echo '${cfg.extraConfig}' >> "$out"
''); '');
systemd.tmpfiles.rules = optionals cfg.service.enable [
"d '${cfg.vardir}' - ${httpd.user} ${httpd.group} - -"
"Z '${cfg.vardir}' - ${httpd.user} ${httpd.group} - -"
];
# The httpd sub-service showing awstats. # The httpd sub-service showing awstats.
services.httpd.enable = mkIf cfg.service.enable true; services.httpd = optionalAttrs cfg.service.enable {
services.httpd.extraSubservices = mkIf cfg.service.enable [ { function = { serverInfo, ... }: { enable = true;
extraConfig = extraConfig = ''
''
Alias ${cfg.service.urlPrefix}/classes "${package.out}/wwwroot/classes/" Alias ${cfg.service.urlPrefix}/classes "${package.out}/wwwroot/classes/"
Alias ${cfg.service.urlPrefix}/css "${package.out}/wwwroot/css/" Alias ${cfg.service.urlPrefix}/css "${package.out}/wwwroot/css/"
Alias ${cfg.service.urlPrefix}/icons "${package.out}/wwwroot/icon/" Alias ${cfg.service.urlPrefix}/icons "${package.out}/wwwroot/icon/"
@ -97,20 +101,10 @@ in
<Directory "${package.out}/wwwroot"> <Directory "${package.out}/wwwroot">
Options None Options None
AllowOverride None Require all granted
Order allow,deny
Allow from all
</Directory> </Directory>
''; '';
startupScript = };
let
inherit (serverInfo.serverConfig) user group;
in pkgs.writeScript "awstats_startup.sh"
''
mkdir -p '${cfg.vardir}'
chown '${user}:${group}' '${cfg.vardir}'
'';
};}];
systemd.services.awstats-update = mkIf (cfg.updateAt != null) { systemd.services.awstats-update = mkIf (cfg.updateAt != null) {
description = "awstats log collector"; description = "awstats log collector";

View File

@ -1,68 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.mantisbt;
freshInstall = cfg.extraConfig == "";
# combined code+config directory
mantisbt = let
config_inc = pkgs.writeText "config_inc.php" ("<?php\n" + cfg.extraConfig);
src = pkgs.fetchurl {
url = "mirror://sourceforge/mantisbt/${name}.tar.gz";
sha256 = "1pl6xn793p3mxc6ibpr2bhg85vkdlcf57yk7pfc399g47l8x4508";
};
name = "mantisbt-1.2.19";
in
# We have to copy every time; otherwise config won't be found.
pkgs.runCommand name
{ preferLocalBuild = true; allowSubstitutes = false; }
(''
mkdir -p "$out"
cd "$out"
tar -xf '${src}' --strip-components=1
ln -s '${config_inc}' config_inc.php
''
+ lib.optionalString (!freshInstall) "rm -r admin/"
);
in
{
options.services.mantisbt = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Enable the mantisbt web service.
This switches on httpd with PHP and database.
'';
};
urlPrefix = mkOption {
type = types.string;
default = "/mantisbt";
description = "The URL prefix under which the mantisbt service appears.";
};
extraConfig = mkOption {
type = types.lines;
default = "";
description = ''
The contents of config_inc.php, without leading &lt;?php.
If left empty, the admin directory will be accessible.
'';
};
};
config = mkIf cfg.enable {
services.mysql.enable = true;
services.httpd.enable = true;
services.httpd.enablePHP = true;
# The httpd sub-service showing mantisbt.
services.httpd.extraSubservices = [ { function = { ... }: {
extraConfig =
''
Alias ${cfg.urlPrefix} "${mantisbt}"
'';
};}];
};
}

