Merge pull request #66492 from aanderse/extra-subservice-cleanup
nixos/httpd: extraSubservices cleanup
This commit is contained in:
commit
249b4ad942
|
@ -263,6 +263,16 @@
|
||||||
<literal>false</literal>.
|
<literal>false</literal>.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
The <option>services.systemhealth</option> module has been removed from nixpkgs due to lack of maintainer.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
The <option>services.mantisbt</option> module has been removed from nixpkgs due to lack of maintainer.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
|
|
@ -437,7 +437,6 @@
|
||||||
./services/misc/logkeys.nix
|
./services/misc/logkeys.nix
|
||||||
./services/misc/leaps.nix
|
./services/misc/leaps.nix
|
||||||
./services/misc/lidarr.nix
|
./services/misc/lidarr.nix
|
||||||
./services/misc/mantisbt.nix
|
|
||||||
./services/misc/mathics.nix
|
./services/misc/mathics.nix
|
||||||
./services/misc/matrix-synapse.nix
|
./services/misc/matrix-synapse.nix
|
||||||
./services/misc/mbpfan.nix
|
./services/misc/mbpfan.nix
|
||||||
|
@ -522,7 +521,6 @@
|
||||||
./services/monitoring/scollector.nix
|
./services/monitoring/scollector.nix
|
||||||
./services/monitoring/smartd.nix
|
./services/monitoring/smartd.nix
|
||||||
./services/monitoring/sysstat.nix
|
./services/monitoring/sysstat.nix
|
||||||
./services/monitoring/systemhealth.nix
|
|
||||||
./services/monitoring/teamviewer.nix
|
./services/monitoring/teamviewer.nix
|
||||||
./services/monitoring/telegraf.nix
|
./services/monitoring/telegraf.nix
|
||||||
./services/monitoring/thanos.nix
|
./services/monitoring/thanos.nix
|
||||||
|
|
|
@ -4,6 +4,7 @@ with lib;
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.services.awstats;
|
cfg = config.services.awstats;
|
||||||
|
httpd = config.services.httpd;
|
||||||
package = pkgs.awstats;
|
package = pkgs.awstats;
|
||||||
in
|
in
|
||||||
|
|
||||||
|
@ -67,29 +68,32 @@ in
|
||||||
environment.etc."awstats/awstats.conf".source = pkgs.runCommand "awstats.conf"
|
environment.etc."awstats/awstats.conf".source = pkgs.runCommand "awstats.conf"
|
||||||
{ preferLocalBuild = true; }
|
{ preferLocalBuild = true; }
|
||||||
( let
|
( let
|
||||||
cfg-httpd = config.services.httpd;
|
|
||||||
logFormat =
|
logFormat =
|
||||||
if cfg-httpd.logFormat == "combined" then "1" else
|
if httpd.logFormat == "combined" then "1" else
|
||||||
if cfg-httpd.logFormat == "common" then "4" else
|
if httpd.logFormat == "common" then "4" else
|
||||||
throw "awstats service doesn't support Apache log format `${cfg-httpd.logFormat}`";
|
throw "awstats service doesn't support Apache log format `${httpd.logFormat}`";
|
||||||
in
|
in
|
||||||
''
|
''
|
||||||
sed \
|
sed \
|
||||||
-e 's|^\(DirData\)=.*$|\1="${cfg.vardir}"|' \
|
-e 's|^\(DirData\)=.*$|\1="${cfg.vardir}"|' \
|
||||||
-e 's|^\(DirIcons\)=.*$|\1="icons"|' \
|
-e 's|^\(DirIcons\)=.*$|\1="icons"|' \
|
||||||
-e 's|^\(CreateDirDataIfNotExists\)=.*$|\1=1|' \
|
-e 's|^\(CreateDirDataIfNotExists\)=.*$|\1=1|' \
|
||||||
-e 's|^\(SiteDomain\)=.*$|\1="${cfg-httpd.hostName}"|' \
