From eca9242918205e973cb168795105f647d4a00451 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 11 Feb 2008 11:51:51 +0000 Subject: [PATCH] svn path=/nixos/trunk/; revision=10624 --- upstart-jobs/apache-httpd/default.nix | 15 ++++-- upstart-jobs/apache-httpd/subversion.nix | 63 +++++++++++++++++++----- upstart-jobs/default.nix | 4 +- upstart-jobs/swap.nix | 6 +-- 4 files changed, 68 insertions(+), 20 deletions(-) diff --git a/upstart-jobs/apache-httpd/default.nix b/upstart-jobs/apache-httpd/default.nix index 0aa8d622cf4..922f68868a8 100644 --- a/upstart-jobs/apache-httpd/default.nix +++ b/upstart-jobs/apache-httpd/default.nix @@ -9,8 +9,17 @@ let httpd = pkgs.apacheHttpd; + serverInfo = { + # Canonical name must not include a trailing slash. + canonicalName = + "http://" + + cfg.hostName + + (if cfg.httpPort != 80 then ":${toString cfg.httpPort}" else ""); + }; + + subservices = [ - (import ./subversion.nix {inherit config pkgs;}) + (import ./subversion.nix {inherit config pkgs serverInfo;}) ]; @@ -74,7 +83,7 @@ let SSLSessionCache dbm:${cfg.stateDir}/ssl_scache - SSLMutex file:${cfg.stateDir}/ssl_mutex + SSLMutex file:${cfg.stateDir}/ssl_mutex SSLRandomSeed startup builtin SSLRandomSeed connect builtin @@ -145,7 +154,7 @@ let ServerAdmin ${cfg.adminAddr} - ServerName ${cfg.hostName}:${toString cfg.httpPort} + ServerName ${serverInfo.canonicalName} PidFile ${cfg.stateDir}/httpd.pid diff --git a/upstart-jobs/apache-httpd/subversion.nix b/upstart-jobs/apache-httpd/subversion.nix index cbfc9846ed2..b03ab3ebfd1 100644 --- a/upstart-jobs/apache-httpd/subversion.nix +++ b/upstart-jobs/apache-httpd/subversion.nix @@ -1,4 +1,5 @@ -{config, pkgs}: +{ config, pkgs, serverInfo +}: let @@ -8,6 +9,7 @@ let backupsDir = "/tmp/svn/backup"; tmpDir = "/tmp/svn/tmp"; adminAddr = "eelco@cs.uu.nl"; + userCreationDomain = "10.0.0.0/8"; # Build a Subversion instance with Apache modules and Swig/Python bindings. @@ -28,11 +30,16 @@ let }; - # Access controls for /repos and /repos-xml. - reposConfig = dirName: '' + commonAuth = '' AuthType Basic AuthName "Subversion repositories" AuthBasicProvider auth-against-db + ''; + + + # Access controls for /repos and /repos-xml. + reposConfig = dirName: '' + ${commonAuth} AuthAllowNone on @@ -64,9 +71,7 @@ let viewerConfig = dirName: '' - AuthType Basic - AuthName "Subversion repositories" - AuthBasicProvider auth-against-db + ${commonAuth} AuthAllowNone on AuthzRepoPrefix ${prefix}/${dirName}/ AuthzRepoDBType DB @@ -88,7 +93,7 @@ let Alias ${prefix}/viewvc-doc ${viewvc}/viewvc/templates/docroot - #Redirect permanent /viewcvs @canonicalName@/viewvc + Redirect permanent ${prefix}/viewcvs ${serverInfo.canonicalName}/${prefix}/viewvc ''; @@ -125,14 +130,13 @@ let isExecutable = true; perl = "${pkgs.perl}/bin/perl"; defaultPath = ""; - staticPrefix = prefix; + urlPrefix = prefix; orgUrl = "http://example.org/"; orgLogoUrl = "http://example.org/"; orgName = "Example Org"; - canonicalName = "http://localhost/"; - userCreationDomain = "localhost"; + inherit (serverInfo) canonicalName; fsType = "fsfs"; - inherit adminAddr reposDir backupsDir dbDir subversion; + inherit adminAddr reposDir backupsDir dbDir subversion userCreationDomain; # Urgh, most of these are dependencies of Email::Send, should figure them out automatically. perlFlags = "-I${pkgs.perlBerkeleyDB}/lib/site_perl -I${pkgs.perlEmailSend}/lib/site_perl -I${pkgs.perlEmailSimple}/lib/site_perl -I${pkgs.perlModulePluggable}/lib/site_perl -I${pkgs.perlReturnValue}/lib/site_perl -I${pkgs.perlEmailAddress}/lib/site_perl"; @@ -140,6 +144,41 @@ let repomanConfig = '' ScriptAlias ${prefix}/repoman ${repoman}/repoman.pl + + + ${commonAuth} + Require valid-user + + + + Order deny,allow + Deny from all + Allow from 127.0.0.1 + Allow from ${userCreationDomain} + + + + ${commonAuth} + Require valid-user + + + + ${commonAuth} + Require valid-user + Order deny,allow + Deny from all + Allow from 127.0.0.1 + Allow from ${userCreationDomain} + + + + ${commonAuth} + Require valid-user + + + + ${viewerConfig "repoman/dump"} + ''; @@ -179,7 +218,7 @@ in ${reposConfig "repos-xml"} - SVNIndexXSLT "@staticPrefix@/xsl/svnindex.xsl" + SVNIndexXSLT "${prefix}/xsl/svnindex.xsl" ${viewvcConfig} diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix index a8d74d4c2fb..7731b5d6752 100644 --- a/upstart-jobs/default.nix +++ b/upstart-jobs/default.nix @@ -62,7 +62,7 @@ let # Swapping. (import ../upstart-jobs/swap.nix { - inherit (pkgs) utillinux library; + inherit (pkgs) utillinux lib; swapDevices = config.swapDevices; }) @@ -301,7 +301,7 @@ let # syslog tty, except those for which a specific theme is # specified. defaultTTYs = - pkgs.library.filter (x: !(pkgs.library.elem x overridenTTYs)) requiredTTYs; + pkgs.lib.filter (x: !(pkgs.lib.elem x overridenTTYs)) requiredTTYs; in (map (ttyNumber: { diff --git a/upstart-jobs/swap.nix b/upstart-jobs/swap.nix index e5938cb16da..cd640b5060e 100644 --- a/upstart-jobs/swap.nix +++ b/upstart-jobs/swap.nix @@ -1,12 +1,12 @@ -{library, utillinux, swapDevices}: +{lib, utillinux, swapDevices}: let devicesByPath = - map (x: x.device) (library.filter (x: x ? device) swapDevices); + map (x: x.device) (lib.filter (x: x ? device) swapDevices); devicesByLabel = - map (x: x.label) (library.filter (x: x ? label) swapDevices); + map (x: x.label) (lib.filter (x: x ? label) swapDevices); in