Abandon manual container and switch to NixNG

Signed-off-by: Magic_RB <magic_rb@redalder.org>
This commit is contained in:
Magic_RB 2021-04-05 00:24:00 +02:00
parent 259373af23
commit 25aa12d60d
No known key found for this signature in database
GPG key ID: 08D5287CC5DDCA0E
4 changed files with 117 additions and 138 deletions

View file

@ -1,35 +0,0 @@
LoadModule mpm_event_module modules/mod_mpm_event.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule dir_module modules/mod_dir.so
ErrorLog /dev/stderr
TransferLog /dev/stdout
LogLevel info
Listen 0.0.0.0:80
ServerRoot /var/www
ServerName blowhole
PidFile /httpd.pid
User www-data
Group www-data
DocumentRoot /var/www
<Directory />
Require all denied
Options SymLinksIfOwnerMatch
AddType image/svg+xml svg svgz
</Directory>
<VirtualHost *:80>
<Directory /var/www>
Require all granted
Options +Indexes +FollowSymlinks
DirectoryIndex index.html
</Directory>
</VirtualHost>

View file

@ -1 +0,0 @@
apachectl start -f $_apache_cfg -D FOREGROUND

View file

@ -16,7 +16,38 @@
"type": "github"
}
},
"nixng": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1617561707,
"narHash": "sha256-mQ05xYziJutQIi4pHfI1QbOq6EvrfN6GcvM/hM9sSV0=",
"ref": "master",
"rev": "2570dcc47d42d959221480156196d0a22086f00b",
"revCount": 19,
"type": "git",
"url": "https://gitea.redalder.org/Magic_RB/NixNG"
},
"original": {
"type": "git",
"url": "https://gitea.redalder.org/Magic_RB/NixNG"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1617271991,
"narHash": "sha256-VdzjIQaT1FtycNid0iPSVr44Jrstoox6QRLrwCY1uG0=",
"path": "/nix/store/p86a44r69akjvyg0nid33kh9mg15h9lq-source",
"rev": "da7f4c4842520167f65c20ad75ecdbd14e27ae91",
"type": "path"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1614447571,
"narHash": "sha256-kHshBYBAAL0sx7DwwrPyfvtUwidQ9aWXy0XrL5RQFhY=",
@ -45,27 +76,12 @@
"type": "github"
}
},
"rlib": {
"locked": {
"lastModified": 1616164844,
"narHash": "sha256-CGI/26i00vpsCZcJE47Fnu2rcjhaY6tVWjQgJa+zJL0=",
"ref": "master",
"rev": "490ea3f83c9765f9a15f6bf7e6d77c127d08ea24",
"revCount": 13,
"type": "git",
"url": "https://gitea.redalder.org/RedAlder/rlib"
},
"original": {
"type": "git",
"url": "https://gitea.redalder.org/RedAlder/rlib"
}
},
"root": {
"inputs": {
"emacs-htmlize": "emacs-htmlize",
"nixpkgs": "nixpkgs",
"org-thtml": "org-thtml",
"rlib": "rlib"
"nixng": "nixng",
"nixpkgs": "nixpkgs_2",
"org-thtml": "org-thtml"
}
}
},

167
flake.nix
View file

@ -10,32 +10,17 @@
flake = false;
};
rlib = {
url = "git+https://gitea.redalder.org/RedAlder/rlib";
nixng = {
url = "git+https://gitea.redalder.org/Magic_RB/NixNG";
flake = true;
};
};
outputs = { self, nixpkgs, org-thtml, emacs-htmlize, ... }@inputs:
outputs = { self, nixpkgs, nixng, org-thtml, emacs-htmlize, ... }@inputs:
let
supportedSystems = [ "x86_64-linux" "i686-linux" "aarch64-linux" ];
forAllSystems = f: nixpkgs.lib.genAttrs supportedSystems (system: f system);
rlib = inputs.rlib.lib {
inherit nixpkgs;
system = "x86_64-linux";
packages = {
nixpkgs = {
config = {};
versions = {
stable = inputs.nixpkgs;
};
};
custom = {};
};
self = rlib;
};
websiteBase = pkgs:
pkgs.stdenv.mkDerivation {
name = "magic_rb-website";
@ -66,78 +51,92 @@
websiteBase pkgs
);
dockerImages = with rlib.dockerTools; {
apache = buildLayeredImage
({ nixpkgs, custom, rlib }:
with rlib.dockerTools;
let
shadow = makeShadow {
withNixbld = false;
users = [
{
name = "www-data";
uid = "5000";
gid = "5000";
home = "/var/empty";
shell = "${nixpkgs.stable.bash}/bin/bash";
description = "Apache HTTPD user";
}
];
groups = [
{
name = "www-data";
id = 5000;
}
];
};
ca-certificates = makeCerts {
certs = [];
};
apache = nixpkgs.stable.apache.override {
proxySupport = false;
sslSupport = false;
http2Support = false;
ldapSupport = false;
libxml2Support = false;
brotliSupport = false;
};
entrypoint = nixpkgs.stable.writeShellScriptBin "entrypoint.sh" (builtins.readFile ./docker/entrypoint.sh);
website = nixpkgs.stable.runCommandNoCCLocal "website" {} ''
mkdir -p $out/var/
ln -s ${websiteBase nixpkgs.stable} $out/var/www
'';
logs = nixpkgs.stable.runCommandNoCCLocal "logs" {} ''
mkdir -p $out/var/log/apache2
'';
in
websiteImage = (nixng.lib "x86_64-linux").makeSystem {
system = "x86_64-linux";
name = "website";
config = ({ pkgs, options, ... }: {
runit = {
enable = true;
isContainer = true;
};
init.services.apache2 = {
ensureSomething.link."documentRoot" = {
src = "${websiteBase pkgs}";
dst = "/var/www";
};
};
users.users."www-data" = {
uid = 1001;
group = "www-data";
};
users.groups."www-data" = {
gid = 1001;
};
services.apache2 = {
enable = true;
configuration = [
{
name = "magic_rb-website-apache";
tag = "latest";
contents = [
entrypoint
shadow
ca-certificates
makeBasicBin
website
logs
LoadModule = [
[ "mpm_event_module" "modules/mod_mpm_event.so" ]
[ "log_config_module" "modules/mod_log_config.so" ]
[ "unixd_module" "modules/mod_unixd.so" ]
[ "authz_core_module" "modules/mod_authz_core.so" ]
[ "dir_module" "modules/mod_dir.so" ]
[ "mime_module" "modules/mod_mime.so" ]
];
}
{
Listen = "0.0.0.0:80";
config = with nixpkgs.stable; {
Entrypoint = [ "${dumb-init}/bin/dumb-init" "--" "/bin/entrypoint.sh" ];
ServerRoot = "/var/www";
ServerName = "blowhole";
PidFile = "/httpd.pid";
Env = [
"PATH=${lib.makeBinPath [ busybox apacheHttpd bash ]}"
"_apache_cfg=${./docker/apache.cfg}"
];
User = "www-data";
Group = "www-data";
DocumentRoot = "/var/www";
}
{
ErrorLog = "/dev/stderr";
TransferLog = "/dev/stdout";
LogLevel = "info";
}
{
AddType = [
[ "image/svg+xml" "svg" "svgz" ]
];
AddEncoding = [ "gzip" "svgz" ];
TypesConfig = "${pkgs.apacheHttpd}/conf/mime.types";
}
{
Directory = {
"/" = {
Require = [ "all" "denied" ];
Options = "SymlinksIfOwnerMatch";
};
};
extraCommands = ''
mkdir -p tmp var/empty
chmod 777 tmp
'';
});
VirtualHost = {
"*:80" = {
Directory = {
"/var/www" = {
Require = [ "all" "granted" ];
Options = [ "-Indexes" "+FollowSymlinks" ];
DirectoryIndex = "index.html";
};
};
};
};
}
];
};
});
};
};
}