|
-e 's|^\(SiteDomain\)=.*$|\1="${httpd.hostName}"|' \
|
||||||
-e 's|^\(LogFile\)=.*$|\1="${cfg-httpd.logDir}/access_log"|' \
|
-e 's|^\(LogFile\)=.*$|\1="${httpd.logDir}/access_log"|' \
|
||||||
-e 's|^\(LogFormat\)=.*$|\1=${logFormat}|' \
|
-e 's|^\(LogFormat\)=.*$|\1=${logFormat}|' \
|
||||||
< '${package.out}/wwwroot/cgi-bin/awstats.model.conf' > "$out"
|
< '${package.out}/wwwroot/cgi-bin/awstats.model.conf' > "$out"
|
||||||
echo '${cfg.extraConfig}' >> "$out"
|
echo '${cfg.extraConfig}' >> "$out"
|
||||||
'');
|
'');
|
||||||
|
|
||||||
|
systemd.tmpfiles.rules = optionals cfg.service.enable [
|
||||||
|
"d '${cfg.vardir}' - ${httpd.user} ${httpd.group} - -"
|
||||||
|
"Z '${cfg.vardir}' - ${httpd.user} ${httpd.group} - -"
|
||||||
|
];
|
||||||
|
|
||||||
# The httpd sub-service showing awstats.
|
# The httpd sub-service showing awstats.
|
||||||
services.httpd.enable = mkIf cfg.service.enable true;
|
services.httpd = optionalAttrs cfg.service.enable {
|
||||||
services.httpd.extraSubservices = mkIf cfg.service.enable [ { function = { serverInfo, ... }: {
|
enable = true;
|
||||||
extraConfig =
|
extraConfig = ''
|
||||||
''
|
|
||||||
Alias ${cfg.service.urlPrefix}/classes "${package.out}/wwwroot/classes/"
|
Alias ${cfg.service.urlPrefix}/classes "${package.out}/wwwroot/classes/"
|
||||||
Alias ${cfg.service.urlPrefix}/css "${package.out}/wwwroot/css/"
|
Alias ${cfg.service.urlPrefix}/css "${package.out}/wwwroot/css/"
|
||||||
Alias ${cfg.service.urlPrefix}/icons "${package.out}/wwwroot/icon/"
|
Alias ${cfg.service.urlPrefix}/icons "${package.out}/wwwroot/icon/"
|
||||||
|
@ -97,20 +101,10 @@ in
|
||||||
|
|
||||||
<Directory "${package.out}/wwwroot">
|
<Directory "${package.out}/wwwroot">
|
||||||
Options None
|
Options None
|
||||||
AllowOverride None
|
Require all granted
|
||||||
Order allow,deny
|
|
||||||
Allow from all
|
|
||||||
</Directory>
|
</Directory>
|
||||||
'';
|
'';
|
||||||
startupScript =
|
};
|
||||||
let
|
|
||||||
inherit (serverInfo.serverConfig) user group;
|
|
||||||
in pkgs.writeScript "awstats_startup.sh"
|
|
||||||
''
|
|
||||||
mkdir -p '${cfg.vardir}'
|
|
||||||
chown '${user}:${group}' '${cfg.vardir}'
|
|
||||||
'';
|
|
||||||
};}];
|
|
||||||
|
|
||||||
systemd.services.awstats-update = mkIf (cfg.updateAt != null) {
|
systemd.services.awstats-update = mkIf (cfg.updateAt != null) {
|
||||||
description = "awstats log collector";
|
description = "awstats log collector";
|
||||||
|
|
|
@ -1,68 +0,0 @@
|
||||||
{ config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
with lib;
|
|
||||||
let
|
|
||||||
cfg = config.services.mantisbt;
|
|
||||||
|
|
||||||
freshInstall = cfg.extraConfig == "";
|
|
||||||
|
|
||||||
# combined code+config directory
|
|
||||||
mantisbt = let
|
|
||||||
config_inc = pkgs.writeText "config_inc.php" ("<?php\n" + cfg.extraConfig);
|
|
||||||
src = pkgs.fetchurl {
|
|
||||||
url = "mirror://sourceforge/mantisbt/${name}.tar.gz";
|
|
||||||
sha256 = "1pl6xn793p3mxc6ibpr2bhg85vkdlcf57yk7pfc399g47l8x4508";
|
|
||||||
};
|
|
||||||
name = "mantisbt-1.2.19";
