From 56f1918e1ca073fd1460badb61281d7202bc1c80 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 27 Apr 2011 14:52:55 +0000 Subject: [PATCH] * Move the Subversion/Repoman module out of the NixOS tree. svn path=/nixos/trunk/; revision=27000 --- .../web-servers/apache-httpd/subversion.nix | 458 ------------------ 1 file changed, 458 deletions(-) delete mode 100644 modules/services/web-servers/apache-httpd/subversion.nix diff --git a/modules/services/web-servers/apache-httpd/subversion.nix b/modules/services/web-servers/apache-httpd/subversion.nix deleted file mode 100644 index 3229138d172..00000000000 --- a/modules/services/web-servers/apache-httpd/subversion.nix +++ /dev/null @@ -1,458 +0,0 @@ -{ config, pkgs, serverInfo, servicesPath, ... }: - -let - - inherit (pkgs.lib) mkOption; - - urlPrefix = config.urlPrefix; - dbDir = "${config.dataDir}/db"; - reposDir = "${config.dataDir}/repos"; - backupsDir = "${config.dataDir}/backup"; - distsDir = "${config.dataDir}/dist"; - tmpDir = "${config.dataDir}/tmp"; - logDir = "${config.dataDir}/log"; - idString = if config.id == "" then "" else "${config.id}-"; - postCommitHook = "/var/run/current-system/sw/bin/svn-server-${idString}post-commit-hook"; - fsType = "fsfs"; - adminAddr = serverInfo.adminAddr; - - - - # Build a Subversion instance with Apache modules and Swig/Python bindings. - subversion = pkgs.subversion.override (origArgs: { - bdbSupport = true; - httpServer = true; - sslSupport = true; - compressionSupport = true; - pythonBindings = true; - }); - - - # Build the maintenance scripts and commit hooks. - scripts = substituteInAll { - name = "svn-server-scripts"; - src = /* pkgs.lib.cleanSource */ "${servicesPath}/subversion/src/scripts"; - - # The variables to substitute: - - inherit reposDir dbDir logDir distsDir backupsDir tmpDir - urlPrefix adminAddr fsType subversion postCommitHook mailer; - inherit (config) notificationSender userCreationDomain; - orgUrl = config.organisation.url; - orgLogoUrl = config.organisation.logo; - orgName = config.organisation.name; - - perl = "${pkgs.perl}/bin/perl"; - - sendmail = "${pkgs.ssmtp}/sbin/sendmail"; - - inherit (pkgs) libxslt enscript db4 coreutils diffutils gzip bzip2 python; - - inherit (serverInfo) canonicalName; - - inherit (serverInfo.serverConfig) user group; - - # Urgh, most of these are dependencies of Email::Send, should figure them out automatically. - perlFlags = map (x: "-I${x}/lib/perl5/site_perl") [ - pkgs.perlPackages.BerkeleyDB pkgs.perlPackages.EmailSend - pkgs.perlPackages.EmailSimple pkgs.perlPackages.ModulePluggable - pkgs.perlPackages.ReturnValue pkgs.perlPackages.EmailAddress - pkgs.perlPackages.CryptPasswordMD5 - pkgs.perlPackages.StringMkPasswd - ]; - - pythonPath = "${subversion}/lib/${pkgs.python.libPrefix}/site-packages"; - - # Do a syntax check on the generated file. - postInstall = '' - $perl -c -T $out/cgi-bin/repoman.pl - $perl -c $out/bin/svn-server-create-user.pl - if test -n "${config.id}"; then - for i in $(cd $out/bin && echo *); do - mv "$out/bin/$i" "$out/bin/$(echo $i | sed s^svn-server-^svn-server-${config.id}-^)" - done - fi - ''; - }; - - - # Extract the mailer script from the Subversion source distribution. - mailer = pkgs.runCommand "svn-mailer.py" { inherit (subversion) src; } - '' - unpackFile $src - cp subversion-*/tools/hook-scripts/mailer/mailer.py $out - ''; - - - # Build our custom authentication modules. - authModules = import "${servicesPath}/subversion/src/auth" { - inherit (pkgs) stdenv apacheHttpd; - }; - - - commonAuth = '' - AuthType Basic - AuthName "Subversion repositories" - AuthBasicProvider dbm - AuthDBMType