From 25aa12d60dc18ac9e572ed6e78d785cba0ccf50d Mon Sep 17 00:00:00 2001 From: Magic_RB Date: Mon, 5 Apr 2021 00:24:00 +0200 Subject: [PATCH] Abandon manual container and switch to NixNG Signed-off-by: Magic_RB --- docker/apache.cfg | 35 --------- docker/entrypoint.sh | 1 - flake.lock | 52 +++++++++----- flake.nix | 167 +++++++++++++++++++++---------------------- 4 files changed, 117 insertions(+), 138 deletions(-) delete mode 100644 docker/apache.cfg delete mode 100644 docker/entrypoint.sh diff --git a/docker/apache.cfg b/docker/apache.cfg deleted file mode 100644 index 4b51de5..0000000 --- a/docker/apache.cfg +++ /dev/null @@ -1,35 +0,0 @@ -LoadModule mpm_event_module modules/mod_mpm_event.so -LoadModule log_config_module modules/mod_log_config.so -LoadModule unixd_module modules/mod_unixd.so -LoadModule authz_core_module modules/mod_authz_core.so -LoadModule dir_module modules/mod_dir.so - -ErrorLog /dev/stderr -TransferLog /dev/stdout - -LogLevel info - -Listen 0.0.0.0:80 - -ServerRoot /var/www -ServerName blowhole -PidFile /httpd.pid - -User www-data -Group www-data - -DocumentRoot /var/www - - - Require all denied - Options SymLinksIfOwnerMatch - AddType image/svg+xml svg svgz - - - - - Require all granted - Options +Indexes +FollowSymlinks - DirectoryIndex index.html - - \ No newline at end of file diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh deleted file mode 100644 index 63f705a..0000000 --- a/docker/entrypoint.sh +++ /dev/null @@ -1 +0,0 @@ -apachectl start -f $_apache_cfg -D FOREGROUND diff --git a/flake.lock b/flake.lock index 328c991..8df3b14 100644 --- a/flake.lock +++ b/flake.lock @@ -16,7 +16,38 @@ "type": "github" } }, + "nixng": { + "inputs": { + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1617561707, + "narHash": "sha256-mQ05xYziJutQIi4pHfI1QbOq6EvrfN6GcvM/hM9sSV0=", + "ref": "master", + "rev": "2570dcc47d42d959221480156196d0a22086f00b", + "revCount": 19, + "type": "git", + "url": "https://gitea.redalder.org/Magic_RB/NixNG" + }, + "original": { + "type": "git", + "url": "https://gitea.redalder.org/Magic_RB/NixNG" + } + }, "nixpkgs": { + "locked": { + "lastModified": 1617271991, + "narHash": "sha256-VdzjIQaT1FtycNid0iPSVr44Jrstoox6QRLrwCY1uG0=", + "path": "/nix/store/p86a44r69akjvyg0nid33kh9mg15h9lq-source", + "rev": "da7f4c4842520167f65c20ad75ecdbd14e27ae91", + "type": "path" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "nixpkgs_2": { "locked": { "lastModified": 1614447571, "narHash": "sha256-kHshBYBAAL0sx7DwwrPyfvtUwidQ9aWXy0XrL5RQFhY=", @@ -45,27 +76,12 @@ "type": "github" } }, - "rlib": { - "locked": { - "lastModified": 1616164844, - "narHash": "sha256-CGI/26i00vpsCZcJE47Fnu2rcjhaY6tVWjQgJa+zJL0=", - "ref": "master", - "rev": "490ea3f83c9765f9a15f6bf7e6d77c127d08ea24", - "revCount": 13, - "type": "git", - "url": "https://gitea.redalder.org/RedAlder/rlib" - }, - "original": { - "type": "git", - "url": "https://gitea.redalder.org/RedAlder/rlib" - } - }, "root": { "inputs": { "emacs-htmlize": "emacs-htmlize", - "nixpkgs": "nixpkgs", - "org-thtml": "org-thtml", - "rlib": "rlib" + "nixng": "nixng", + "nixpkgs": "nixpkgs_2", + "org-thtml": "org-thtml" } } }, diff --git a/flake.nix b/flake.nix index aa97b2d..a9f8c28 100644 --- a/flake.nix +++ b/flake.nix @@ -10,32 +10,17 @@ flake = false; }; - rlib = { - url = "git+https://gitea.redalder.org/RedAlder/rlib"; + nixng = { + url = "git+https://gitea.redalder.org/Magic_RB/NixNG"; flake = true; }; }; - outputs = { self, nixpkgs, org-thtml, emacs-htmlize, ... }@inputs: + outputs = { self, nixpkgs, nixng, org-thtml, emacs-htmlize, ... }@inputs: let supportedSystems = [ "x86_64-linux" "i686-linux" "aarch64-linux" ]; forAllSystems = f: nixpkgs.lib.genAttrs supportedSystems (system: f system); - rlib = inputs.rlib.lib { - inherit nixpkgs; - system = "x86_64-linux"; - packages = { - nixpkgs = { - config = {}; - versions = { - stable = inputs.nixpkgs; - }; - }; - custom = {}; - }; - self = rlib; - }; - websiteBase = pkgs: pkgs.stdenv.mkDerivation { name = "magic_rb-website"; @@ -66,78 +51,92 @@ websiteBase pkgs ); - dockerImages = with rlib.dockerTools; { - apache = buildLayeredImage - ({ nixpkgs, custom, rlib }: - with rlib.dockerTools; - let - shadow = makeShadow { - withNixbld = false; - users = [ - { - name = "www-data"; - uid = "5000"; - gid = "5000"; - home = "/var/empty"; - shell = "${nixpkgs.stable.bash}/bin/bash"; - description = "Apache HTTPD user"; - } - ]; - groups = [ - { - name = "www-data"; - id = 5000; - } - ]; - }; - ca-certificates = makeCerts { - certs = []; - }; - apache = nixpkgs.stable.apache.override { - proxySupport = false; - sslSupport = false; - http2Support = false; - ldapSupport = false; - libxml2Support = false; - brotliSupport = false; - }; - entrypoint = nixpkgs.stable.writeShellScriptBin "entrypoint.sh" (builtins.readFile ./docker/entrypoint.sh); - website = nixpkgs.stable.runCommandNoCCLocal "website" {} '' - mkdir -p $out/var/ - ln -s ${websiteBase nixpkgs.stable} $out/var/www - ''; - logs = nixpkgs.stable.runCommandNoCCLocal "logs" {} '' - mkdir -p $out/var/log/apache2 - ''; - - in + websiteImage = (nixng.lib "x86_64-linux").makeSystem { + system = "x86_64-linux"; + name = "website"; + config = ({ pkgs, options, ... }: { + runit = { + enable = true; + isContainer = true; + }; + init.services.apache2 = { + ensureSomething.link."documentRoot" = { + src = "${websiteBase pkgs}"; + dst = "/var/www"; + }; + }; + users.users."www-data" = { + uid = 1001; + group = "www-data"; + }; + users.groups."www-data" = { + gid = 1001; + }; + services.apache2 = { + enable = true; + configuration = [ { - name = "magic_rb-website-apache"; - tag = "latest"; - - contents = [ - entrypoint - shadow - ca-certificates - makeBasicBin - website - logs + LoadModule = [ + [ "mpm_event_module" "modules/mod_mpm_event.so" ] + [ "log_config_module" "modules/mod_log_config.so" ] + [ "unixd_module" "modules/mod_unixd.so" ] + [ "authz_core_module" "modules/mod_authz_core.so" ] + [ "dir_module" "modules/mod_dir.so" ] + [ "mime_module" "modules/mod_mime.so" ] ]; + } + { + Listen = "0.0.0.0:80"; - config = with nixpkgs.stable; { - Entrypoint = [ "${dumb-init}/bin/dumb-init" "--" "/bin/entrypoint.sh" ]; + ServerRoot = "/var/www"; + ServerName = "blowhole"; + PidFile = "/httpd.pid"; - Env = [ - "PATH=${lib.makeBinPath [ busybox apacheHttpd bash ]}" - "_apache_cfg=${./docker/apache.cfg}" - ]; + User = "www-data"; + Group = "www-data"; + + DocumentRoot = "/var/www"; + } + + { + ErrorLog = "/dev/stderr"; + TransferLog = "/dev/stdout"; + + LogLevel = "info"; + } + + { + AddType = [ + [ "image/svg+xml" "svg" "svgz" ] + ]; + AddEncoding = [ "gzip" "svgz" ]; + + TypesConfig = "${pkgs.apacheHttpd}/conf/mime.types"; + } + + { + Directory = { + "/" = { + Require = [ "all" "denied" ]; + Options = "SymlinksIfOwnerMatch"; + }; }; - extraCommands = '' - mkdir -p tmp var/empty - chmod 777 tmp - ''; - }); + VirtualHost = { + "*:80" = { + Directory = { + "/var/www" = { + Require = [ "all" "granted" ]; + Options = [ "-Indexes" "+FollowSymlinks" ]; + DirectoryIndex = "index.html"; + }; + }; + }; + }; + } + ]; + }; + }); }; }; }