From bf2ad6f48c95eea96768cc62dda7c6eb2097cbf4 Mon Sep 17 00:00:00 2001 From: euxane Date: Sat, 8 Jun 2024 22:34:16 +0200 Subject: [PATCH] nixos/fcgiwrap: adapt consumer modules and tests This also fixes the gitolite-fcgiwrap test by running git through fcgiwrap as the proper user. --- nixos/modules/services/misc/zoneminder.nix | 9 +++------ nixos/modules/services/networking/cgit.nix | 19 +++++++++++-------- .../modules/services/networking/smokeping.nix | 7 +++++-- nixos/tests/gitolite-fcgiwrap.nix | 10 +++++++--- 4 files changed, 26 insertions(+), 19 deletions(-) diff --git a/nixos/modules/services/misc/zoneminder.nix b/nixos/modules/services/misc/zoneminder.nix index d09cd87febff..749d0c174520 100644 --- a/nixos/modules/services/misc/zoneminder.nix +++ b/nixos/modules/services/misc/zoneminder.nix @@ -202,8 +202,7 @@ in { ]; services = { - fcgiwrap = lib.mkIf useNginx { - enable = true; + fcgiwrap.zoneminder = lib.mkIf useNginx { preforkProcesses = cfg.cameras; inherit user group; }; @@ -225,9 +224,7 @@ in { default = true; root = "${pkg}/share/zoneminder/www"; listen = [ { addr = "0.0.0.0"; inherit (cfg) port; } ]; - extraConfig = let - fcgi = config.services.fcgiwrap; - in '' + extraConfig = '' index index.php; location / { @@ -257,7 +254,7 @@ in { fastcgi_param HTTP_PROXY ""; fastcgi_intercept_errors on; - fastcgi_pass ${fcgi.socketType}:${fcgi.socketAddress}; + fastcgi_pass unix:${config.services.fcgiwrap.zoneminder.socketAddress}; } location /cache/ { diff --git a/nixos/modules/services/networking/cgit.nix b/nixos/modules/services/networking/cgit.nix index 0ccbef756812..5acdaa47c3a0 100644 --- a/nixos/modules/services/networking/cgit.nix +++ b/nixos/modules/services/networking/cgit.nix @@ -25,14 +25,14 @@ let regexLocation = cfg: regexEscape (stripLocation cfg); - mkFastcgiPass = cfg: '' + mkFastcgiPass = name: cfg: '' ${if cfg.nginx.location == "/" then '' fastcgi_param PATH_INFO $uri; '' else '' fastcgi_split_path_info ^(${regexLocation cfg})(/.+)$; fastcgi_param PATH_INFO $fastcgi_path_info; '' - }fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; + }fastcgi_pass unix:${config.services.fcgiwrap."cgit-${name}".socketAddress}; ''; cgitrcLine = name: value: "${name}=${ @@ -165,18 +165,21 @@ in message = "Exactly one of services.cgit.${vhost}.scanPath or services.cgit.${vhost}.repos must be set."; }) cfgs; - services.fcgiwrap.enable = true; + services.fcgiwrap = flip mapAttrs' cfgs (name: cfg: + nameValuePair "cgit-${name}" { + } + ); services.nginx.enable = true; - services.nginx.virtualHosts = mkMerge (mapAttrsToList (_: cfg: { + services.nginx.virtualHosts = mkMerge (mapAttrsToList (name: cfg: { ${cfg.nginx.virtualHost} = { locations = ( genAttrs' [ "cgit.css" "cgit.png" "favicon.ico" "robots.txt" ] - (name: nameValuePair "= ${stripLocation cfg}/${name}" { + (fileName: nameValuePair "= ${stripLocation cfg}/${fileName}" { extraConfig = '' - alias ${cfg.package}/cgit/${name}; + alias ${cfg.package}/cgit/${fileName}; ''; }) ) // { @@ -187,7 +190,7 @@ in GIT_PROJECT_ROOT = mkCgitReposDir cfg; HOME = GIT_PROJECT_ROOT; }; - extraConfig = mkFastcgiPass cfg; + extraConfig = mkFastcgiPass name cfg; }; "${stripLocation cfg}/" = { fastcgiParams = { @@ -196,7 +199,7 @@ in HTTP_HOST = "$server_name"; CGIT_CONFIG = mkCgitrc cfg; }; - extraConfig = mkFastcgiPass cfg; + extraConfig = mkFastcgiPass name cfg; }; }; }; diff --git a/nixos/modules/services/networking/smokeping.nix b/nixos/modules/services/networking/smokeping.nix index 3fb3eac45cc8..d0ec571665fb 100644 --- a/nixos/modules/services/networking/smokeping.nix +++ b/nixos/modules/services/networking/smokeping.nix @@ -337,7 +337,10 @@ in }; # use nginx to serve the smokeping web service - services.fcgiwrap.enable = mkIf cfg.webService true; + services.fcgiwrap.smokeping = mkIf cfg.webService { + user = cfg.user; + group = cfg.user; + }; services.nginx = mkIf cfg.webService { enable = true; virtualHosts."smokeping" = { @@ -349,7 +352,7 @@ in locations."/smokeping.fcgi" = { extraConfig = '' include ${config.services.nginx.package}/conf/fastcgi_params; - fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; + fastcgi_pass unix:${config.services.fcgiwrap.smokeping.socketAddress}; fastcgi_param SCRIPT_FILENAME ${smokepingHome}/smokeping.fcgi; fastcgi_param DOCUMENT_ROOT ${smokepingHome}; ''; diff --git a/nixos/tests/gitolite-fcgiwrap.nix b/nixos/tests/gitolite-fcgiwrap.nix index abf1db37003a..e51c5da73ae2 100644 --- a/nixos/tests/gitolite-fcgiwrap.nix +++ b/nixos/tests/gitolite-fcgiwrap.nix @@ -24,7 +24,11 @@ import ./make-test-python.nix ( { networking.firewall.allowedTCPPorts = [ 80 ]; - services.fcgiwrap.enable = true; + services.fcgiwrap.gitolite = { + user = "gitolite"; + group = "gitolite"; + }; + services.gitolite = { enable = true; adminPubkey = adminPublicKey; @@ -59,7 +63,7 @@ import ./make-test-python.nix ( fastcgi_param SCRIPT_FILENAME ${pkgs.gitolite}/bin/gitolite-shell; # use Unix domain socket or inet socket - fastcgi_pass unix:/run/fcgiwrap.sock; + fastcgi_pass unix:${config.services.fcgiwrap.gitolite.socketAddress}; ''; }; @@ -82,7 +86,7 @@ import ./make-test-python.nix ( server.wait_for_unit("gitolite-init.service") server.wait_for_unit("nginx.service") - server.wait_for_file("/run/fcgiwrap.sock") + server.wait_for_file("/run/fcgiwrap-gitolite.sock") client.wait_for_unit("multi-user.target") client.succeed(