nixos/fcgiwrap: adapt consumer modules and tests

This also fixes the gitolite-fcgiwrap test by running git through
fcgiwrap as the proper user.
This commit is contained in:
euxane 2024-06-08 22:34:16 +02:00
parent 41419ca288
commit bf2ad6f48c
4 changed files with 26 additions and 19 deletions

View File

@ -202,8 +202,7 @@ in {
];
services = {
fcgiwrap = lib.mkIf useNginx {
enable = true;
fcgiwrap.zoneminder = lib.mkIf useNginx {
preforkProcesses = cfg.cameras;
inherit user group;
};
@ -225,9 +224,7 @@ in {
default = true;
root = "${pkg}/share/zoneminder/www";
listen = [ { addr = "0.0.0.0"; inherit (cfg) port; } ];
extraConfig = let
fcgi = config.services.fcgiwrap;
in ''
extraConfig = ''
index index.php;
location / {
@ -257,7 +254,7 @@ in {
fastcgi_param HTTP_PROXY "";
fastcgi_intercept_errors on;
fastcgi_pass ${fcgi.socketType}:${fcgi.socketAddress};
fastcgi_pass unix:${config.services.fcgiwrap.zoneminder.socketAddress};
}
location /cache/ {

View File

@ -25,14 +25,14 @@ let
regexLocation = cfg: regexEscape (stripLocation cfg);
mkFastcgiPass = cfg: ''
mkFastcgiPass = name: cfg: ''
${if cfg.nginx.location == "/" then ''
fastcgi_param PATH_INFO $uri;
'' else ''
fastcgi_split_path_info ^(${regexLocation cfg})(/.+)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
''
}fastcgi_pass unix:${config.services.fcgiwrap.socketAddress};
}fastcgi_pass unix:${config.services.fcgiwrap."cgit-${name}".socketAddress};
'';
cgitrcLine = name: value: "${name}=${
@ -165,18 +165,21 @@ in
message = "Exactly one of services.cgit.${vhost}.scanPath or services.cgit.${vhost}.repos must be set.";
}) cfgs;
services.fcgiwrap.enable = true;
services.fcgiwrap = flip mapAttrs' cfgs (name: cfg:
nameValuePair "cgit-${name}" {
}
);
services.nginx.enable = true;
services.nginx.virtualHosts = mkMerge (mapAttrsToList (_: cfg: {
services.nginx.virtualHosts = mkMerge (mapAttrsToList (name: cfg: {
${cfg.nginx.virtualHost} = {
locations = (
genAttrs'
[ "cgit.css" "cgit.png" "favicon.ico" "robots.txt" ]
(name: nameValuePair "= ${stripLocation cfg}/${name}" {
(fileName: nameValuePair "= ${stripLocation cfg}/${fileName}" {
extraConfig = ''
alias ${cfg.package}/cgit/${name};
alias ${cfg.package}/cgit/${fileName};
'';
})
) // {
@ -187,7 +190,7 @@ in
GIT_PROJECT_ROOT = mkCgitReposDir cfg;
HOME = GIT_PROJECT_ROOT;
};
extraConfig = mkFastcgiPass cfg;
extraConfig = mkFastcgiPass name cfg;
};
"${stripLocation cfg}/" = {
fastcgiParams = {
@ -196,7 +199,7 @@ in
HTTP_HOST = "$server_name";
CGIT_CONFIG = mkCgitrc cfg;
};
extraConfig = mkFastcgiPass cfg;
extraConfig = mkFastcgiPass name cfg;
};
};
};

View File

@ -337,7 +337,10 @@ in
};
# use nginx to serve the smokeping web service
services.fcgiwrap.enable = mkIf cfg.webService true;
services.fcgiwrap.smokeping = mkIf cfg.webService {
user = cfg.user;
group = cfg.user;
};
services.nginx = mkIf cfg.webService {
enable = true;
virtualHosts."smokeping" = {
@ -349,7 +352,7 @@ in
locations."/smokeping.fcgi" = {
extraConfig = ''
include ${config.services.nginx.package}/conf/fastcgi_params;
fastcgi_pass unix:${config.services.fcgiwrap.socketAddress};
fastcgi_pass unix:${config.services.fcgiwrap.smokeping.socketAddress};
fastcgi_param SCRIPT_FILENAME ${smokepingHome}/smokeping.fcgi;
fastcgi_param DOCUMENT_ROOT ${smokepingHome};
'';

View File

@ -24,7 +24,11 @@ import ./make-test-python.nix (
{
networking.firewall.allowedTCPPorts = [ 80 ];
services.fcgiwrap.enable = true;
services.fcgiwrap.gitolite = {
user = "gitolite";
group = "gitolite";
};
services.gitolite = {
enable = true;
adminPubkey = adminPublicKey;
@ -59,7 +63,7 @@ import ./make-test-python.nix (
fastcgi_param SCRIPT_FILENAME ${pkgs.gitolite}/bin/gitolite-shell;
# use Unix domain socket or inet socket
fastcgi_pass unix:/run/fcgiwrap.sock;
fastcgi_pass unix:${config.services.fcgiwrap.gitolite.socketAddress};
'';
};
@ -82,7 +86,7 @@ import ./make-test-python.nix (
server.wait_for_unit("gitolite-init.service")
server.wait_for_unit("nginx.service")
server.wait_for_file("/run/fcgiwrap.sock")
server.wait_for_file("/run/fcgiwrap-gitolite.sock")
client.wait_for_unit("multi-user.target")
client.succeed(