|
|
||||||
in
|
|
||||||
# We have to copy every time; otherwise config won't be found.
|
|
||||||
pkgs.runCommand name
|
|
||||||
{ preferLocalBuild = true; allowSubstitutes = false; }
|
|
||||||
(''
|
|
||||||
mkdir -p "$out"
|
|
||||||
cd "$out"
|
|
||||||
tar -xf '${src}' --strip-components=1
|
|
||||||
ln -s '${config_inc}' config_inc.php
|
|
||||||
''
|
|
||||||
+ lib.optionalString (!freshInstall) "rm -r admin/"
|
|
||||||
);
|
|
||||||
in
|
|
||||||
{
|
|
||||||
options.services.mantisbt = {
|
|
||||||
enable = mkOption {
|
|
||||||
type = types.bool;
|
|
||||||
default = false;
|
|
||||||
description = ''
|
|
||||||
Enable the mantisbt web service.
|
|
||||||
This switches on httpd with PHP and database.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
urlPrefix = mkOption {
|
|
||||||
type = types.string;
|
|
||||||
default = "/mantisbt";
|
|
||||||
description = "The URL prefix under which the mantisbt service appears.";
|
|
||||||
};
|
|
||||||
extraConfig = mkOption {
|
|
||||||
type = types.lines;
|
|
||||||
default = "";
|
|
||||||
description = ''
|
|
||||||
The contents of config_inc.php, without leading <?php.
|
|
||||||
If left empty, the admin directory will be accessible.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
|
||||||
services.mysql.enable = true;
|
|
||||||
services.httpd.enable = true;
|
|
||||||
services.httpd.enablePHP = true;
|
|
||||||
# The httpd sub-service showing mantisbt.
|
|
||||||
services.httpd.extraSubservices = [ { function = { ... }: {
|
|
||||||
extraConfig =
|
|
||||||
''
|
|
||||||
Alias ${cfg.urlPrefix} "${mantisbt}"
|
|
||||||
'';
|
|
||||||
};}];
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,133 +0,0 @@
|
||||||
{ config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
with lib;
|
|
||||||
|
|
||||||
let
|
|
||||||
cfg = config.services.systemhealth;
|
|
||||||
|
|
||||||
systemhealth = with pkgs; stdenv.mkDerivation {
|
|
||||||
name = "systemhealth-1.0";
|
|
||||||
src = fetchurl {
|
|
||||||
url = "https://www.brianlane.com/downloads/systemhealth/systemhealth-1.0.tar.bz2";
|
|
||||||
sha256 = "1q69lz7hmpbdpbz36zb06nzfkj651413n9icx0njmyr3xzq1j9qy";
|
|
||||||
};
|
|
||||||
buildInputs = [ python ];
|
|
||||||
installPhase = ''
|
|
||||||
mkdir -p $out/bin
|
|
||||||
# Make it work for kernels 3.x, not so different than 2.6
|
|
||||||
sed -i 's/2\.6/4.0/' system_health.py
|
|
||||||
cp system_health.py $out/bin
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
rrdDir = "/var/lib/health/rrd";
|
|
||||||
htmlDir = "/var/lib/health/html";
|
|
||||||
|
|
||||||
configFile = rrdDir + "/.syshealthrc";
|
|
||||||
# The program will try to read $HOME/.syshealthrc, so we set the proper home.
|
|
||||||
command = "HOME=${rrdDir} ${systemhealth}/bin/system_health.py";
|
|
||||||
|
|
||||||
cronJob = ''
|
|
||||||
*/5 * * * * wwwrun ${command} --log
|
|
||||||
5 * * * * wwwrun ${command} --graph
|
|
||||||
'';
|
|
||||||
|
|
||||||
nameEqualName = s: "${s} = ${s}";
|
|
||||||
interfacesSection = concatStringsSep "\n" (map nameEqualName cfg.interfaces);
|
|
||||||
|
|
||||||
driveLine = d: "${d.path} = ${d.name}";
|
|
||||||
drivesSection = concatStringsSep "\n" (map driveLine cfg.drives);
|
|
||||||
|
|
||||||
in
|
|
||||||
{
|
|
||||||
options = {
|
|
||||||
services.systemhealth = {
|
|
||||||
enable = mkOption {
|
|
||||||
default = false;
|
|
||||||
description = ''
|
|
||||||
Enable the system health monitor and its generation of graphs.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
urlPrefix = mkOption {
|
|
||||||
default = "/health";
|
|
||||||
description = ''
|
|
||||||
The URL prefix under which the System Health web pages appear in httpd.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
interfaces = mkOption {
|
|
||||||
default = [ "lo" ];
|
|
||||||
example = [ "lo" "eth0" "eth1" ];
|
|
||||||
description = ''
|
|
||||||
Interfaces to monitor (minimum one).
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
drives = mkOption {
|
|
||||||
default = [ ];
|
|
||||||
example = [ { name = "root"; path = "/"; } ];
|
|
||||||
description = ''
|
|
||||||
Drives to monitor.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
|
||||||
services.cron.systemCronJobs = [ cronJob ];
|
|
||||||
|
|
||||||
system.activationScripts.systemhealth = stringAfter [ "var" ]
|
|
||||||
''
|
|
||||||
mkdir -p ${rrdDir} ${htmlDir}
|
|
||||||
chown wwwrun:wwwrun ${rrdDir} ${htmlDir}
|
|
||||||
|
|
||||||
cat >${configFile} << EOF
|
|
||||||
[paths]
|
|
||||||
rrdtool = ${pkgs.rrdtool}/bin/rrdtool
|
|
||||||
loadavg_rrd = loadavg
|
|
||||||
ps = /run/current-system/sw/bin/ps
|
|
||||||
df = /run/current-system/sw/bin/df
|
|
||||||
meminfo_rrd = meminfo
|
|
||||||
uptime_rrd = uptime
|
|
||||||
rrd_path = ${rrdDir}
|
|
||||||
png_path = ${htmlDir}
|
|
||||||
|
|
||||||
[processes]
|
|
||||||
|
|
||||||
[interfaces]
|
|
||||||
${interfacesSection}
|
|
||||||
|
|
||||||
[drives]
|
|
||||||
${drivesSection}
|
|
||||||
|
|
||||||
[graphs]
|
|
||||||
width = 400
|
|
||||||
time = ['-3hours', '-32hours', '-8days', '-5weeks', '-13months']
|
|
||||||
height = 100
|
|
||||||
|
|
||||||
[external]
|
|
||||||
|
|
||||||
EOF
|
|
||||||
|
|
||||||
chown wwwrun:wwwrun ${configFile}
|
|
||||||
|
|
||||||
${pkgs.su}/bin/su -s "/bin/sh" -c "${command} --check" wwwrun
|
|
||||||
${pkgs.su}/bin/su -s "/bin/sh" -c "${command} --html" wwwrun
|
|
||||||
'';
|
|
||||||
|
|
||||||
services.httpd.extraSubservices = [
|
|
||||||
{ function = f: {
|
|
||||||
extraConfig = ''
|
|
||||||
Alias ${cfg.urlPrefix} ${htmlDir}
|
|
||||||
|
|
||||||
<Directory ${htmlDir}>
|
|
||||||
Order allow,deny
|
|
||||||
Allow from all
|
|
||||||
</Directory>
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -8,11 +8,8 @@ import ./make-test.nix ({ ...}: {
|
||||||
services.httpd = {
|
services.httpd = {
|
||||||
enable = true;
|
enable = true;
|
||||||
adminAddr = "please@dont.contact";
|
adminAddr = "please@dont.contact";
|
||||||
extraSubservices = lib.singleton {
|
|
||||||
function = f: {
|
|
||||||
enablePHP = true;
|
enablePHP = true;
|
||||||
phpOptions = "pcre.jit = true";
|
phpOptions = "pcre.jit = true";
|
||||||
|
|
||||||
extraConfig =
|
extraConfig =
|
||||||
let
|
let
|
||||||
testRoot = pkgs.writeText "index.php"
|
testRoot = pkgs.writeText "index.php"
|
||||||
|
@ -32,8 +29,6 @@ import ./make-test.nix ({ ...}: {
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
|
||||||
};
|
|
||||||
testScript = { ... }:
|
testScript = { ... }:
|
||||||
''
|
''
|
||||||
$machine->waitForUnit('httpd.service');
|
$machine->waitForUnit('httpd.service');
|
||||||
|
|
|
@ -1,121 +0,0 @@
|
||||||
import ./make-test.nix ({ pkgs, ...} :
|
|
||||||
|
|
||||||
let
|
|
||||||
|
|
||||||
# Build some packages with coverage instrumentation.
|
|
||||||
overrides = pkgs:
|
|
||||||
with pkgs.stdenvAdapters;
|
|
||||||
let
|
|
||||||
do = pkg: pkg.override (args: {
|
|
||||||
stdenv = addCoverageInstrumentation args.stdenv;
|
|
||||||
});
|
|
||||||
in
|
|
||||||
rec {
|
|
||||||
apr = do pkgs.apr;
|
|
||||||
aprutil = do pkgs.aprutil;
|
|
||||||
apacheHttpd = do pkgs.apacheHttpd;
|
|
||||||
mod_python = do pkgs.mod_python;
|
|
||||||
subversion = do pkgs.subversion;
|
|
||||||
|
|
||||||
# To build the kernel with coverage instrumentation, we need a
|
|
||||||
# special patch to make coverage data available under /proc.
|
|
||||||
linux = pkgs.linux.override (orig: {
|
|
||||||
stdenv = overrideInStdenv pkgs.stdenv [ pkgs.keepBuildTree ];
|
|
||||||
extraConfig =
|
|
||||||
''
|
|
||||||
GCOV_KERNEL y
|
|
||||||
GCOV_PROFILE_ALL y
|
|
||||||
'';
|
|
||||||
});
|
|
||||||
};
|
|
||||||
|
|
||||||
in
|
|
||||||
|
|
||||||
{
|
|
||||||
name = "subversion";
|
|
||||||
meta = with pkgs.stdenv.lib.maintainers; {
|
|
||||||
maintainers = [ eelco ];
|
|
||||||
};
|
|
||||||
|
|
||||||
nodes =
|
|
||||||
{ webserver =
|
|
||||||
{ ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
services.httpd.enable = true;
|
|
||||||
services.httpd.adminAddr = "e.dolstra@tudelft.nl";
|
|
||||||
services.httpd.extraSubservices =
|
|
||||||
[ { function = import <services/subversion>;
|
|
||||||
urlPrefix = "";
|
|
||||||
dataDir = "/data/subversion";
|
|
||||||
userCreationDomain = "192.168.0.0/16";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
nixpkgs.config.packageOverrides = overrides;
|
|
||||||
};
|
|
||||||
|
|
||||||
client =
|
|
||||||
{ pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
environment.systemPackages = [ pkgs.subversion ];
|
|
||||||
nixpkgs.config.packageOverrides = overrides;
|
|
||||||
};
|
|
||||||
|
|
||||||
};
|
|
||||||
|
|
||||||
testScript =
|
|
||||||
''
|
|
||||||
startAll;
|
|
||||||
|
|
||||||
$webserver->waitForOpenPort(80);
|
|
||||||
|
|
||||||
print STDERR $client->succeed("svn --version");
|
|
||||||
|
|
||||||
print STDERR $client->succeed("curl --fail http://webserver/");