View File

@ -1,133 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.systemhealth;
systemhealth = with pkgs; stdenv.mkDerivation {
name = "systemhealth-1.0";
src = fetchurl {
url = "https://www.brianlane.com/downloads/systemhealth/systemhealth-1.0.tar.bz2";
sha256 = "1q69lz7hmpbdpbz36zb06nzfkj651413n9icx0njmyr3xzq1j9qy";
};
buildInputs = [ python ];
installPhase = ''
mkdir -p $out/bin
# Make it work for kernels 3.x, not so different than 2.6
sed -i 's/2\.6/4.0/' system_health.py
cp system_health.py $out/bin
'';
};
rrdDir = "/var/lib/health/rrd";
htmlDir = "/var/lib/health/html";
configFile = rrdDir + "/.syshealthrc";
# The program will try to read $HOME/.syshealthrc, so we set the proper home.
command = "HOME=${rrdDir} ${systemhealth}/bin/system_health.py";
cronJob = ''
*/5 * * * * wwwrun ${command} --log
5 * * * * wwwrun ${command} --graph
'';
nameEqualName = s: "${s} = ${s}";
interfacesSection = concatStringsSep "\n" (map nameEqualName cfg.interfaces);
driveLine = d: "${d.path} = ${d.name}";
drivesSection = concatStringsSep "\n" (map driveLine cfg.drives);
in
{
options = {
services.systemhealth = {
enable = mkOption {
default = false;
description = ''
Enable the system health monitor and its generation of graphs.
'';
};
urlPrefix = mkOption {
default = "/health";
description = ''
The URL prefix under which the System Health web pages appear in httpd.
'';
};
interfaces = mkOption {
default = [ "lo" ];
example = [ "lo" "eth0" "eth1" ];
description = ''
Interfaces to monitor (minimum one).
'';
};
drives = mkOption {
default = [ ];
example = [ { name = "root"; path = "/"; } ];
description = ''
Drives to monitor.
'';
};
};
};
config = mkIf cfg.enable {
services.cron.systemCronJobs = [ cronJob ];
system.activationScripts.systemhealth = stringAfter [ "var" ]
''
mkdir -p ${rrdDir} ${htmlDir}
chown wwwrun:wwwrun ${rrdDir} ${htmlDir}
cat >${configFile} << EOF
[paths]
rrdtool = ${pkgs.rrdtool}/bin/rrdtool
loadavg_rrd = loadavg
ps = /run/current-system/sw/bin/ps
df = /run/current-system/sw/bin/df
meminfo_rrd = meminfo
uptime_rrd = uptime
rrd_path = ${rrdDir}
png_path = ${htmlDir}
[processes]
[interfaces]
${interfacesSection}
[drives]
${drivesSection}
[graphs]
width = 400
time = ['-3hours', '-32hours', '-8days', '-5weeks', '-13months']
height = 100
[external]
EOF
chown wwwrun:wwwrun ${configFile}
${pkgs.su}/bin/su -s "/bin/sh" -c "${command} --check" wwwrun
${pkgs.su}/bin/su -s "/bin/sh" -c "${command} --html" wwwrun
'';
services.httpd.extraSubservices = [
{ function = f: {
extraConfig = ''
Alias ${cfg.urlPrefix} ${htmlDir}
<Directory ${htmlDir}>
Order allow,deny
Allow from all
</Directory>
'';
};
}
];
};
}

View File

@ -8,11 +8,8 @@ import ./make-test.nix ({ ...}: {
services.httpd = { services.httpd = {
enable = true; enable = true;
adminAddr = "please@dont.contact"; adminAddr = "please@dont.contact";
extraSubservices = lib.singleton {
function = f: {
enablePHP = true; enablePHP = true;
phpOptions = "pcre.jit = true"; phpOptions = "pcre.jit = true";
extraConfig = extraConfig =
let let
testRoot = pkgs.writeText "index.php" testRoot = pkgs.writeText "index.php"
@ -32,8 +29,6 @@ import ./make-test.nix ({ ...}: {
''; '';
}; };
}; };
};
};
testScript = { ... }: testScript = { ... }:
'' ''
$machine->waitForUnit('httpd.service'); $machine->waitForUnit('httpd.service');

View File

@ -1,121 +0,0 @@
import ./make-test.nix ({ pkgs, ...} :
let
# Build some packages with coverage instrumentation.
overrides = pkgs:
with pkgs.stdenvAdapters;
let
do = pkg: pkg.override (args: {
stdenv = addCoverageInstrumentation args.stdenv;
});
in
rec {
apr = do pkgs.apr;
aprutil = do pkgs.aprutil;
apacheHttpd = do pkgs.apacheHttpd;
mod_python = do pkgs.mod_python;
subversion = do pkgs.subversion;
# To build the kernel with coverage instrumentation, we need a
# special patch to make coverage data available under /proc.
linux = pkgs.linux.override (orig: {
stdenv = overrideInStdenv pkgs.stdenv [ pkgs.keepBuildTree ];
extraConfig =
''
GCOV_KERNEL y
GCOV_PROFILE_ALL y
'';
});
};
in
{
name = "subversion";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ eelco ];
};
nodes =
{ webserver =
{ ... }:
{
services.httpd.enable = true;
services.httpd.adminAddr = "e.dolstra@tudelft.nl";
services.httpd.extraSubservices =
[ { function = import <services/subversion>;
urlPrefix = "";
dataDir = "/data/subversion";
userCreationDomain = "192.168.0.0/16";
}
];
nixpkgs.config.packageOverrides = overrides;
};
client =
{ pkgs, ... }:
{
environment.systemPackages = [ pkgs.subversion ];
nixpkgs.config.packageOverrides = overrides;
};
};
testScript =
''
startAll;
$webserver->waitForOpenPort(80);
print STDERR $client->succeed("svn --version");
print STDERR $client->succeed("curl --fail http://webserver/");
# Create a new user through the web interface.
$client->succeed("curl --fail -F username=alice -F fullname='Alice Lastname' -F address=alice\@example.org -F password=foobar -F password_again=foobar http://webserver/repoman/adduser");
# Let Alice create a new repository.
$client->succeed("curl --fail -u alice:foobar --form repo=xyzzy --form description=Xyzzy http://webserver/repoman/create");
$client->succeed("curl --fail http://webserver/") =~ /alice/ or die;
# Let Alice do a checkout.
my $svnFlags = "--non-interactive --username alice --password foobar";
$client->succeed("svn co $svnFlags http://webserver/repos/xyzzy wc");
$client->succeed("echo hello > wc/world");
$client->succeed("svn add wc/world");
$client->succeed("svn ci $svnFlags -m 'Added world.' wc/world");
# Create a new user on the server through the create-user.pl script.
$webserver->execute("svn-server-create-user.pl bob bob\@example.org Bob");
$webserver->succeed("svn-server-resetpw.pl bob fnord");
$client->succeed("curl --fail http://webserver/") =~ /bob/ or die;
# Bob should not have access to the repo.
my $svnFlagsBob = "--non-interactive --username bob --password fnord";
$client->fail("svn co $svnFlagsBob http://webserver/repos/xyzzy wc2");
# Bob should not be able change the ACLs of the repo.
# !!! Repoman should really return a 403 here.
$client->succeed("curl --fail -u bob:fnord -F description=Xyzzy -F readers=alice,bob -F writers=alice -F watchers= -F tardirs= http://webserver/repoman/update/xyzzy")
=~ /not authorised/ or die;
# Give Bob access.
$client->succeed("curl --fail -u alice:foobar -F description=Xyzzy -F readers=alice,bob -F writers=alice -F watchers= -F tardirs= http://webserver/repoman/update/xyzzy");
# So now his checkout should succeed.
$client->succeed("svn co $svnFlagsBob http://webserver/repos/xyzzy wc2");
# Test ViewVC and WebSVN
$client->succeed("curl --fail -u alice:foobar http://webserver/viewvc/xyzzy");
$client->succeed("curl --fail -u alice:foobar http://webserver/websvn/xyzzy");
$client->succeed("curl --fail -u alice:foobar http://webserver/repos-xml/xyzzy");
# Stop Apache to gather all the coverage data.
$webserver->stopJob("httpd");
'';
})