mirror of
https://git.sr.ht/~magic_rb/website
synced 2024-11-22 00:04:20 +01:00
Abandon manual container and switch to NixNG
Signed-off-by: Magic_RB <magic_rb@redalder.org>
This commit is contained in:
parent
259373af23
commit
25aa12d60d
|
@ -1,35 +0,0 @@
|
|||
LoadModule mpm_event_module modules/mod_mpm_event.so
|
||||
LoadModule log_config_module modules/mod_log_config.so
|
||||
LoadModule unixd_module modules/mod_unixd.so
|
||||
LoadModule authz_core_module modules/mod_authz_core.so
|
||||
LoadModule dir_module modules/mod_dir.so
|
||||
|
||||
ErrorLog /dev/stderr
|
||||
TransferLog /dev/stdout
|
||||
|
||||
LogLevel info
|
||||
|
||||
Listen 0.0.0.0:80
|
||||
|
||||
ServerRoot /var/www
|
||||
ServerName blowhole
|
||||
PidFile /httpd.pid
|
||||
|
||||
User www-data
|
||||
Group www-data
|
||||
|
||||
DocumentRoot /var/www
|
||||
|
||||
<Directory />
|
||||
Require all denied
|
||||
Options SymLinksIfOwnerMatch
|
||||
AddType image/svg+xml svg svgz
|
||||
</Directory>
|
||||
|
||||
<VirtualHost *:80>
|
||||
<Directory /var/www>
|
||||
Require all granted
|
||||
Options +Indexes +FollowSymlinks
|
||||
DirectoryIndex index.html
|
||||
</Directory>
|
||||
</VirtualHost>
|
|
@ -1 +0,0 @@
|
|||
apachectl start -f $_apache_cfg -D FOREGROUND
|
52
flake.lock
52
flake.lock
|
@ -16,7 +16,38 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixng": {
|
||||
"inputs": {
|
||||
"nixpkgs": "nixpkgs"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1617561707,
|
||||
"narHash": "sha256-mQ05xYziJutQIi4pHfI1QbOq6EvrfN6GcvM/hM9sSV0=",
|
||||
"ref": "master",
|
||||
"rev": "2570dcc47d42d959221480156196d0a22086f00b",
|
||||
"revCount": 19,
|
||||
"type": "git",
|
||||
"url": "https://gitea.redalder.org/Magic_RB/NixNG"
|
||||
},
|
||||
"original": {
|
||||
"type": "git",
|
||||
"url": "https://gitea.redalder.org/Magic_RB/NixNG"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1617271991,
|
||||
"narHash": "sha256-VdzjIQaT1FtycNid0iPSVr44Jrstoox6QRLrwCY1uG0=",
|
||||
"path": "/nix/store/p86a44r69akjvyg0nid33kh9mg15h9lq-source",
|
||||
"rev": "da7f4c4842520167f65c20ad75ecdbd14e27ae91",
|
||||
"type": "path"
|
||||
},
|
||||
"original": {
|
||||
"id": "nixpkgs",
|
||||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1614447571,
|
||||
"narHash": "sha256-kHshBYBAAL0sx7DwwrPyfvtUwidQ9aWXy0XrL5RQFhY=",
|
||||
|
@ -45,27 +76,12 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"rlib": {
|
||||
"locked": {
|
||||
"lastModified": 1616164844,
|
||||
"narHash": "sha256-CGI/26i00vpsCZcJE47Fnu2rcjhaY6tVWjQgJa+zJL0=",
|
||||
"ref": "master",
|
||||
"rev": "490ea3f83c9765f9a15f6bf7e6d77c127d08ea24",
|
||||
"revCount": 13,
|
||||
"type": "git",
|
||||
"url": "https://gitea.redalder.org/RedAlder/rlib"
|
||||
},
|
||||
"original": {
|
||||
"type": "git",
|
||||
"url": "https://gitea.redalder.org/RedAlder/rlib"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"emacs-htmlize": "emacs-htmlize",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"org-thtml": "org-thtml",
|
||||
"rlib": "rlib"
|
||||
"nixng": "nixng",
|
||||
"nixpkgs": "nixpkgs_2",
|
||||
"org-thtml": "org-thtml"
|
||||
}
|
||||
}
|
||||
},
|
||||
|
|
167
flake.nix
167
flake.nix
|
@ -10,32 +10,17 @@
|
|||
flake = false;
|
||||
};
|
||||
|
||||
rlib = {
|
||||
url = "git+https://gitea.redalder.org/RedAlder/rlib";
|
||||
nixng = {
|
||||
url = "git+https://gitea.redalder.org/Magic_RB/NixNG";
|
||||
flake = true;
|
||||
};
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, org-thtml, emacs-htmlize, ... }@inputs:
|
||||
outputs = { self, nixpkgs, nixng, org-thtml, emacs-htmlize, ... }@inputs:
|
||||
let
|
||||
supportedSystems = [ "x86_64-linux" "i686-linux" "aarch64-linux" ];
|
||||
forAllSystems = f: nixpkgs.lib.genAttrs supportedSystems (system: f system);
|
||||
|
||||
rlib = inputs.rlib.lib {
|
||||
inherit nixpkgs;
|
||||
system = "x86_64-linux";
|
||||
packages = {
|
||||
nixpkgs = {
|
||||
config = {};
|
||||
versions = {
|
||||
stable = inputs.nixpkgs;
|
||||
};
|
||||
};
|
||||
custom = {};
|
||||
};
|
||||
self = rlib;
|
||||
};
|
||||
|
||||
websiteBase = pkgs:
|
||||
pkgs.stdenv.mkDerivation {
|
||||
name = "magic_rb-website";
|
||||
|
@ -66,78 +51,92 @@
|
|||
websiteBase pkgs
|
||||
);
|
||||
|
||||
dockerImages = with rlib.dockerTools; {
|
||||
apache = buildLayeredImage
|
||||
({ nixpkgs, custom, rlib }:
|
||||
with rlib.dockerTools;
|
||||
let
|
||||
shadow = makeShadow {
|
||||
withNixbld = false;
|
||||
users = [
|
||||
{
|
||||
name = "www-data";
|
||||
uid = "5000";
|
||||
gid = "5000";
|
||||
home = "/var/empty";
|
||||
shell = "${nixpkgs.stable.bash}/bin/bash";
|
||||
description = "Apache HTTPD user";
|
||||
}
|
||||
];
|
||||
groups = [
|
||||
{
|
||||
name = "www-data";
|
||||
id = 5000;
|
||||
}
|
||||
];
|
||||
};
|
||||
ca-certificates = makeCerts {
|
||||
certs = [];
|
||||
};
|
||||
apache = nixpkgs.stable.apache.override {
|
||||
proxySupport = false;
|
||||
sslSupport = false;
|
||||
http2Support = false;
|
||||
ldapSupport = false;
|
||||
libxml2Support = false;
|
||||
brotliSupport = false;
|
||||
};
|
||||
entrypoint = nixpkgs.stable.writeShellScriptBin "entrypoint.sh" (builtins.readFile ./docker/entrypoint.sh);
|
||||
website = nixpkgs.stable.runCommandNoCCLocal "website" {} ''
|
||||
mkdir -p $out/var/
|
||||
ln -s ${websiteBase nixpkgs.stable} $out/var/www
|
||||
'';
|
||||
logs = nixpkgs.stable.runCommandNoCCLocal "logs" {} ''
|
||||
mkdir -p $out/var/log/apache2
|
||||
'';
|
||||
|
||||
in
|
||||
websiteImage = (nixng.lib "x86_64-linux").makeSystem {
|
||||
system = "x86_64-linux";
|
||||
name = "website";
|
||||
config = ({ pkgs, options, ... }: {
|
||||
runit = {
|
||||
enable = true;
|
||||
isContainer = true;
|
||||
};
|
||||
init.services.apache2 = {
|
||||
ensureSomething.link."documentRoot" = {
|
||||
src = "${websiteBase pkgs}";
|
||||
dst = "/var/www";
|
||||
};
|
||||
};
|
||||
users.users."www-data" = {
|
||||
uid = 1001;
|
||||
group = "www-data";
|
||||
};
|
||||
users.groups."www-data" = {
|
||||
gid = 1001;
|
||||
};
|
||||
services.apache2 = {
|
||||
enable = true;
|
||||
configuration = [
|
||||
{
|
||||
name = "magic_rb-website-apache";
|
||||
tag = "latest";
|
||||
|
||||
contents = [
|
||||
entrypoint
|
||||
shadow
|
||||
ca-certificates
|
||||
makeBasicBin
|
||||
website
|
||||
logs
|
||||
LoadModule = [
|
||||
[ "mpm_event_module" "modules/mod_mpm_event.so" ]
|
||||
[ "log_config_module" "modules/mod_log_config.so" ]
|
||||
[ "unixd_module" "modules/mod_unixd.so" ]
|
||||
[ "authz_core_module" "modules/mod_authz_core.so" ]
|
||||
[ "dir_module" "modules/mod_dir.so" ]
|
||||
[ "mime_module" "modules/mod_mime.so" ]
|
||||
];
|
||||
}
|
||||
{
|
||||
Listen = "0.0.0.0:80";
|
||||
|
||||
config = with nixpkgs.stable; {
|
||||
Entrypoint = [ "${dumb-init}/bin/dumb-init" "--" "/bin/entrypoint.sh" ];
|
||||
ServerRoot = "/var/www";
|
||||
ServerName = "blowhole";
|
||||
PidFile = "/httpd.pid";
|
||||
|
||||
Env = [
|
||||
"PATH=${lib.makeBinPath [ busybox apacheHttpd bash ]}"
|
||||
"_apache_cfg=${./docker/apache.cfg}"
|
||||
];
|
||||
User = "www-data";
|
||||
Group = "www-data";
|
||||
|
||||
DocumentRoot = "/var/www";
|
||||
}
|
||||
|
||||
{
|
||||
ErrorLog = "/dev/stderr";
|
||||
TransferLog = "/dev/stdout";
|
||||
|
||||
LogLevel = "info";
|
||||
}
|
||||
|
||||
{
|
||||
AddType = [
|
||||
[ "image/svg+xml" "svg" "svgz" ]
|
||||
];
|
||||
AddEncoding = [ "gzip" "svgz" ];
|
||||
|
||||
TypesConfig = "${pkgs.apacheHttpd}/conf/mime.types";
|
||||
}
|
||||
|
||||
{
|
||||
Directory = {
|
||||
"/" = {
|
||||
Require = [ "all" "denied" ];
|
||||
Options = "SymlinksIfOwnerMatch";
|
||||
};
|
||||
};
|
||||
|
||||
extraCommands = ''
|
||||
mkdir -p tmp var/empty
|
||||
chmod 777 tmp
|
||||
'';
|
||||
});
|
||||
VirtualHost = {
|
||||
"*:80" = {
|
||||
Directory = {
|
||||
"/var/www" = {
|
||||
Require = [ "all" "granted" ];
|
||||
Options = [ "-Indexes" "+FollowSymlinks" ];
|
||||
DirectoryIndex = "index.html";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
});
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue