commit 5ca89402eec1a634b2e94cdf407b92095cdacfa2 · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixos/trafficserver: avoid input from derivation

Using builtins.readFile to load upstream defaults is a clever trick, but
it's not allowed in restricted evaluation mode: which means it fails on
Hydra, for example. Besides - in Nixpkgs - depending on derivation as
inputs is considered bad practice and should be avoided.

rnhmjoj 4 years ago 5ca89402 dc2cebde

+76 -15

4 changed files

expand all

unified split

nixos

modules

module-list.nix

services

web-servers

trafficserver

default.nix

ip_allow.json

logging.json

+1 -1

nixos/modules/module-list.nix

··· 1031 ./services/web-servers/shellinabox.nix 1032 ./services/web-servers/tomcat.nix 1033 ./services/web-servers/traefik.nix 1034 - ./services/web-servers/trafficserver.nix 1035 ./services/web-servers/ttyd.nix 1036 ./services/web-servers/uwsgi.nix 1037 ./services/web-servers/varnish/default.nix

··· 1031 ./services/web-servers/shellinabox.nix 1032 ./services/web-servers/tomcat.nix 1033 ./services/web-servers/traefik.nix 1034 + ./services/web-servers/trafficserver/default.nix 1035 ./services/web-servers/ttyd.nix 1036 ./services/web-servers/uwsgi.nix 1037 ./services/web-servers/varnish/default.nix

+2 -14

nixos/modules/services/web-servers/trafficserver.nix nixos/modules/services/web-servers/trafficserver/default.nix

··· 8 group = config.users.groups.trafficserver.name; 9 10 getManualUrl = name: "https://docs.trafficserver.apache.org/en/latest/admin-guide/files/${name}.en.html"; 11 - getConfPath = name: "${pkgs.trafficserver}/etc/trafficserver/${name}"; 12 13 yaml = pkgs.formats.yaml { }; 14 - 15 - fromYAML = f: 16 - let 17 - jsonFile = pkgs.runCommand "in.json" 18 - { 19 - nativeBuildInputs = [ pkgs.remarshal ]; 20 - } '' 21 - yaml2json < "${f}" > "$out" 22 - ''; 23 - in 24 - builtins.fromJSON (builtins.readFile jsonFile); 25 26 mkYamlConf = name: cfg: 27 if cfg != null then { ··· 73 74 ipAllow = mkOption { 75 type = types.nullOr yaml.type; 76 - default = fromYAML (getConfPath "ip_allow.yaml"); 77 defaultText = "upstream defaults"; 78 example = literalExample { 79 ip_allow = [{ ··· 94 95 logging = mkOption { 96 type = types.nullOr yaml.type; 97 - default = fromYAML (getConfPath "logging.yaml"); 98 defaultText = "upstream defaults"; 99 example = literalExample { }; 100 description = ''

··· 8 group = config.users.groups.trafficserver.name; 9 10 getManualUrl = name: "https://docs.trafficserver.apache.org/en/latest/admin-guide/files/${name}.en.html"; 11 12 yaml = pkgs.formats.yaml { }; 13 14 mkYamlConf = name: cfg: 15 if cfg != null then { ··· 61 62 ipAllow = mkOption { 63 type = types.nullOr yaml.type; 64 + default = builtins.fromJSON (builtins.readFile ./ip_allow.json); 65 defaultText = "upstream defaults"; 66 example = literalExample { 67 ip_allow = [{ ··· 82 83 logging = mkOption { 84 type = types.nullOr yaml.type; 85 + default = builtins.fromJSON (builtins.readFile ./logging.json); 86 defaultText = "upstream defaults"; 87 example = literalExample { }; 88 description = ''

+36

nixos/modules/services/web-servers/trafficserver/ip_allow.json

···

··· 1 + { 2 + "ip_allow": [ 3 + { 4 + "apply": "in", 5 + "ip_addrs": "127.0.0.1", 6 + "action": "allow", 7 + "methods": "ALL" 8 + }, 9 + { 10 + "apply": "in", 11 + "ip_addrs": "::1", 12 + "action": "allow", 13 + "methods": "ALL" 14 + }, 15 + { 16 + "apply": "in", 17 + "ip_addrs": "0/0", 18 + "action": "deny", 19 + "methods": [ 20 + "PURGE", 21 + "PUSH", 22 + "DELETE" 23 + ] 24 + }, 25 + { 26 + "apply": "in", 27 + "ip_addrs": "::/0", 28 + "action": "deny", 29 + "methods": [ 30 + "PURGE", 31 + "PUSH", 32 + "DELETE" 33 + ] 34 + } 35 + ] 36 + }

+37

nixos/modules/services/web-servers/trafficserver/logging.json

···

··· 1 + { 2 + "logging": { 3 + "formats": [ 4 + { 5 + "name": "welf", 6 + "format": "id=firewall time=\"%<cqtd> %<cqtt>\" fw=%<phn> pri=6 proto=%<cqus> duration=%<ttmsf> sent=%<psql> rcvd=%<cqhl> src=%<chi> dst=%<shi> dstname=%<shn> user=%<caun> op=%<cqhm> arg=\"%<cqup>\" result=%<pssc> ref=\"%<{Referer}cqh>\" agent=\"%<{user-agent}cqh>\" cache=%<crc>" 7 + }, 8 + { 9 + "name": "squid_seconds_only_timestamp", 10 + "format": "%<cqts> %<ttms> %<chi> %<crc>/%<pssc> %<psql> %<cqhm> %<cquc> %<caun> %<phr>/%<shn> %<psct>" 11 + }, 12 + { 13 + "name": "squid", 14 + "format": "%<cqtq> %<ttms> %<chi> %<crc>/%<pssc> %<psql> %<cqhm> %<cquc> %<caun> %<phr>/%<shn> %<psct>" 15 + }, 16 + { 17 + "name": "common", 18 + "format": "%<chi> - %<caun> [%<cqtn>] \"%<cqtx>\" %<pssc> %<pscl>" 19 + }, 20 + { 21 + "name": "extended", 22 + "format": "%<chi> - %<caun> [%<cqtn>] \"%<cqtx>\" %<pssc> %<pscl> %<sssc> %<sscl> %<cqcl> %<pqcl> %<cqhl> %<pshl> %<pqhl> %<sshl> %<tts>" 23 + }, 24 + { 25 + "name": "extended2", 26 + "format": "%<chi> - %<caun> [%<cqtn>] \"%<cqtx>\" %<pssc> %<pscl> %<sssc> %<sscl> %<cqcl> %<pqcl> %<cqhl> %<pshl> %<pqhl> %<sshl> %<tts> %<phr> %<cfsc> %<pfsc> %<crc>" 27 + } 28 + ], 29 + "logs": [ 30 + { 31 + "filename": "squid", 32 + "format": "squid", 33 + "mode": "binary" 34 + } 35 + ] 36 + } 37 + }