tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
fork atom

Merge pull request #66492 from aanderse/extra-subservice-cleanup

nixos/httpd: extraSubservices cleanup

authored by Aaron Andersen and committed by GitHub 249b4ad9 b15d8686

+52 -377
unified split
+10
nixos/doc/manual/release-notes/rl-1909.xml
··· 263 <literal>false</literal>. 264 </para> 265 </listitem> 266 </itemizedlist> 267 </section> 268
··· 263 <literal>false</literal>. 264 </para> 265 </listitem> 266 + <listitem> 267 + <para> 268 + The <option>services.systemhealth</option> module has been removed from nixpkgs due to lack of maintainer. 269 + </para> 270 + </listitem> 271 + <listitem> 272 + <para> 273 + The <option>services.mantisbt</option> module has been removed from nixpkgs due to lack of maintainer. 274 + </para> 275 + </listitem> 276 </itemizedlist> 277 </section> 278
-2
nixos/modules/module-list.nix
··· 437 ./services/misc/logkeys.nix 438 ./services/misc/leaps.nix 439 ./services/misc/lidarr.nix 440 - ./services/misc/mantisbt.nix 441 ./services/misc/mathics.nix 442 ./services/misc/matrix-synapse.nix 443 ./services/misc/mbpfan.nix ··· 522 ./services/monitoring/scollector.nix 523 ./services/monitoring/smartd.nix 524 ./services/monitoring/sysstat.nix 525 - ./services/monitoring/systemhealth.nix 526 ./services/monitoring/teamviewer.nix 527 ./services/monitoring/telegraf.nix 528 ./services/monitoring/thanos.nix
··· 437 ./services/misc/logkeys.nix 438 ./services/misc/leaps.nix 439 ./services/misc/lidarr.nix 440 ./services/misc/mathics.nix 441 ./services/misc/matrix-synapse.nix 442 ./services/misc/mbpfan.nix ··· 521 ./services/monitoring/scollector.nix 522 ./services/monitoring/smartd.nix 523 ./services/monitoring/sysstat.nix 524 ./services/monitoring/teamviewer.nix 525 ./services/monitoring/telegraf.nix 526 ./services/monitoring/thanos.nix
+24 -30
nixos/modules/services/logging/awstats.nix
··· 4 5 let 6 cfg = config.services.awstats; 7 package = pkgs.awstats; 8 in 9 ··· 67 environment.etc."awstats/awstats.conf".source = pkgs.runCommand "awstats.conf" 68 { preferLocalBuild = true; } 69 ( let 70 - cfg-httpd = config.services.httpd; 71 logFormat = 72 - if cfg-httpd.logFormat == "combined" then "1" else 73 - if cfg-httpd.logFormat == "common" then "4" else 74 - throw "awstats service doesn't support Apache log format `${cfg-httpd.logFormat}`"; 75 in 76 '' 77 sed \ 78 -e 's|^\(DirData\)=.*$|\1="${cfg.vardir}"|' \ 79 -e 's|^\(DirIcons\)=.*$|\1="icons"|' \ 80 -e 's|^\(CreateDirDataIfNotExists\)=.*$|\1=1|' \ 81 - -e 's|^\(SiteDomain\)=.*$|\1="${cfg-httpd.hostName}"|' \ 82 - -e 's|^\(LogFile\)=.*$|\1="${cfg-httpd.logDir}/access_log"|' \ 83 -e 's|^\(LogFormat\)=.*$|\1=${logFormat}|' \ 84 < '${package.out}/wwwroot/cgi-bin/awstats.model.conf' > "$out" 85 echo '${cfg.extraConfig}' >> "$out" 86 ''); 87 88 # The httpd sub-service showing awstats. 89 - services.httpd.enable = mkIf cfg.service.enable true; 90 - services.httpd.extraSubservices = mkIf cfg.service.enable [ { function = { serverInfo, ... }: { 91 - extraConfig = 92 - '' 93 - Alias ${cfg.service.urlPrefix}/classes "${package.out}/wwwroot/classes/" 94 - Alias ${cfg.service.urlPrefix}/css "${package.out}/wwwroot/css/" 95 - Alias ${cfg.service.urlPrefix}/icons "${package.out}/wwwroot/icon/" 96 - ScriptAlias ${cfg.service.urlPrefix}/ "${package.out}/wwwroot/cgi-bin/" 97 98 - <Directory "${package.out}/wwwroot"> 99 - Options None 100 - AllowOverride None 101 - Order allow,deny 102 - Allow from all 103 - </Directory> 104 - ''; 105 - startupScript = 106 - let 107 - inherit (serverInfo.serverConfig) user group; 108 - in pkgs.writeScript "awstats_startup.sh" 109 - '' 110 - mkdir -p '${cfg.vardir}' 111 - chown '${user}:${group}' '${cfg.vardir}' 112 - ''; 113 - };}]; 114 115 systemd.services.awstats-update = mkIf (cfg.updateAt != null) { 116 description = "awstats log collector";
··· 4 5 let 6 cfg = config.services.awstats; 7 + httpd = config.services.httpd; 8 package = pkgs.awstats; 9 in 10 ··· 68 environment.etc."awstats/awstats.conf".source = pkgs.runCommand "awstats.conf" 69 { preferLocalBuild = true; } 70 ( let 71 logFormat = 72 + if httpd.logFormat == "combined" then "1" else 73 + if httpd.logFormat == "common" then "4" else 74 + throw "awstats service doesn't support Apache log format `${httpd.logFormat}`"; 75 in 76 '' 77 sed \ 78 -e 's|^\(DirData\)=.*$|\1="${cfg.vardir}"|' \ 79 -e 's|^\(DirIcons\)=.*$|\1="icons"|' \ 80 -e 's|^\(CreateDirDataIfNotExists\)=.*$|\1=1|' \ 81 + -e 's|^\(SiteDomain\)=.*$|\1="${httpd.hostName}"|' \ 82 + -e 's|^\(LogFile\)=.*$|\1="${httpd.logDir}/access_log"|' \ 83 -e 's|^\(LogFormat\)=.*$|\1=${logFormat}|' \ 84 < '${package.out}/wwwroot/cgi-bin/awstats.model.conf' > "$out" 85 echo '${cfg.extraConfig}' >> "$out" 86 ''); 87 88 + systemd.tmpfiles.rules = optionals cfg.service.enable [ 89 + "d '${cfg.vardir}' - ${httpd.user} ${httpd.group} - -" 90 + "Z '${cfg.vardir}' - ${httpd.user} ${httpd.group} - -" 91 + ]; 92 + 93 # The httpd sub-service showing awstats. 94 + services.httpd = optionalAttrs cfg.service.enable { 95 + enable = true; 96 + extraConfig = '' 97 + Alias ${cfg.service.urlPrefix}/classes "${package.out}/wwwroot/classes/" 98 + Alias ${cfg.service.urlPrefix}/css "${package.out}/wwwroot/css/" 99 + Alias ${cfg.service.urlPrefix}/icons "${package.out}/wwwroot/icon/" 100 + ScriptAlias ${cfg.service.urlPrefix}/ "${package.out}/wwwroot/cgi-bin/" 101 102 + <Directory "${package.out}/wwwroot"> 103 + Options None 104 + Require all granted 105 + </Directory> 106 + ''; 107 + }; 108 109 systemd.services.awstats-update = mkIf (cfg.updateAt != null) { 110 description = "awstats log collector";
-68
nixos/modules/services/misc/mantisbt.nix
··· 1 - { config, lib, pkgs, ... }: 2 - 3 - with lib; 4 - let 5 - cfg = config.services.mantisbt; 6 - 7 - freshInstall = cfg.extraConfig == ""; 8 - 9 - # combined code+config directory 10 - mantisbt = let 11 - config_inc = pkgs.writeText "config_inc.php" ("<?php\n" + cfg.extraConfig); 12 - src = pkgs.fetchurl { 13 - url = "mirror://sourceforge/mantisbt/${name}.tar.gz"; 14 - sha256 = "1pl6xn793p3mxc6ibpr2bhg85vkdlcf57yk7pfc399g47l8x4508"; 15 - }; 16 - name = "mantisbt-1.2.19"; 17 - in 18 - # We have to copy every time; otherwise config won't be found. 19 - pkgs.runCommand name 20 - { preferLocalBuild = true; allowSubstitutes = false; } 21 - ('' 22 - mkdir -p "$out" 23 - cd "$out" 24 - tar -xf '${src}' --strip-components=1 25 - ln -s '${config_inc}' config_inc.php 26 - '' 27 - + lib.optionalString (!freshInstall) "rm -r admin/" 28 - ); 29 - in 30 - { 31 - options.services.mantisbt = { 32 - enable = mkOption { 33 - type = types.bool; 34 - default = false; 35 - description = '' 36 - Enable the mantisbt web service. 37 - This switches on httpd with PHP and database. 38 - ''; 39 - }; 40 - urlPrefix = mkOption { 41 - type = types.string; 42 - default = "/mantisbt"; 43 - description = "The URL prefix under which the mantisbt service appears."; 44 - }; 45 - extraConfig = mkOption { 46 - type = types.lines; 47 - default = ""; 48 - description = '' 49 - The contents of config_inc.php, without leading &lt;?php. 50 - If left empty, the admin directory will be accessible. 51 - ''; 52 - }; 53 - }; 54 - 55 - 56 - config = mkIf cfg.enable { 57 - services.mysql.enable = true; 58 - services.httpd.enable = true; 59 - services.httpd.enablePHP = true; 60 - # The httpd sub-service showing mantisbt. 61 - services.httpd.extraSubservices = [ { function = { ... }: { 62 - extraConfig = 63 - '' 64 - Alias ${cfg.urlPrefix} "${mantisbt}" 65 - ''; 66 - };}]; 67 - }; 68 - }
···
-133
nixos/modules/services/monitoring/systemhealth.nix
··· 1 - { config, lib, pkgs, ... }: 2 - 3 - with lib; 4 - 5 - let 6 - cfg = config.services.systemhealth; 7 - 8 - systemhealth = with pkgs; stdenv.mkDerivation { 9 - name = "systemhealth-1.0"; 10 - src = fetchurl { 11 - url = "https://www.brianlane.com/downloads/systemhealth/systemhealth-1.0.tar.bz2"; 12 - sha256 = "1q69lz7hmpbdpbz36zb06nzfkj651413n9icx0njmyr3xzq1j9qy"; 13 - }; 14 - buildInputs = [ python ]; 15 - installPhase = '' 16 - mkdir -p $out/bin 17 - # Make it work for kernels 3.x, not so different than 2.6 18 - sed -i 's/2\.6/4.0/' system_health.py 19 - cp system_health.py $out/bin 20 - ''; 21 - }; 22 - 23 - rrdDir = "/var/lib/health/rrd"; 24 - htmlDir = "/var/lib/health/html"; 25 - 26 - configFile = rrdDir + "/.syshealthrc"; 27 - # The program will try to read $HOME/.syshealthrc, so we set the proper home. 28 - command = "HOME=${rrdDir} ${systemhealth}/bin/system_health.py"; 29 - 30 - cronJob = '' 31 - */5 * * * * wwwrun ${command} --log 32 - 5 * * * * wwwrun ${command} --graph 33 - ''; 34 - 35 - nameEqualName = s: "${s} = ${s}"; 36 - interfacesSection = concatStringsSep "\n" (map nameEqualName cfg.interfaces); 37 - 38 - driveLine = d: "${d.path} = ${d.name}"; 39 - drivesSection = concatStringsSep "\n" (map driveLine cfg.drives); 40 - 41 - in 42 - { 43 - options = { 44 - services.systemhealth = { 45 - enable = mkOption { 46 - default = false; 47 - description = '' 48 - Enable the system health monitor and its generation of graphs. 49 - ''; 50 - }; 51 - 52 - urlPrefix = mkOption { 53 - default = "/health"; 54 - description = '' 55 - The URL prefix under which the System Health web pages appear in httpd. 56 - ''; 57 - }; 58 - 59 - interfaces = mkOption { 60 - default = [ "lo" ]; 61 - example = [ "lo" "eth0" "eth1" ]; 62 - description = '' 63 - Interfaces to monitor (minimum one). 64 - ''; 65 - }; 66 - 67 - drives = mkOption { 68 - default = [ ]; 69 - example = [ { name = "root"; path = "/"; } ]; 70 - description = '' 71 - Drives to monitor. 