svn path=/nixos/trunk/; revision=10624

upstart-jobs/apache-httpd/default.nix

@@ -9,8 +9,17 @@ let
   httpd = pkgs.apacheHttpd;
 
 
+  serverInfo = {
+    # Canonical name must not include a trailing slash.
+    canonicalName =
+      "http://" +
+      cfg.hostName +
+      (if cfg.httpPort != 80 then ":${toString cfg.httpPort}" else "");
+  };
+
+
   subservices = [
-    (import ./subversion.nix {inherit config pkgs;})
+    (import ./subversion.nix {inherit config pkgs serverInfo;})
   ];
 
 
@@ -74,7 +83,7 @@ let
 
     SSLSessionCache dbm:${cfg.stateDir}/ssl_scache
 
-    SSLMutex  file:${cfg.stateDir}/ssl_mutex
+    SSLMutex file:${cfg.stateDir}/ssl_mutex
 
     SSLRandomSeed startup builtin
     SSLRandomSeed connect builtin
@@ -145,7 +154,7 @@ let
 
     ServerAdmin ${cfg.adminAddr}
 
-    ServerName ${cfg.hostName}:${toString cfg.httpPort}
+    ServerName ${serverInfo.canonicalName}
 
     PidFile ${cfg.stateDir}/httpd.pid
 

upstart-jobs/apache-httpd/subversion.nix

@@ -1,4 +1,5 @@
-{config, pkgs}:
+{ config, pkgs, serverInfo
+}:
 
 let
 
@@ -8,6 +9,7 @@ let
   backupsDir = "/tmp/svn/backup";
   tmpDir = "/tmp/svn/tmp";
   adminAddr = "eelco@cs.uu.nl";
+  userCreationDomain = "10.0.0.0/8";
 
 
   # Build a Subversion instance with Apache modules and Swig/Python bindings.
@@ -28,11 +30,16 @@ let
   };
 
 
-  # Access controls for /repos and /repos-xml. 
+  commonAuth = ''
-  reposConfig = dirName: ''
     AuthType Basic
     AuthName "Subversion repositories"
     AuthBasicProvider auth-against-db
+  '';
+  
+
+  # Access controls for /repos and /repos-xml. 
+  reposConfig = dirName: ''
+    ${commonAuth}
 
     AuthAllowNone on
 
@@ -64,9 +71,7 @@ let
 
 
   viewerConfig = dirName: ''
-    AuthType Basic
+    ${commonAuth}
-    AuthName "Subversion repositories"
-    AuthBasicProvider auth-against-db
     AuthAllowNone on
     AuthzRepoPrefix ${prefix}/${dirName}/
     AuthzRepoDBType DB
@@ -88,7 +93,7 @@ let
 
     Alias ${prefix}/viewvc-doc ${viewvc}/viewvc/templates/docroot
 
-    #Redirect permanent /viewcvs @canonicalName@/viewvc
+    Redirect permanent ${prefix}/viewcvs ${serverInfo.canonicalName}/${prefix}/viewvc
   '';
 
 
@@ -125,14 +130,13 @@ let
     isExecutable = true;
     perl = "${pkgs.perl}/bin/perl";
     defaultPath = "";
-    staticPrefix = prefix;
+    urlPrefix = prefix;
     orgUrl = "http://example.org/";
     orgLogoUrl = "http://example.org/";
     orgName = "Example Org";
-    canonicalName = "http://localhost/";
+    inherit (serverInfo) canonicalName;
-    userCreationDomain = "localhost";
     fsType = "fsfs";
-    inherit adminAddr reposDir backupsDir dbDir subversion;
+    inherit adminAddr reposDir backupsDir dbDir subversion userCreationDomain;
 
     # Urgh, most of these are dependencies of Email::Send, should figure them out automatically.
     perlFlags = "-I${pkgs.perlBerkeleyDB}/lib/site_perl -I${pkgs.perlEmailSend}/lib/site_perl -I${pkgs.perlEmailSimple}/lib/site_perl -I${pkgs.perlModulePluggable}/lib/site_perl -I${pkgs.perlReturnValue}/lib/site_perl -I${pkgs.perlEmailAddress}/lib/site_perl";
@@ -140,6 +144,41 @@ let
 
   repomanConfig = ''
     ScriptAlias ${prefix}/repoman ${repoman}/repoman.pl
+
+    <Location ${prefix}/repoman/listdetails>
+        ${commonAuth}    
+        Require valid-user
+    </Location>
+
+    <Location ${prefix}/repoman/adduser>
+        Order deny,allow
+        Deny from all
+        Allow from 127.0.0.1
+        Allow from ${userCreationDomain}
+    </Location>
+
+    <Location ${prefix}/repoman/edituser>
+        ${commonAuth}    
+        Require valid-user
+    </Location>
+
+    <Location ${prefix}/repoman/create>
+        ${commonAuth}    
+        Require valid-user
+        Order deny,allow
+        Deny from all
+        Allow from 127.0.0.1
+        Allow from ${userCreationDomain}
+    </Location>
+
+    <Location ${prefix}/repoman/update>
+        ${commonAuth}    
+        Require valid-user
+    </Location>
+
+    <Location ${prefix}/repoman/dump>
+        ${viewerConfig "repoman/dump"}
+    </Location>
   '';
 
   
@@ -179,7 +218,7 @@ in
     
     <Location ${prefix}/repos-xml>
       ${reposConfig "repos-xml"}
-      SVNIndexXSLT "@staticPrefix@/xsl/svnindex.xsl"
+      SVNIndexXSLT "${prefix}/xsl/svnindex.xsl"
     </Location>
 
     ${viewvcConfig}

upstart-jobs/default.nix

@@ -62,7 +62,7 @@ let
 
     # Swapping.
     (import ../upstart-jobs/swap.nix {
-      inherit (pkgs) utillinux library;
+      inherit (pkgs) utillinux lib;
       swapDevices = config.swapDevices;
     })
 
@@ -301,7 +301,7 @@ let
           # syslog tty, except those for which a specific theme is
           # specified.
           defaultTTYs =
-            pkgs.library.filter (x: !(pkgs.library.elem x overridenTTYs)) requiredTTYs;
+            pkgs.lib.filter (x: !(pkgs.lib.elem x overridenTTYs)) requiredTTYs;
 
         in      
           (map (ttyNumber: {

upstart-jobs/swap.nix

@@ -1,12 +1,12 @@
-{library, utillinux, swapDevices}:
+{lib, utillinux, swapDevices}:
 
 let
 
   devicesByPath =
-    map (x: x.device) (library.filter (x: x ? device) swapDevices);
+    map (x: x.device) (lib.filter (x: x ? device) swapDevices);
     
   devicesByLabel =
-    map (x: x.label) (library.filter (x: x ? label) swapDevices);
+    map (x: x.label) (lib.filter (x: x ? label) swapDevices);
 
 in