Create abstraction function for Apache Tomcat providing the DisnixWebService, improve dbus service integration
This commit is contained in:
parent
72a510c26b
commit
df31224348
|
@ -30,7 +30,7 @@ rec {
|
|||
|
||||
dbus-daemon = {
|
||||
pkg = constructors.dbus-daemon {
|
||||
packages = [ pkgs.disnix ];
|
||||
services = [ disnix-service ];
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -30,7 +30,7 @@ rec {
|
|||
|
||||
dbus-daemon = {
|
||||
pkg = constructors.dbus-daemon {
|
||||
packages = [ pkgs.disnix ];
|
||||
services = [ disnix-service ];
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -0,0 +1,52 @@
|
|||
{ pkgs ? import <nixpkgs> { inherit system; }
|
||||
, system ? builtins.currentSystem
|
||||
, stateDir ? "/var"
|
||||
, runtimeDir ? "${stateDir}/run"
|
||||
, logDir ? "${stateDir}/log"
|
||||
, spoolDir ? "${stateDir}/spool"
|
||||
, cacheDir ? "${stateDir}/cache"
|
||||
, tmpDir ? (if stateDir == "/var" then "/tmp" else "${stateDir}/tmp")
|
||||
, forceDisableUserChange ? false
|
||||
, processManager
|
||||
}:
|
||||
|
||||
let
|
||||
constructors = import ../../services-agnostic/constructors.nix {
|
||||
inherit pkgs stateDir runtimeDir logDir tmpDir cacheDir spoolDir forceDisableUserChange processManager;
|
||||
};
|
||||
|
||||
containerProviderConstructors = import ../../service-containers-agnostic/constructors.nix {
|
||||
inherit pkgs stateDir runtimeDir logDir tmpDir cacheDir spoolDir forceDisableUserChange processManager;
|
||||
};
|
||||
in
|
||||
rec {
|
||||
sshd = {
|
||||
pkg = constructors.sshd {
|
||||
extraSSHDConfig = ''
|
||||
UsePAM yes
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
dbus-daemon = {
|
||||
pkg = constructors.dbus-daemon {
|
||||
services = [ disnix-service ];
|
||||
};
|
||||
};
|
||||
|
||||
tomcat = containerProviderConstructors.disnixAppservingTomcat {
|
||||
webapps = [
|
||||
pkgs.tomcat9.webapps # Include the Tomcat example and management applications
|
||||
];
|
||||
};
|
||||
|
||||
mysql = containerProviderConstructors.mysql {};
|
||||
|
||||
disnix-service = {
|
||||
pkg = constructors.disnix-service {
|
||||
inherit dbus-daemon;
|
||||
containerProviders = [ tomcat mysql ];
|
||||
authorizedUsers = [ tomcat.name ];
|
||||
};
|
||||
};
|
||||
}
|
|
@ -0,0 +1,15 @@
|
|||
{tomcatConstructorFun, lib, tomcat, libmatthew_java, dbus_java, DisnixWebService, dysnomia, stateDir}:
|
||||
|
||||
args:
|
||||
|
||||
import ./simple-appserving-tomcat.nix {
|
||||
inherit tomcatConstructorFun lib tomcat dysnomia stateDir;
|
||||
} (args // {
|
||||
javaOpts = lib.optionalString (args ? javaOpts) "${args.javaOpts} " + "-Djava.library.path=${libmatthew_java}/lib/jni";
|
||||
sharedLibs = args.sharedLibs or [] ++ [
|
||||
"${DisnixWebService}/share/java/DisnixConnection.jar"
|
||||
"${dbus_java}/share/java/dbus.jar"
|
||||
];
|
||||
webapps = args.webapps or [ tomcat.webapps ]
|
||||
++ [ DisnixWebService ];
|
||||
})
|
|
@ -1,11 +1,15 @@
|
|||
{tomcatConstructorFun, lib, dysnomia, stateDir}:
|
||||
{tomcatConstructorFun, lib, tomcat, dysnomia, stateDir}:
|
||||
|
||||
{ instanceSuffix ? ""
|
||||
, instanceName ? "tomcat${instanceSuffix}"
|
||||
, containerName ? "tomcat-webapplication${instanceSuffix}"
|
||||
, serverPort ? 8005
|
||||
, httpPort ? 8080, httpsPort ? 8443, ajpPort ? 8009
|
||||
, javaOpts ? ""
|
||||
, catalinaOpts ? ""
|
||||
, commonLibs ? []
|
||||
, sharedLibs ? []
|
||||
, webapps ? [ tomcat.webapps ]