72 - ''; 73 - }; 74 - }; 75 - }; 76 - 77 - config = mkIf cfg.enable { 78 - services.cron.systemCronJobs = [ cronJob ]; 79 - 80 - system.activationScripts.systemhealth = stringAfter [ "var" ] 81 - '' 82 - mkdir -p ${rrdDir} ${htmlDir} 83 - chown wwwrun:wwwrun ${rrdDir} ${htmlDir} 84 - 85 - cat >${configFile} << EOF 86 - [paths] 87 - rrdtool = ${pkgs.rrdtool}/bin/rrdtool 88 - loadavg_rrd = loadavg 89 - ps = /run/current-system/sw/bin/ps 90 - df = /run/current-system/sw/bin/df 91 - meminfo_rrd = meminfo 92 - uptime_rrd = uptime 93 - rrd_path = ${rrdDir} 94 - png_path = ${htmlDir} 95 - 96 - [processes] 97 - 98 - [interfaces] 99 - ${interfacesSection} 100 - 101 - [drives] 102 - ${drivesSection} 103 - 104 - [graphs] 105 - width = 400 106 - time = ['-3hours', '-32hours', '-8days', '-5weeks', '-13months'] 107 - height = 100 108 - 109 - [external] 110 - 111 - EOF 112 - 113 - chown wwwrun:wwwrun ${configFile} 114 - 115 - ${pkgs.su}/bin/su -s "/bin/sh" -c "${command} --check" wwwrun 116 - ${pkgs.su}/bin/su -s "/bin/sh" -c "${command} --html" wwwrun 117 - ''; 118 - 119 - services.httpd.extraSubservices = [ 120 - { function = f: { 121 - extraConfig = '' 122 - Alias ${cfg.urlPrefix} ${htmlDir} 123 - 124 - <Directory ${htmlDir}> 125 - Order allow,deny 126 - Allow from all 127 - </Directory> 128 - ''; 129 - }; 130 - } 131 - ]; 132 - }; 133 - }
···
+18 -23
nixos/tests/php-pcre.nix
··· 8 services.httpd = { 9 enable = true; 10 adminAddr = "please@dont.contact"; 11 - extraSubservices = lib.singleton { 12 - function = f: { 13 - enablePHP = true; 14 - phpOptions = "pcre.jit = true"; 15 16 - extraConfig = 17 - let 18 - testRoot = pkgs.writeText "index.php" 19 - '' 20 - <?php 21 - preg_match('/(${testString})/', '${testString}', $result); 22 - var_dump($result); 23 - ?> 24 - ''; 25 - in 26 - '' 27 - Alias / ${testRoot}/ 28 - 29 - <Directory ${testRoot}> 30 - Require all granted 31 - </Directory> 32 - ''; 33 - }; 34 - }; 35 }; 36 }; 37 testScript = { ... }:
··· 8 services.httpd = { 9 enable = true; 10 adminAddr = "please@dont.contact"; 11 + enablePHP = true; 12 + phpOptions = "pcre.jit = true"; 13 + extraConfig = 14 + let 15 + testRoot = pkgs.writeText "index.php" 16 + '' 17 + <?php 18 + preg_match('/(${testString})/', '${testString}', $result); 19 + var_dump($result); 20 + ?> 21 + ''; 22 + in 23 + '' 24 + Alias / ${testRoot}/ 25 26 + <Directory ${testRoot}> 27 + Require all granted 28 + </Directory> 29 + ''; 30 }; 31 }; 32 testScript = { ... }:
-121
nixos/tests/subversion.nix
··· 1 - import ./make-test.nix ({ pkgs, ...} : 2 - 3 - let 4 - 5 - # Build some packages with coverage instrumentation. 6 - overrides = pkgs: 7 - with pkgs.stdenvAdapters; 8 - let 9 - do = pkg: pkg.override (args: { 10 - stdenv = addCoverageInstrumentation args.stdenv; 11 - }); 12 - in 13 - rec { 14 - apr = do pkgs.apr; 15 - aprutil = do pkgs.aprutil; 16 - apacheHttpd = do pkgs.apacheHttpd; 17 - mod_python = do pkgs.mod_python; 18 - subversion = do pkgs.subversion; 19 - 20 - # To build the kernel with coverage instrumentation, we need a 21 - # special patch to make coverage data available under /proc. 22 - linux = pkgs.linux.override (orig: { 23 - stdenv = overrideInStdenv pkgs.stdenv [ pkgs.keepBuildTree ]; 24 - extraConfig = 25 - '' 26 - GCOV_KERNEL y 27 - GCOV_PROFILE_ALL y 28 - ''; 29 - }); 30 - }; 31 - 32 - in 33 - 34 - { 35 - name = "subversion"; 36 - meta = with pkgs.stdenv.lib.maintainers; { 37 - maintainers = [ eelco ]; 38 - }; 39 - 40 - nodes = 41 - { webserver = 42 - { ... }: 43 - 44 - { 45 - services.httpd.enable = true; 46 - services.httpd.adminAddr = "e.dolstra@tudelft.nl"; 47 - services.httpd.extraSubservices = 48 - [ { function = import <services/subversion>; 49 - urlPrefix = ""; 50 - dataDir = "/data/subversion"; 51 - userCreationDomain = "192.168.0.0/16"; 52 - } 53 - ]; 54 - nixpkgs.config.packageOverrides = overrides; 55 - }; 56 - 57 - client = 58 - { pkgs, ... }: 59 - 60 - { 61 - environment.systemPackages = [ pkgs.subversion ]; 62 - nixpkgs.config.packageOverrides = overrides; 63 - }; 64 - 65 - }; 66 - 67 - testScript = 68 - '' 69 - startAll; 70 - 71 - $webserver->waitForOpenPort(80); 72 - 73 - print STDERR $client->succeed("svn --version"); 74 - 75 - print STDERR $client->succeed("curl --fail http://webserver/"); 76 - 77 - # Create a new user through the web interface. 78 - $client->succeed("curl --fail -F username=alice -F fullname='Alice Lastname' -F address=alice\@example.org -F password=foobar -F password_again=foobar http://webserver/repoman/adduser"); 79 - 80 - # Let Alice create a new repository. 81 - $client->succeed("curl --fail -u alice:foobar --form repo=xyzzy --form description=Xyzzy http://webserver/repoman/create"); 82 - 83 - $client->succeed("curl --fail http://webserver/") =~ /alice/ or die; 84 - 85 - # Let Alice do a checkout. 86 - my $svnFlags = "--non-interactive --username alice --password foobar"; 87 - $client->succeed("svn co $svnFlags http://webserver/repos/xyzzy wc"); 88 - $client->succeed("echo hello > wc/world"); 89 - $client->succeed("svn add wc/world"); 90 - $client->succeed("svn ci $svnFlags -m 'Added world.' wc/world"); 91 - 92 - # Create a new user on the server through the create-user.pl script. 93 - $webserver->execute("svn-server-create-user.pl bob bob\@example.org Bob"); 94 - $webserver->succeed("svn-server-resetpw.pl bob fnord"); 95 - $client->succeed("curl --fail http://webserver/") =~ /bob/ or die; 96 - 97 - # Bob should not have access to the repo. 98 - my $svnFlagsBob = "--non-interactive --username bob --password fnord"; 99 - $client->fail("svn co $svnFlagsBob http://webserver/repos/xyzzy wc2"); 100 - 101 - # Bob should not be able change the ACLs of the repo. 102 - # !!! Repoman should really return a 403 here. 103 - $client->succeed("curl --fail -u bob:fnord -F description=Xyzzy -F readers=alice,bob -F writers=alice -F watchers= -F tardirs= http://webserver/repoman/update/xyzzy") 104 - =~ /not authorised/ or die; 105 - 106 - # Give Bob access. 107 - $client->succeed("curl --fail -u alice:foobar -F description=Xyzzy -F readers=alice,bob -F writers=alice -F watchers= -F tardirs= http://webserver/repoman/update/xyzzy"); 108 - 109 - # So now his checkout should succeed. 110 - $client->succeed("svn co $svnFlagsBob http://webserver/repos/xyzzy wc2"); 111 - 112 - # Test ViewVC and WebSVN 113 - $client->succeed("curl --fail -u alice:foobar http://webserver/viewvc/xyzzy"); 114 - $client->succeed("curl --fail -u alice:foobar http://webserver/websvn/xyzzy"); 115 - $client->succeed("curl --fail -u alice:foobar http://webserver/repos-xml/xyzzy"); 116 - 117 - # Stop Apache to gather all the coverage data. 118 - $webserver->stopJob("httpd"); 119 - ''; 120 - 121 - })
···