DB - AuthDBMUserFile ${dbDir}/svn-users - ''; - - - # Access controls for /repos and /repos-xml. - reposConfig = dirName: '' - ${commonAuth} - - AuthAllowNone on - - AuthzRepoPrefix ${urlPrefix}/${dirName}/ - AuthzRepoDBType DB - AuthzRepoReaders ${dbDir}/svn-readers - AuthzRepoWriters ${dbDir}/svn-writers - - - Require repo-writer - - - - Require repo-reader - - - DAV svn - SVNParentPath ${reposDir} - SVNAutoversioning ${if config.autoVersioning then "on" else "off"} - ''; - - - # Build ViewVC. - viewvc = import "${servicesPath}/subversion/src/viewvc" { - inherit (pkgs) fetchurl stdenv python enscript; - inherit urlPrefix reposDir adminAddr subversion; - }; - - - viewerConfig = dirName: '' - ${commonAuth} - AuthAllowNone on - AuthzRepoPrefix ${urlPrefix}/${dirName}/ - AuthzRepoDBType DB - AuthzRepoReaders ${dbDir}/svn-readers - Require repo-reader - ''; - - - viewvcConfig = '' - ScriptAlias ${urlPrefix}/viewvc ${viewvc}/viewvc/bin/mod_python/viewvc.py - - - AddHandler python-program .py - # Note: we write \" instead of ' to work around a lexer bug in Nix 0.11. - PythonPath "[\"${viewvc}/viewvc/bin/mod_python\", \"${subversion}/lib/${pkgs.python.libPrefix}/site-packages\"] + sys.path" - PythonHandler handler - ${viewerConfig "viewvc"} - - - Alias ${urlPrefix}/viewvc-doc ${viewvc}/viewvc/templates/docroot - - Redirect permanent ${urlPrefix}/viewcvs ${serverInfo.canonicalName}/${urlPrefix}/viewvc - ''; - - - # Build WebSVN. - websvn = import "${servicesPath}/subversion/src/websvn" { - inherit (pkgs) fetchurl stdenv writeText enscript gnused diffutils; - inherit urlPrefix reposDir subversion; - cacheDir = tmpDir; - }; - - - websvnConfig = '' - Alias ${urlPrefix}/websvn ${websvn}/wsvn.php - Alias ${urlPrefix}/templates ${websvn}/templates - - - ${viewerConfig "websvn"} - - - - Order allow,deny - Allow from all - - ''; - - - distConfig = '' - Alias ${urlPrefix}/dist ${distsDir} - - - AllowOverride None - Options Indexes FollowSymLinks - Order allow,deny - Allow from all - IndexOptions +SuppressDescription +NameWidth=* - IndexIgnore *.rev *.lock - IndexStyleSheet ${urlPrefix}/style.css - - - - ${viewerConfig "dist"} - - ''; - - - repomanConfig = '' - ScriptAlias ${urlPrefix}/repoman ${scripts}/cgi-bin/repoman.pl - - - ${commonAuth} - Require valid-user - - - - Order deny,allow - Deny from all - Allow from 127.0.0.1 - Allow from ${config.userCreationDomain} - - - - ${commonAuth} - Require valid-user - - - - ${commonAuth} - Require valid-user - Order deny,allow - Deny from all - Allow from 127.0.0.1 - Allow from ${config.userCreationDomain} - - - - ${commonAuth} - Require valid-user - - - - ${viewerConfig "repoman/dump"} - - ''; - - - staticFiles = substituteInSome { - name = "svn-static-files"; - src = /* pkgs.lib.cleanSource */ "${servicesPath}/subversion/root"; - files = ["xsl/svnindex.xsl"]; - inherit urlPrefix; - }; - - staticFilesConfig = '' - Alias ${urlPrefix}/svn-files ${staticFiles}/ - - Order allow,deny - Allow from all - - ''; - - - # !!! should be in Nixpkgs. - substituteInSome = args: pkgs.stdenv.mkDerivation ({ - buildCommand = '' - ensureDir $out - cp -prd $src/* $out - chmod -R u+w $out - for i in $files; do - args= - substituteAll $out/$i $out/$i - done - ''; - } // args); # */ - - substituteInAll = args: pkgs.stdenv.mkDerivation ({ - buildCommand = '' - ensureDir $out - cp -prd $src/* $out - chmod -R u+w $out - find $out -type f -print | while read fn; do - args= - substituteAll $fn $fn - done - eval "$postInstall" - ''; - } // args); # */ - - -in { - - extraModulesPre = [ - # Allow anonymous access to repositories that are world-readable - # without prompting for a username/password. - { name = "authn_noauth"; path = "${authModules}/modules/mod_authn_noauth.so"; } - # Check whether the user is allowed read or write access to a - # repository. - { name = "authz_dyn"; path = "${authModules}/modules/mod_authz_dyn.so"; } - ]; - - extraModules = [ - { name = "python"; path = "${pkgs.mod_python}/modules/mod_python.so"; } - { name = "dav_svn"; path = "${subversion}/modules/mod_dav_svn.so"; } - ]; - - enablePHP = true; - - - extraConfig = '' - - - ${reposConfig "repos"} - - - - ${reposConfig "repos-xml"} - SVNIndexXSLT "${urlPrefix}/svn-files/xsl/svnindex.xsl" - - - ${viewvcConfig} - - ${websvnConfig} - - ${repomanConfig} - - ${distConfig} - - ${staticFilesConfig} - - ${if config.toplevelRedirect then '' - - DirectoryIndex repoman - - '' else ""} - - ''; - - - robotsEntries = '' - User-agent: * - Disallow: ${urlPrefix}/viewcvs/ - Disallow: ${urlPrefix}/viewvc/ - Disallow: ${urlPrefix}/websvn/ - Disallow: ${urlPrefix}/repos-xml/ - ''; - - - # mod_python's own Python modules must be in the initial Python - # path, they cannot be set through the PythonPath directive. - globalEnvVars = [ - { name = "PYTHONPATH"; value = "${pkgs.mod_python}/lib/${pkgs.python.libPrefix}/site-packages"; } - ]; - - - extraServerPath = [ - # Needed for ViewVC. - "${pkgs.diffutils}/bin" - "${pkgs.gnused}/bin" - ]; - - - extraPath = [scripts]; - - - startupScript = "${scripts}/bin/svn-server-${idString}startup-hook.sh"; - - - options = { - - id = mkOption { - default = ""; - example = "test"; - description = " - A unique identifier necessary to keep multiple Subversion server - instances on the same machine apart. This is used to - disambiguate the administrative scripts, which get names like - svn-server--delete-repo.pl. In particular it keeps - the post-commit hooks of different instances apart. - "; - }; - - urlPrefix = mkOption { - default = "/subversion"; - description = " - The URL prefix under which the Subversion service appears. - Use the empty string to have it appear in the server root. - "; - }; - - toplevelRedirect = mkOption { - default = true; - description = " - Whether urlPrefix without any suffix - (except a slash) should redirect to - urlPrefix/repoman. - "; - }; - - notificationSender = mkOption { - default = "svn-server@example.org"; - example = "svn-server@example.org"; - description = " - The email address used in the Sender field of commit - notification messages sent by the Subversion subservice. - "; - }; - - userCreationDomain = mkOption { - default = "example.org"; - example = "example.org"; - description = " - The domain from which user creation is allowed. A client can - only create a new user account if its IP address resolves to - this domain. - "; - }; - - autoVersioning = mkOption { - default = false; - description = " - Whether you want the Subversion subservice to support - auto-versioning, which enables Subversion repositories to be - mounted as read/writable file systems on operating systems that - support WebDAV. - "; - }; - - dataDir = mkOption { - example = "/data/subversion"; - description = " - Path to the directory that holds the repositories, user database, etc. - "; - }; - - organisation = { - - name = mkOption { - default = null; - description = " - Name of the organization hosting the Subversion service. - "; - }; - - url = mkOption { - default = null; - description = " - URL of the website of the organization hosting the Subversion service. - "; - }; - - logo = mkOption { - default = null; - description = " - Logo the organization hosting the Subversion service. - "; - }; - - }; - - }; - -}