|
||||
, type ? null
|
||||
, properties ? {}
|
||||
}:
|
||||
|
@ -14,7 +18,7 @@ let
|
|||
catalinaBaseDir = "${stateDir}/${instanceName}";
|
||||
|
||||
pkg = tomcatConstructorFun {
|
||||
inherit instanceName serverPort httpPort httpsPort ajpPort commonLibs;
|
||||
inherit instanceName serverPort httpPort httpsPort ajpPort javaOpts catalinaOpts commonLibs sharedLibs webapps;
|
||||
|
||||
postInstall = ''
|
||||
# Add Dysnomia container configuration file for a Tomcat web application
|
||||
|
|
|
@ -28,7 +28,16 @@ in
|
|||
|
||||
simpleAppservingTomcat = import ./apache-tomcat/simple-appserving-tomcat.nix {
|
||||
inherit stateDir;
|
||||
inherit (pkgs) lib;
|
||||
inherit (pkgs) lib tomcat;
|
||||
tomcatConstructorFun = constructors.simpleAppservingTomcat;
|
||||
dysnomia = pkgs.dysnomia.override (origArgs: {
|
||||
enableTomcatWebApplication = true;
|
||||
});
|
||||
};
|
||||
|
||||
disnixAppservingTomcat = import ./apache-tomcat/disnix-appserving-tomcat.nix {
|
||||
inherit stateDir;
|
||||
inherit (pkgs) lib tomcat libmatthew_java dbus_java DisnixWebService;
|
||||
tomcatConstructorFun = constructors.simpleAppservingTomcat;
|
||||
dysnomia = pkgs.dysnomia.override (origArgs: {
|
||||
enableTomcatWebApplication = true;
|
||||
|
|
|
@ -1,5 +1,13 @@
|
|||
{createManagedProcess, lib, tomcat, jre, stateDir, runtimeDir, tmpDir, forceDisableUserChange, commonLibs ? []}:
|
||||
{instanceSuffix ? "", instanceName ? "tomcat${instanceSuffix}", tomcatConfigFiles, postInstall ? ""}:
|
||||
{createManagedProcess, lib, tomcat, jre, stateDir, runtimeDir, tmpDir, forceDisableUserChange}:
|
||||
|
||||
{ instanceSuffix ? ""
|
||||
, instanceName ? "tomcat${instanceSuffix}"
|
||||
, tomcatConfigFiles
|
||||
, javaOpts ? ""
|
||||
, catalinaOpts ? ""
|
||||
, commonLibs ? []
|
||||
, postInstall ? ""
|
||||
}:
|
||||
|
||||
let
|
||||
baseDir = "${stateDir}/${instanceName}";
|
||||
|
@ -15,6 +23,8 @@ createManagedProcess rec {
|
|||
args = [ "run" ];
|
||||
environment = {
|
||||
JRE_HOME = jre;
|
||||
JAVA_OPTS = javaOpts;
|
||||
CATALINA_OPTS = catalinaOpts;
|
||||
CATALINA_TMPDIR = tmpDir;
|
||||
CATALINA_BASE = baseDir;
|
||||
CATALINA_PID = pidFile;
|
||||
|
@ -36,7 +46,7 @@ createManagedProcess rec {
|
|||
if [ -f "$i" ]
|
||||
then
|
||||
# If the given web application is a file, symlink it into the common/lib/ directory
|
||||
ln -sfn $i ${baseDir}/lib/$(basename $i)
|
||||
ln -sfn "$i" ${baseDir}/lib/$(basename "$i")
|
||||
elif [ -d "$i" ]
|
||||
then
|
||||
# If the given web application is a directory, then iterate over the files
|
||||
|
@ -44,7 +54,7 @@ createManagedProcess rec {
|
|||
|
||||
for j in $i/lib/*
|
||||
do
|
||||
ln -sfn $j ${baseDir}/lib/$(basename $j)
|
||||
ln -sfn "$j" ${baseDir}/lib/$(basename "$j")
|
||||
done
|
||||
fi
|
||||
done
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{createManagedProcess, stdenv, tomcat, jre, stateDir, runtimeDir, tmpDir, forceDisableUserChange}:
|
||||
{createManagedProcess, stdenv, lib, tomcat, jre, stateDir, runtimeDir, tmpDir, forceDisableUserChange}:
|
||||
|
||||
{ instanceSuffix ? ""
|
||||
, instanceName ? "tomcat${instanceSuffix}"
|
||||
|
@ -6,7 +6,11 @@
|
|||
, httpPort ? 8080
|
||||
, httpsPort ? 8443
|
||||
, ajpPort ? 8009
|
||||
, javaOpts ? ""
|
||||
, catalinaOpts ? ""
|
||||
, commonLibs ? []
|
||||
, sharedLibs ? []
|
||||
, webapps ? [ tomcat.webapps ]
|
||||
, postInstall ? ""
|
||||
}:
|
||||
|
||||
|
@ -17,6 +21,7 @@ let
|
|||
mkdir -p $out
|
||||
cd $out
|
||||
|
||||
# Generate Tomcat configuration
|
||||
mkdir conf
|
||||
cp ${tomcat}/conf/* conf
|
||||
sed -i \
|
||||
|
@ -26,13 +31,64 @@ let
|
|||
-e 's|<Connector port="8009" protocol="AJP/1.3"|<Connector port="${toString ajpPort}" protocol="AJP/1.3"|' \
|
||||
conf/server.xml
|
||||
|
||||
mkdir webapps
|
||||
cp -av ${tomcat.webapps}/webapps/* webapps
|
||||
# Create a modified catalina.properties file
|
||||
# Change all references from CATALINA_HOME to CATALINA_BASE to support loading files from our mutable state directory
|
||||
# and add support for shared libraries
|
||||
chmod 644 conf/catalina.properties
|
||||
sed -i \
|
||||
-e 's|''${catalina.home}|''${catalina.base}|g' \
|
||||
-e 's|shared.loader=|shared.loader=''${catalina.base}/shared/lib/*.jar|' \
|
||||
conf/catalina.properties
|
||||
|
||||
# Symlink all shared libraries
|
||||
${lib.optionalString (sharedLibs != []) ''
|
||||
mkdir -p shared/lib
|
||||
|
||||
for i in ${toString sharedLibs}
|
||||
do
|
||||
if [ -f "$i" ]
|
||||
then
|
||||
ln -sfn "$i" shared/lib
|
||||
elif [ -d "$i" ]
|
||||
then
|
||||
for j in $i/shared/lib/*
|
||||
do
|
||||
ln -sfn $i/shared/lib/$(basename "$j") shared/lib
|
||||
done
|
||||
fi
|
||||
done
|
||||
''}
|
||||
|
||||
# Symlink all configured webapps
|
||||
mkdir -p webapps
|
||||
for i in ${toString webapps}
|
||||
do
|
||||
if [ -f "$i" ]
|
||||
then
|
||||
ln -sfn "$i" webapps
|
||||
elif [ -d "$i" ]
|
||||
then
|
||||
for j in $i/webapps/*
|
||||
do
|
||||
ln -sfn $i/webapps/$(basename "$j") webapps
|
||||
|
||||
# Also symlink the configuration files if they are included
|
||||
if [ -d $i/conf/Catalina ]
|
||||
then
|
||||
for j in $i/conf/Catalina/*
|
||||
do
|
||||
mkdir -p $out/conf/Catalina/localhost
|
||||
ln -sfn $j $out/conf/Catalina/localhost/`basename $j`
|
||||
done
|
||||
fi
|
||||
done
|
||||
fi
|
||||
done
|
||||
'';
|
||||
};
|
||||
in
|
||||
import ./default.nix {
|
||||
inherit createManagedProcess stdenv tomcat jre stateDir runtimeDir tmpDir forceDisableUserChange commonLibs;
|
||||
inherit createManagedProcess lib tomcat jre stateDir runtimeDir tmpDir forceDisableUserChange;
|
||||
} {
|
||||
inherit tomcatConfigFiles instanceName postInstall;
|
||||
inherit tomcatConfigFiles instanceName javaOpts catalinaOpts commonLibs postInstall;
|
||||
}
|
||||
|
|
|
@ -41,7 +41,7 @@ in
|
|||
|
||||
simpleAppservingTomcat = import ./apache-tomcat/simple-appserving-tomcat.nix {
|
||||
inherit createManagedProcess stateDir runtimeDir tmpDir forceDisableUserChange;
|
||||
inherit (pkgs) stdenv;
|
||||
inherit (pkgs) stdenv lib;
|
||||
jre = pkgs.jre8;
|
||||
tomcat = pkgs.tomcat9;
|
||||
};
|
||||
|
@ -53,7 +53,7 @@ in
|
|||
|
||||
disnix-service = import ./disnix-service {
|
||||
inherit createManagedProcess processManager nix-processmgmt;
|
||||
inherit (pkgs) stdenv lib writeTextFile nix disnix dysnomia inetutils;
|
||||
inherit (pkgs) stdenv lib writeTextFile nix disnix dysnomia inetutils findutils;
|
||||
};
|
||||
|
||||
docker = import ./docker {
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
{createManagedProcess, lib, writeTextFile, dbus, stateDir, runtimeDir}:
|
||||
{extraConfig ? "", packages ? []}:
|
||||
{extraConfig ? "", busType ? "system", services ? []}:
|
||||
|
||||
let
|
||||
user = "messagebus";
|
||||
|
@ -15,7 +15,7 @@ let
|
|||
|
||||
<busconfig>
|
||||
<!-- Our well-known bus type, do not change this -->
|
||||
<type>system</type>
|
||||
<type>${busType}</type>
|
||||
|
||||
<!-- Run as special user -->
|
||||
<user>${user}</user>
|
||||
|
@ -82,11 +82,15 @@ let
|
|||
</policy>
|
||||
|
||||
<!-- Generate service and include directories for each package -->
|
||||
${lib.concatMapStrings (package: ''
|
||||
<servicedir>${package}/share/dbus-1/system-services</servicedir>
|
||||
<includedir>${package}/etc/dbus-1/system.d</includedir>
|
||||
<includedir>${package}/share/dbus-1/system.d</includedir>
|
||||
'') packages}
|
||||
${lib.concatMapStrings (service:
|
||||
let
|
||||
inherit (service) pkg;
|
||||
in
|
||||
''
|
||||
<servicedir>${pkg}/share/dbus-1/system-services</servicedir>
|
||||
<includedir>${pkg}/etc/dbus-1/system.d</includedir>
|
||||
<includedir>${pkg}/share/dbus-1/system.d</includedir>
|
||||
'') services}
|
||||
|
||||
<!-- Extra configuration options -->
|
||||
${extraConfig}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{createManagedProcess, stdenv, lib, writeTextFile, nix, disnix, dysnomia, inetutils, processManager, nix-processmgmt}:
|
||||
{createManagedProcess, stdenv, lib, writeTextFile, nix, disnix, dysnomia, inetutils, findutils, processManager, nix-processmgmt}:
|
||||
|
||||
{ dbus-daemon ? null
|
||||
, dysnomiaProperties ? {}
|
||||
|
@ -6,6 +6,7 @@
|
|||
, containerProviders ? []
|
||||
, extraDysnomiaContainersPath ? []
|
||||
, processManagerContainerSettings ? {}
|
||||
, authorizedUsers ? []
|
||||
}:
|
||||
|
||||
let
|
||||
|
@ -21,7 +22,7 @@ in
|
|||
createManagedProcess {
|
||||
name = "disnix-service";
|
||||
process = "${disnix}/bin/disnix-service";
|
||||
path = [ nix dysnomiaPkg disnix inetutils ];
|
||||
path = [ nix dysnomiaPkg disnix inetutils findutils ];
|
||||
environment = import ./dysnomia-env.nix {
|
||||
inherit stdenv lib writeTextFile nix-processmgmt processManager dysnomiaProperties dysnomiaContainers containerProviders extraDysnomiaContainersPath processManagerContainerSettings;
|
||||
};
|
||||
|
@ -40,4 +41,39 @@ createManagedProcess {
|
|||
runlevels = [ 2 3 4 5 ];
|
||||
};
|
||||
};
|
||||
|
||||
# Add dbus service configuration file
|
||||
postInstall = ''
|
||||
mkdir -p $out/share/dbus-1/system.d
|
||||
cat > $out/share/dbus-1/system.d/disnix.conf <<EOF
|
||||
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
|
||||
<busconfig>
|
||||
<policy user="root">
|
||||
<allow own="org.nixos.disnix.Disnix"/>
|
||||
<allow send_destination="org.nixos.disnix.Disnix"/>
|
||||
<allow send_interface="org.nixos.disnix.Disnix"/>
|
||||
</policy>
|
||||
|
||||
<policy group="disnix">
|
||||
<deny own="org.nixos.disnix.Disnix"/>
|
||||
<allow send_destination="org.nixos.disnix.Disnix"/>
|
||||
<allow send_interface="org.nixos.disnix.Disnix"/>
|
||||
</policy>
|
||||
|
||||
<policy context="default">
|
||||
<deny own="org.nixos.disnix.Disnix"/>
|
||||
<deny send_destination="org.nixos.disnix.Disnix"/>
|
||||
<deny send_interface="org.nixos.disnix.Disnix"/>
|
||||
</policy>
|
||||
|
||||
${lib.concatMapStrings (authorizedUser: ''
|
||||
<policy user="${authorizedUser}">
|
||||
<allow own="org.nixos.disnix.Disnix"/>
|
||||
<allow send_destination="org.nixos.disnix.Disnix"/>
|
||||
<allow send_interface="org.nixos.disnix.Disnix"/>
|
||||
</policy>
|
||||
'') authorizedUsers}
|
||||
</busconfig>
|
||||
EOF
|
||||
'';
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue