Compare commits
10 Commits
4ca919bced
...
8c504a5f0d
Author | SHA1 | Date |
---|---|---|
Emery Hemingway | 8c504a5f0d | |
Sander van der Burg | 8639182fa4 | |
Sander van der Burg | 479afcda26 | |
Sander van der Burg | 80e510ab58 | |
Sander van der Burg | 2a5fc3449d | |
Sander van der Burg | 06b1f460a6 | |
Sander van der Burg | 364cdea9e2 | |
Sander van der Burg | fc920c4556 | |
Sander van der Burg | 465225cc62 | |
Sander van der Burg | c3f8ac395e |
|
@ -1,4 +1,4 @@
|
|||
{tomcatConstructorFun, lib, tomcat, libmatthew_java, dbus_java, DisnixWebService, dysnomia, stateDir}:
|
||||
{tomcatConstructorFun, lib, tomcat, libmatthew_java, dbus_java, DisnixWebService, dysnomia, stateDir, processManager}:
|
||||
|
||||
{dbus-daemon, ...}@args:
|
||||
|
||||
|
@ -14,5 +14,8 @@ import ./simple-appserving-tomcat.nix {
|
|||
"${dbus_java}/share/java/dbus.jar"
|
||||
];
|
||||
webapps = instanceArgs.webapps or [ tomcat.webapps ] ++ [ DisnixWebService ];
|
||||
dependencies = instanceArgs.dependencies or [] ++ [ dbus-daemon.pkg ];
|
||||
dependencies = instanceArgs.dependencies or []
|
||||
# If we use systemd, we should not add dbus-daemon as a dependency. It causes infinite recursion.
|
||||
# Moreover, since D-Bus is already enabled for systemd, there is no reason to wait for it anyway.
|
||||
++ lib.optional (dbus-daemon != null && processManager != "systemd") dbus-daemon.pkg;
|
||||
})
|
||||
|
|
|
@ -38,7 +38,7 @@ in
|
|||
};
|
||||
|
||||
disnixAppservingTomcat = import ./apache-tomcat/disnix-appserving-tomcat.nix {
|
||||
inherit stateDir;
|
||||
inherit stateDir processManager;
|
||||
inherit (pkgs) lib libmatthew_java dbus_java DisnixWebService;
|
||||
tomcat = pkgs.tomcat9;
|
||||
tomcatConstructorFun = constructors.simpleAppservingTomcat;
|
||||
|
@ -89,6 +89,15 @@ in
|
|||
});
|
||||
};
|
||||
|
||||
simplePostgresql = import ./postgresql/simplepostgresql.nix {
|
||||
inherit runtimeDir;
|
||||
inherit (pkgs) lib;
|
||||
postgresqlConstructorFun = constructors.simplePostgresql;
|
||||
dysnomia = pkgs.dysnomia.override (origArgs: {
|
||||
enablePostgreSQLDatabase = true;
|
||||
});
|
||||
};
|
||||
|
||||
extendableSupervisord = import ./supervisord/extendable.nix {
|
||||
inherit libDir;
|
||||
inherit (pkgs) lib;
|
||||
|
|
|
@ -30,6 +30,7 @@ in
|
|||
rec {
|
||||
name = instanceName;
|
||||
postgresqlPort = port;
|
||||
postgresqlRuntimeDir = "${runtimeDir}/${instanceName}";
|
||||
postgresqlUsername = username;
|
||||
|
||||
inherit pkg;
|
||||
|
|
|
@ -0,0 +1,45 @@
|
|||
{postgresqlConstructorFun, lib, dysnomia, runtimeDir}:
|
||||
|
||||
{ instanceSuffix ? "", instanceName ? "postgresql${instanceSuffix}"
|
||||
, containerName ? "postgresql-database${instanceSuffix}"
|
||||
, port ? 5432
|
||||
, authentication ? null
|
||||
, identMap ? null
|
||||
, enableTCPIP ? false
|
||||
, settings ? {}
|
||||
, type ? null
|
||||
, properties ? {}
|
||||
}:
|
||||
|
||||
let
|
||||
username = instanceName;
|
||||
|
||||
pkg = postgresqlConstructorFun {
|
||||
inherit instanceName instanceSuffix port authentication identMap enableTCPIP settings;
|
||||
postInstall = ''
|
||||
# Add Dysnomia container configuration file for PostgreSQL
|
||||
mkdir -p $out/etc/dysnomia/containers
|
||||
cat > $out/etc/dysnomia/containers/${containerName} <<EOF
|
||||
postgresqlPort=${toString port}
|
||||
postgresqlRuntimeDir=${runtimeDir}/${instanceName}
|
||||
postgresqlUsername=${username}
|
||||
EOF
|
||||
|
||||
# Copy the Dysnomia module that manages a PostgreSQL database
|
||||
mkdir -p $out/libexec/dysnomia
|
||||
ln -s ${dysnomia}/libexec/dysnomia/postgresql-database $out/libexec/dysnomia
|
||||
'';
|
||||
};
|
||||
in
|
||||
rec {
|
||||
name = instanceName;
|
||||
postgresqlPort = port;
|
||||
postgresqlRuntimeDir = "${runtimeDir}/${instanceName}";
|
||||
postgresqlUsername = username;
|
||||
|
||||
inherit pkg;
|
||||
|
||||
providesContainer = containerName;
|
||||
} // lib.optionalAttrs (type != null) {
|
||||
inherit type;
|
||||
} // properties
|
|
@ -0,0 +1,14 @@
|
|||
{createManagedProcess, util-linux}:
|
||||
{port, instanceName ? "agetty-${port}", baudrate ? 9600, extraOptions ? []}:
|
||||
|
||||
createManagedProcess {
|
||||
inherit instanceName;
|
||||
foregroundProcess = "${util-linux}/bin/agetty";
|
||||
args = extraOptions ++ [ port baudrate ];
|
||||
|
||||
overrides = {
|
||||
sysvinit = {
|
||||
runlevels = [ 2 3 4 5 ];
|
||||
};
|
||||
};
|
||||
}
|
|
@ -34,6 +34,9 @@ createManagedProcess {
|
|||
};
|
||||
|
||||
overrides = {
|
||||
synit = {
|
||||
depends-on = [ "<service-state <milestone network> up>>" ];
|
||||
};
|
||||
sysvinit = {
|
||||
runlevels = [ 3 4 5 ];
|
||||
};
|
||||
|
|
|
@ -15,6 +15,11 @@
|
|||
}:
|
||||
|
||||
let
|
||||
phpPackage = php.override {
|
||||
apxs2Support = true;
|
||||
inherit apacheHttpd;
|
||||
};
|
||||
|
||||
user = instanceName;
|
||||
group = instanceName;
|
||||
|
||||
|
@ -51,8 +56,8 @@ let
|
|||
preferLocalBuild = true;
|
||||
}
|
||||
''
|
||||
cat ${php}/etc/php.ini > $out
|
||||
cat ${php.phpIni} > $out
|
||||
cat ${phpPackage}/etc/php.ini > $out
|
||||
cat ${phpPackage.phpIni} > $out
|
||||
'';
|
||||
in
|
||||
import ./default.nix {
|
||||
|
@ -106,7 +111,7 @@ import ./default.nix {
|
|||
'' else throw "Unknown type for module!"
|
||||
) modules}
|
||||
${lib.optionalString enablePHP ''
|
||||
LoadModule php7_module ${php}/modules/libphp7.so
|
||||
LoadModule php_module ${phpPackage}/modules/libphp.so
|
||||
''}
|
||||
|
||||
ServerAdmin ${serverAdmin}
|
||||
|
|
|
@ -169,13 +169,13 @@ in
|
|||
|
||||
supervisord = import ./supervisord {
|
||||
inherit createManagedProcess runtimeDir logDir;
|
||||
inherit (pkgs.pythonPackages) supervisor;
|
||||
inherit (pkgs.python3Packages) supervisor;
|
||||
};
|
||||
|
||||
extendableSupervisord = import ./supervisord/extendable.nix {
|
||||
inherit createManagedProcess libDir runtimeDir logDir;
|
||||
inherit (pkgs) writeTextFile;
|
||||
inherit (pkgs.pythonPackages) supervisor;
|
||||
inherit (pkgs.python3Packages) supervisor;
|
||||
};
|
||||
|
||||
svnserve = import ./svnserve {
|
||||
|
@ -197,4 +197,19 @@ in
|
|||
inherit createManagedProcess runtimeDir tmpDir libDir forceDisableUserChange callingUser;
|
||||
inherit (pkgs) lib xinetd writeTextFile;
|
||||
};
|
||||
|
||||
vsftpd = import ./vsftpd {
|
||||
inherit createManagedProcess;
|
||||
inherit (pkgs) vsftpd;
|
||||
};
|
||||
|
||||
simpleVsftpd = import ./vsftpd/simple.nix {
|
||||
inherit createManagedProcess forceDisableUserChange logDir libDir callingUser callingGroup;
|
||||
inherit (pkgs) stdenv vsftpd writeTextFile lib;
|
||||
};
|
||||
|
||||
agetty = import ./agetty {
|
||||
inherit createManagedProcess;
|
||||
inherit (pkgs) util-linux;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -39,7 +39,7 @@ let
|
|||
inherit processManager;
|
||||
};
|
||||
|
||||
processManagerContainer = lib.recursiveUpdate (stdenv.lib.optionalAttrs (processManager == "supervisord") {
|
||||
processManagerContainer = lib.recursiveUpdate (lib.optionalAttrs (processManager == "supervisord") {
|
||||
supervisord-program = {
|
||||
supervisordTargetDir = "/etc/supervisor/conf.d";
|
||||
};
|
||||
|
|
|
@ -44,7 +44,7 @@ createManagedProcess {
|
|||
|
||||
if [ "$found" != "1" ]
|
||||
then
|
||||
echo "ERRORDatabase was still not created!" >&2
|
||||
echo "ERROR: Database was still not created!" >&2
|
||||
exit 1
|
||||
fi
|
||||
'';
|
||||
|
|
|
@ -43,6 +43,9 @@ createManagedProcess {
|
|||
};
|
||||
|
||||
overrides = {
|
||||
synit = {
|
||||
depends-on = [ "<service-state <milestone network> up>>" ];
|
||||
};
|
||||
sysvinit = {
|
||||
runlevels = [ 3 4 5 ];
|
||||
};
|
||||
|
|
|
@ -5,6 +5,8 @@
|
|||
, instanceName ? "nginx${instanceSuffix}"
|
||||
, documentRoot ? ../http-server-common/webapp
|
||||
, workerConnections ? 190000
|
||||
, extraConfig ? ""
|
||||
, extraHTTPConfig ? ""
|
||||
}:
|
||||
|
||||
let
|
||||
|
@ -48,7 +50,11 @@ import ./default.nix {
|
|||
listen ${toString port};
|
||||
root ${documentRoot};
|
||||
}
|
||||
|
||||
${extraHTTPConfig}
|
||||
}
|
||||
|
||||
${extraConfig}
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
|
|
@ -70,6 +70,9 @@ createManagedProcess {
|
|||
};
|
||||
|
||||
overrides = {
|
||||
synit = {
|
||||
depends-on = [ "<service-state <milestone network> up>>" ];
|
||||
};
|
||||
sysvinit = {
|
||||
runlevels = [ 3 4 5 ];
|
||||
};
|
||||
|
|
|
@ -26,6 +26,9 @@ createManagedProcess {
|
|||
daemonExtraArgs = [ "--pid-file" pidFile ];
|
||||
|
||||
overrides = {
|
||||
synit = {
|
||||
depends-on = [ "<service-state <milestone network> up>>" ];
|
||||
};
|
||||
sysvinit = {
|
||||
runlevels = [ 3 4 5 ];
|
||||
};
|
||||
|
|
|
@ -0,0 +1,34 @@
|
|||
{createManagedProcess, vsftpd}:
|
||||
{instanceSuffix ? "", instanceName ? "vsftpd${instanceSuffix}", initialize ? "", configFile}:
|
||||
|
||||
let
|
||||
user = instanceName;
|
||||
group = instanceName;
|
||||
in
|
||||
createManagedProcess {
|
||||
inherit instanceName initialize;
|
||||
|
||||
foregroundProcess = "${vsftpd}/bin/vsftpd";
|
||||
args = [ configFile ];
|
||||
|
||||
credentials = {
|
||||
groups = {
|
||||
"${group}" = {};
|
||||
};
|
||||
users = {
|
||||
"${user}" = {
|
||||
inherit group;
|
||||
description = "vsftpd user";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
overrides = {
|
||||
synit = {
|
||||
depends-on = [ "<service-state <milestone network> up>>" ];
|
||||
};
|
||||
sysvinit = {
|
||||
runlevels = [ 3 4 5 ];
|
||||
};
|
||||
};
|
||||
}
|
|
@ -0,0 +1,78 @@
|
|||
{createManagedProcess, stdenv, vsftpd, writeTextFile, lib, logDir, libDir, forceDisableUserChange, callingUser, callingGroup}:
|
||||
|
||||
{ instanceSuffix ? ""
|
||||
, instanceName ? "vsftpd${instanceSuffix}"
|
||||
, dataPort ? 20
|
||||
, listenPort ? dataPort + 1
|
||||
, options ? {}
|
||||
, enableAnonymousUser ? false
|
||||
, anonymousUsername ? "ftp"
|
||||
, anonymousRoot ? if forceDisableUserChange then "/home/${callingUser}" else "/home/${anonymousUsername}"
|
||||
}:
|
||||
|
||||
let
|
||||
user = instanceName;
|
||||
group = instanceName;
|
||||
|
||||
vsftpdLogDir = "${logDir}/${instanceName}";
|
||||
|
||||
configFile = writeTextFile {
|
||||
name = "vsftpd.conf";
|
||||
text =
|
||||
lib.optionalString (stdenv.isLinux) ''
|
||||
seccomp_sandbox=NO
|
||||
''
|
||||
+
|
||||
''
|
||||
vsftpd_log_file=${vsftpdLogDir}/vsftpd.log
|
||||
xferlog_file=${vsftpdLogDir}/xferlog
|
||||
'' +
|
||||
(if forceDisableUserChange then ''
|
||||
run_as_launching_user=YES
|
||||
ftp_username=${callingUser}
|
||||
'' else ''
|
||||
nopriv_user=${user}
|
||||
ftp_username=${if enableAnonymousUser then anonymousUsername else "nobody"}
|
||||
pam_service_name=vsftpd
|
||||
secure_chroot_dir=/var/empty
|
||||
'')
|
||||
+ ''
|
||||
ftp_data_port=${toString dataPort}
|
||||
listen_port=${toString listenPort}
|
||||
''
|
||||
+ lib.optionalString enableAnonymousUser ''
|
||||
anon_root=${anonymousRoot}
|
||||
''
|
||||
+ lib.concatMapStrings (name:
|
||||
let
|
||||
value = builtins.getAttr name options;
|
||||
in
|
||||
"${name}=${toString value}\n"
|
||||
) (builtins.attrNames options);
|
||||
};
|
||||
in
|
||||
import ./default.nix {
|
||||
inherit createManagedProcess vsftpd;
|
||||
} {
|
||||
inherit instanceSuffix instanceName;
|
||||
|
||||
# When running as unprivileged user, we need to make a copy of the config file and make the calling user the owner
|
||||
configFile = if forceDisableUserChange then "${libDir}/${instanceName}/vsftpd.conf" else configFile;
|
||||
|
||||
initialize =
|
||||
''
|
||||
mkdir -p ${vsftpdLogDir}
|
||||
''
|
||||
+
|
||||
# Make the unprivileged user the owner of the config file
|
||||
lib.optionalString forceDisableUserChange
|
||||
(let
|
||||
dynamicConfigFile = "${libDir}/${instanceName}/vsftpd.conf";
|
||||
in
|
||||
''
|
||||
mkdir -p ${libDir}/${instanceName}
|
||||
cp ${configFile} ${dynamicConfigFile}
|
||||
chmod u+w ${dynamicConfigFile}
|
||||
chown ${callingUser}:${callingGroup} ${dynamicConfigFile}
|
||||
'');
|
||||
}
|
|
@ -0,0 +1,9 @@
|
|||
This test is for setting up a connection with a null modem cable that works
|
||||
to link up my PC with my Commodore Amiga 500.
|
||||
|
||||
It cannot be automated with the NixOS test driver, but you can manually deploy
|
||||
it by running the following command as root user:
|
||||
|
||||
```bash
|
||||
nixproc-supervisord-deploy-stateless processes.nix
|
||||
```
|
|
@ -0,0 +1,28 @@
|
|||
{ pkgs ? import <nixpkgs> { inherit system; }
|
||||
, system ? builtins.currentSystem
|
||||
, stateDir ? "/var"
|
||||
, runtimeDir ? "${stateDir}/run"
|
||||
, logDir ? "${stateDir}/log"
|
||||
, spoolDir ? "${stateDir}/spool"
|
||||
, cacheDir ? "${stateDir}/cache"
|
||||
, libDir ? "${stateDir}/lib"
|
||||
, tmpDir ? (if stateDir == "/var" then "/tmp" else "${stateDir}/tmp")
|
||||
, forceDisableUserChange ? false
|
||||
, processManager
|
||||
, nix-processmgmt ? ../../../nix-processmgmt
|
||||
}:
|
||||
|
||||
let
|
||||
constructors = import ../../services-agnostic/constructors.nix {
|
||||
inherit pkgs stateDir runtimeDir logDir tmpDir cacheDir libDir spoolDir forceDisableUserChange processManager nix-processmgmt;
|
||||
};
|
||||
in
|
||||
{
|
||||
agetty-nullmodem = {
|
||||
pkg = constructors.agetty {
|
||||
baudrate = 19200;
|
||||
port = "ttyUSB0";
|
||||
extraOptions = [ "--flow-control" ];
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,6 +1,7 @@
|
|||
{ pkgs, testService, processManagers, profiles, nix-processmgmt }:
|
||||
|
||||
testService {
|
||||
name = "apache-tomcat-ajp-reverse-proxy";
|
||||
exprFile = ./processes.nix;
|
||||
extraParams = {
|
||||
inherit nix-processmgmt;
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
{ pkgs, testService, processManagers, profiles, nix-processmgmt }:
|
||||
|
||||
testService {
|
||||
name = "apache-tomcat";
|
||||
exprFile = ./processes.nix;
|
||||
extraParams = {
|
||||
inherit nix-processmgmt;
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
{ pkgs, testService, processManagers, profiles, nix-processmgmt }:
|
||||
|
||||
testService {
|
||||
name = "apache";
|
||||
exprFile = ./processes.nix;
|
||||
extraParams = {
|
||||
inherit nix-processmgmt;
|
||||
|
@ -13,7 +14,7 @@ testService {
|
|||
|
||||
tests = {instanceName, instance, ...}:
|
||||
''
|
||||
machine.succeed("curl --fail http://localhost:${toString instance.port} | grep 'Hello world!'")
|
||||
machine.succeed("curl --fail http://localhost:${toString instance.port} | grep 'Hello world'")
|
||||
'';
|
||||
|
||||
inherit processManagers profiles;
|
||||
|
|
|
@ -50,7 +50,7 @@ let
|
|||
</head>
|
||||
|
||||
<body>
|
||||
<h1><?php print("Hello world!"); ?></h1>
|
||||
<h1><?php print("Hello world from PHP!"); ?></h1>
|
||||
</body>
|
||||
</html>
|
||||
EOF
|
||||
|
|
|
@ -104,4 +104,8 @@ in
|
|||
xinetd-extendable = import ./xinetd/extendable {
|
||||
inherit pkgs processManagers profiles testService nix-processmgmt;
|
||||
};
|
||||
|
||||
vsftpd = import ./vsftpd {
|
||||
inherit pkgs processManagers profiles testService nix-processmgmt;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -4,6 +4,7 @@ let
|
|||
env = "NIX_PATH='nixpkgs=${<nixpkgs>}' SSH_OPTS='-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' DISNIX_REMOTE_CLIENT=disnix-client";
|
||||
in
|
||||
testService {
|
||||
name = "disnix-with-apache-mysql";
|
||||
exprFile = ../../../example-deployments/disnix/processes-with-apache-mysql.nix;
|
||||
extraParams = {
|
||||
inherit nix-processmgmt;
|
||||
|
|
|
@ -4,6 +4,7 @@ let
|
|||
env = "NIX_PATH='nixpkgs=${<nixpkgs>}' SSH_OPTS='-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' DISNIX_REMOTE_CLIENT=disnix-client";
|
||||
in
|
||||
testService {
|
||||
name = "disnix";
|
||||
exprFile = ../../../example-deployments/disnix/processes-bare.nix;
|
||||
extraParams = {
|
||||
inherit nix-processmgmt;
|
||||
|
|
|
@ -4,6 +4,7 @@ let
|
|||
env = "NIX_PATH='nixpkgs=${<nixpkgs>}' SSH_OPTS='-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' DISNIX_REMOTE_CLIENT=disnix-client";
|
||||
in
|
||||
testService {
|
||||
name = "disnix-with-tomcat-mysql-multi-instance";
|
||||
exprFile = ../../../example-deployments/disnix/processes-with-tomcat-mysql-multi-instance.nix;
|
||||
extraParams = {
|
||||
inherit nix-processmgmt;
|
||||
|
|
|
@ -4,6 +4,7 @@ let
|
|||
env = "NIX_PATH='nixpkgs=${<nixpkgs>}' DISNIX_CLIENT_INTERFACE=disnix-soap-client DISNIX_TARGET_PROPERTY=targetEPR DISNIX_SOAP_CLIENT_USERNAME=admin DISNIX_SOAP_CLIENT_PASSWORD=secret";
|
||||
in
|
||||
testService {
|
||||
name = "disnix-with-tomcat-mysql";
|
||||
exprFile = ../../../example-deployments/disnix/processes-with-tomcat-mysql.nix;
|
||||
extraParams = {
|
||||
inherit nix-processmgmt;
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
{ pkgs, testService, processManagers, profiles, nix-processmgmt }:
|
||||
|
||||
testService {
|
||||
name = "docker";
|
||||
exprFile = ./processes.nix;
|
||||
extraParams = {
|
||||
inherit nix-processmgmt;
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
{ pkgs, testService, processManagers, profiles, nix-processmgmt }:
|
||||
|
||||
testService {
|
||||
name = "fcron";
|
||||
exprFile = ./processes.nix;
|
||||
extraParams = {
|
||||
inherit nix-processmgmt;
|
||||
|
|
|
@ -62,6 +62,7 @@ let
|
|||
};
|
||||
in
|
||||
testService {
|
||||
name = "hydra";
|
||||
exprFile = ../../example-deployments/hydra/processes.nix;
|
||||
extraParams = {
|
||||
inherit nix-processmgmt;
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
{ pkgs, testService, processManagers, profiles, nix-processmgmt }:
|
||||
|
||||
testService {
|
||||
name = "influxdb";
|
||||
exprFile = ./processes.nix;
|
||||
systemPackages = [ pkgs.influxdb ];
|
||||
extraParams = {
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
{ pkgs, testService, processManagers, profiles, nix-processmgmt }:
|
||||
|
||||
testService {
|
||||
name = "mongodb";
|
||||
exprFile = ./processes.nix;
|
||||
systemPackages = [ pkgs.mongodb ];
|
||||
nixosConfig = {
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
{ pkgs, testService, processManagers, profiles, nix-processmgmt }:
|
||||
|
||||
testService {
|
||||
name = "mysql";
|
||||
exprFile = ./processes.nix;
|
||||
extraParams = {
|
||||
inherit nix-processmgmt;
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
{ pkgs, testService, processManagers, profiles, nix-processmgmt }:
|
||||
|
||||
testService {
|
||||
name = "nginx-reverse-proxy-hostbased";
|
||||
exprFile = ./processes.nix;
|
||||
extraParams = {
|
||||
inherit nix-processmgmt;
|
||||
|
|
|
@ -93,7 +93,7 @@ rec {
|
|||
};
|
||||
|
||||
nginx2 = rec {
|
||||
port = if forceDisableUserChange then 8081 else 8080;
|
||||
port = if forceDisableUserChange then 8081 else 81;
|
||||
webapps = [ webapp5 webapp6 ];
|
||||
|
||||
pkg = sharedConstructors.nginxReverseProxyHostBased {
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
{ pkgs, testService, processManagers, profiles, nix-processmgmt }:
|
||||
|
||||
testService {
|
||||
name = "nginx-reverse-proxy-pathbased";
|
||||
exprFile = ./processes.nix;
|
||||
extraParams = {
|
||||
inherit nix-processmgmt;
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
{ pkgs, testService, processManagers, profiles, nix-processmgmt }:
|
||||
|
||||
testService {
|
||||
name = "nginx";
|
||||
exprFile = ./processes.nix;
|
||||
extraParams = {
|
||||
inherit nix-processmgmt;
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
{ pkgs, testService, processManagers, profiles, nix-processmgmt }:
|
||||
|
||||
testService {
|
||||
name = "postgresql";
|
||||
exprFile = ./processes.nix;
|
||||
extraParams = {
|
||||
inherit nix-processmgmt;
|
||||
|
|
|
@ -41,6 +41,7 @@ let
|
|||
};
|
||||
in
|
||||
testService {
|
||||
name = "s6-svscan";
|
||||
exprFile = ./processes.nix;
|
||||
extraParams = {
|
||||
inherit nix-processmgmt;
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
{ pkgs, testService, processManagers, profiles, nix-processmgmt }:
|
||||
|
||||
testService {
|
||||
name = "sshd";
|
||||
exprFile = ./processes.nix;
|
||||
extraParams = {
|
||||
inherit nix-processmgmt;
|
||||
|
@ -32,11 +33,11 @@ testService {
|
|||
# Make a special exception for the first instance running in privileged mode. It should be connectible with the default settings
|
||||
if instanceName == "sshd" && !forceDisableUserChange then ''
|
||||
machine.succeed(
|
||||
"ssh -i key -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no localhost $(type -p ls) /"
|
||||
"ssh -i key -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no localhost $(type -p ls) / >&2"
|
||||
)
|
||||
'' else ''
|
||||
machine.succeed(
|
||||
"${pkgs.lib.optionalString forceDisableUserChange "su unprivileged -c '"}ssh -p ${toString instance.port} -i key -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no localhost $(type -p ls) /${pkgs.lib.optionalString forceDisableUserChange "'"}"
|
||||
"${pkgs.lib.optionalString forceDisableUserChange "su unprivileged -c '"}ssh -p ${toString instance.port} -i key -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no localhost $(type -p ls) /${pkgs.lib.optionalString forceDisableUserChange "'"} >&2"
|
||||
)
|
||||
'';
|
||||
|
||||
|
|
|
@ -26,11 +26,12 @@ let
|
|||
};
|
||||
in
|
||||
testService {
|
||||
name = "supervisord";
|
||||
exprFile = ./processes.nix;
|
||||
extraParams = {
|
||||
inherit nix-processmgmt;
|
||||
};
|
||||
systemPackages = [ pkgs.pythonPackages.supervisor ];
|
||||
systemPackages = [ pkgs.python3Packages.supervisor ];
|
||||
|
||||
readiness = {instanceName, instance, ...}:
|
||||
''
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
{ pkgs, testService, processManagers, profiles, nix-processmgmt }:
|
||||
|
||||
testService {
|
||||
name = "svnserve";
|
||||
exprFile = ./processes.nix;
|
||||
extraParams = {
|
||||
inherit nix-processmgmt;
|
||||
|
|
|
@ -0,0 +1,45 @@
|
|||
{ pkgs, testService, processManagers, profiles, nix-processmgmt }:
|
||||
|
||||
testService {
|
||||
name = "vsftpd";
|
||||
exprFile = ./processes.nix;
|
||||
extraParams = {
|
||||
inherit nix-processmgmt;
|
||||
};
|
||||
|
||||
nixosConfig = {
|
||||
users.users.ftp = {
|
||||
description = "Anonymous FTP user";
|
||||
isNormalUser = true;
|
||||
createHome = true;
|
||||
password = "secret";
|
||||
};
|
||||
};
|
||||
|
||||
systemPackages = [ pkgs.inetutils ];
|
||||
|
||||
readiness = {instanceName, instance, ...}:
|
||||
''
|
||||
machine.wait_for_open_port(${toString instance.listenPort})
|
||||
'';
|
||||
|
||||
tests = {instanceName, instance, forceDisableUserChange, ...}:
|
||||
if forceDisableUserChange then ''
|
||||
machine.succeed("echo test > /home/unprivileged/test.txt")
|
||||
machine.succeed("chown unprivileged:users /home/unprivileged/test.txt")
|
||||
machine.succeed('(echo "user anonymous foobar"; echo "ls") | ftp -n 127.0.0.1 ${toString instance.listenPort} >&2')
|
||||
machine.succeed("curl --fail ftp://anonymous@localhost:${toString instance.listenPort}/test.txt -o test.txt")
|
||||
machine.succeed("grep test test.txt")
|
||||
machine.succeed("rm test.txt")
|
||||
'' else ''
|
||||
machine.succeed("echo test > /home/ftp/test.txt")
|
||||
machine.succeed("chown ftp:users /home/ftp/test.txt")
|
||||
machine.succeed("chmod a-w /home/ftp")
|
||||
machine.succeed('(echo "user anonymous foobar"; echo "ls") | ftp -n 127.0.0.1 ${pkgs.lib.optionalString (instance.listenPort != 21) (toString instance.listenPort)} >&2')
|
||||
machine.succeed("curl -v --fail ftp://anonymous@localhost${pkgs.lib.optionalString (instance.listenPort != 21) ":${toString instance.listenPort}"}/test.txt -o test.txt 2>&1")
|
||||
machine.succeed("grep test test.txt")
|
||||
machine.succeed("rm test.txt")
|
||||
'';
|
||||
|
||||
inherit processManagers profiles;
|
||||
}
|
|
@ -0,0 +1,54 @@
|
|||
{ pkgs ? import <nixpkgs> { inherit system; }
|
||||
, system ? builtins.currentSystem
|
||||
, stateDir ? "/var"
|
||||
, runtimeDir ? "${stateDir}/run"
|
||||
, logDir ? "${stateDir}/log"
|
||||
, spoolDir ? "${stateDir}/spool"
|
||||
, cacheDir ? "${stateDir}/cache"
|
||||
, libDir ? "${stateDir}/lib"
|
||||
, tmpDir ? (if stateDir == "/var" then "/tmp" else "${stateDir}/tmp")
|
||||
, forceDisableUserChange ? false
|
||||
, callingUser ? null
|
||||
, callingGroup ? null
|
||||
, processManager
|
||||
, nix-processmgmt ? ../../../nix-processmgmt
|
||||
}:
|
||||
|
||||
let
|
||||
constructors = import ../../services-agnostic/constructors.nix {
|
||||
inherit pkgs stateDir runtimeDir logDir tmpDir cacheDir libDir spoolDir forceDisableUserChange callingUser callingGroup processManager nix-processmgmt;
|
||||
};
|
||||
in
|
||||
{
|
||||
vsftpd = rec {
|
||||
dataPort = if forceDisableUserChange then 2000 else 20;
|
||||
listenPort = if forceDisableUserChange then 2001 else 21;
|
||||
|
||||
pkg = constructors.simpleVsftpd {
|
||||
inherit dataPort listenPort;
|
||||
enableAnonymousUser = true;
|
||||
options = {
|
||||
dual_log_enable = "YES";
|
||||
local_enable = "YES";
|
||||
anon_world_readable_only = "NO";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
vsftpd-secondary = rec {
|
||||
dataPort = if forceDisableUserChange then 2010 else 30;
|
||||
listenPort = if forceDisableUserChange then 2011 else 31;
|
||||
|
||||
pkg = constructors.simpleVsftpd {
|
||||
inherit dataPort listenPort;
|
||||
enableAnonymousUser = true;
|
||||
|
||||
instanceSuffix = "-secondary";
|
||||
options = {
|
||||
dual_log_enable = "YES";
|
||||
local_enable = "YES";
|
||||
anon_world_readable_only = "NO";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,6 +1,7 @@
|
|||
{ pkgs, testService, processManagers, profiles, nix-processmgmt }:
|
||||
|
||||
testService {
|
||||
name = "xinetd";
|
||||
exprFile = ./processes.nix;
|
||||
extraParams = {
|
||||
inherit nix-processmgmt;
|
||||
|
|
|
@ -1,13 +1,14 @@
|
|||
{ pkgs, testService, processManagers, profiles, nix-processmgmt }:
|
||||
|
||||
testService {
|
||||
name = "xinetd-extendable";
|
||||
exprFile = ./processes.nix;
|
||||
extraParams = {
|
||||
inherit nix-processmgmt;
|
||||
};
|
||||
systemPackages = [ pkgs.inetutils ];
|
||||
|
||||
tests = {instanceName, instance, stateDir, runtimeDir, forceDisableUserChange, ...}:
|
||||
tests = {instanceName, instance, processManager, stateDir, runtimeDir, forceDisableUserChange, ...}:
|
||||
if instanceName == "xinetd-primary" then
|
||||
let
|
||||
tftpService = pkgs.writeTextFile {
|
||||
|
@ -33,8 +34,27 @@ testService {
|
|||
machine.succeed(
|
||||
"cp ${tftpService} ${stateDir}/lib/${instanceName}/xinetd.d"
|
||||
)
|
||||
machine.succeed("kill -HUP $(cat ${runtimeDir}/${instanceName}.pid)")
|
||||
|
||||
''
|
||||
+ (if processManager == "sysvinit" then
|
||||
''
|
||||
machine.succeed("kill -HUP $(cat ${runtimeDir}/${instanceName}.pid)")
|
||||
''
|
||||
else if processManager == "systemd" then
|
||||
''
|
||||
machine.succeed("systemctl restart nix-process-${instanceName}")
|
||||
''
|
||||
else if processManager == "supervisord" then
|
||||
''
|
||||
machine.succeed("supervisorctl restart ${instanceName}")
|
||||
''
|
||||
else if processManager == "s6-rc" then
|
||||
''
|
||||
machine.succeed("s6-rc -d change ${instanceName}")
|
||||
machine.succeed("s6-rc -u change ${instanceName}")
|
||||
''
|
||||
else throw "Process manager not supported: ${processManager}")
|
||||
+ ''
|
||||
machine.succeed("echo hello > ${stateDir}/hello.txt")
|
||||
# fmt: off
|
||||
machine.succeed(
|
||||
|
|
Loading…
Reference in New Issue