|
|
||||||
|
|
||||||
# Create a new user through the web interface.
|
|
||||||
$client->succeed("curl --fail -F username=alice -F fullname='Alice Lastname' -F address=alice\@example.org -F password=foobar -F password_again=foobar http://webserver/repoman/adduser");
|
|
||||||
|
|
||||||
# Let Alice create a new repository.
|
|
||||||
$client->succeed("curl --fail -u alice:foobar --form repo=xyzzy --form description=Xyzzy http://webserver/repoman/create");
|
|
||||||
|
|
||||||
$client->succeed("curl --fail http://webserver/") =~ /alice/ or die;
|
|
||||||
|
|
||||||
# Let Alice do a checkout.
|
|
||||||
my $svnFlags = "--non-interactive --username alice --password foobar";
|
|
||||||
$client->succeed("svn co $svnFlags http://webserver/repos/xyzzy wc");
|
|
||||||
$client->succeed("echo hello > wc/world");
|
|
||||||
$client->succeed("svn add wc/world");
|
|
||||||
$client->succeed("svn ci $svnFlags -m 'Added world.' wc/world");
|
|
||||||
|
|
||||||
# Create a new user on the server through the create-user.pl script.
|
|
||||||
$webserver->execute("svn-server-create-user.pl bob bob\@example.org Bob");
|
|
||||||
$webserver->succeed("svn-server-resetpw.pl bob fnord");
|
|
||||||
$client->succeed("curl --fail http://webserver/") =~ /bob/ or die;
|
|
||||||
|
|
||||||
# Bob should not have access to the repo.
|
|
||||||
my $svnFlagsBob = "--non-interactive --username bob --password fnord";
|
|
||||||
$client->fail("svn co $svnFlagsBob http://webserver/repos/xyzzy wc2");
|
|
||||||
|
|
||||||
# Bob should not be able change the ACLs of the repo.
|
|
||||||
# !!! Repoman should really return a 403 here.
|
|
||||||
$client->succeed("curl --fail -u bob:fnord -F description=Xyzzy -F readers=alice,bob -F writers=alice -F watchers= -F tardirs= http://webserver/repoman/update/xyzzy")
|
|
||||||
=~ /not authorised/ or die;
|
|
||||||
|
|
||||||
# Give Bob access.
|
|
||||||
$client->succeed("curl --fail -u alice:foobar -F description=Xyzzy -F readers=alice,bob -F writers=alice -F watchers= -F tardirs= http://webserver/repoman/update/xyzzy");
|
|
||||||
|
|
||||||
# So now his checkout should succeed.
|
|
||||||
$client->succeed("svn co $svnFlagsBob http://webserver/repos/xyzzy wc2");
|
|
||||||
|
|
||||||
# Test ViewVC and WebSVN
|
|
||||||
$client->succeed("curl --fail -u alice:foobar http://webserver/viewvc/xyzzy");
|
|
||||||
$client->succeed("curl --fail -u alice:foobar http://webserver/websvn/xyzzy");
|
|
||||||
$client->succeed("curl --fail -u alice:foobar http://webserver/repos-xml/xyzzy");
|
|
||||||
|
|
||||||
# Stop Apache to gather all the coverage data.
|
|
||||||
$webserver->stopJob("httpd");
|
|
||||||
'';
|
|
||||||
|
|
||||||
})
|
|
Loading…
Reference in New Issue