diff options
Diffstat (limited to 'tv/2configs')
-rw-r--r-- | tv/2configs/default.nix | 3 | ||||
-rw-r--r-- | tv/2configs/elm-packages-proxy.nix | 123 | ||||
-rw-r--r-- | tv/2configs/exim-smarthost.nix | 1 | ||||
-rw-r--r-- | tv/2configs/gitrepos.nix | 3 | ||||
-rw-r--r-- | tv/2configs/hw/x220.nix | 6 |
5 files changed, 105 insertions, 31 deletions
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 87a5c2e18..07e7ff11d 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -90,9 +90,6 @@ with import <stockholm/lib>; { services.cron.enable = false; - services.nscd.enable = - # Since 20.09 nscd doesn't cache anymore. - versionAtLeast (versions.majorMinor version) "20.09"; services.ntp.enable = false; services.timesyncd.enable = true; } diff --git a/tv/2configs/elm-packages-proxy.nix b/tv/2configs/elm-packages-proxy.nix index 17a0d2304..ecced3da2 100644 --- a/tv/2configs/elm-packages-proxy.nix +++ b/tv/2configs/elm-packages-proxy.nix @@ -4,20 +4,45 @@ cfg.packageDir = "/var/lib/elm-packages"; cfg.port = 7782; + # TODO secret files + cfg.htpasswd = "/var/lib/certs/package.elm-lang.org/htpasswd"; + cfg.sslCertificate = "/var/lib/certs/package.elm-lang.org/fullchain.pem"; + cfg.sslCertificateKey = "/var/lib/certs/package.elm-lang.org/key.pem"; + + semverRegex = + "(?<major>0|[1-9]\\d*)\\.(?<minor>0|[1-9]\\d*)\\.(?<patch>0|[1-9]\\d*)(?:-(?<prerelease>(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+(?<buildmetadata>[0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?"; + in { services.nginx.virtualHosts."package.elm-lang.org" = { addSSL = true; - # TODO secret files - sslCertificate = "/var/lib/certs/package.elm-lang.org/fullchain.pem"; - sslCertificateKey = "/var/lib/certs/package.elm-lang.org/key.pem"; + sslCertificate = cfg.sslCertificate; + sslCertificateKey = cfg.sslCertificateKey; + + locations."/all-packages".extraConfig = '' + proxy_pass http://127.0.0.1:${toString config.krebs.htgen.elm-packages-proxy.port}; + proxy_pass_header Server; + ''; locations."/all-packages/since/".extraConfig = '' proxy_pass http://127.0.0.1:${toString config.krebs.htgen.elm-packages-proxy.port}; proxy_pass_header Server; ''; - locations."~ ^/packages/(?<author>[A-Za-z0-9-]+)/(?<pname>[A-Za-z0-9-]+)/(?<version>(?<major>0|[1-9]\\d*)\\.(?<minor>0|[1-9]\\d*)\\.(?<patch>0|[1-9]\\d*)(?:-(?<prerelease>(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+(?<buildmetadata>[0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?)/(?:zipball|elm.json|endpoint.json)\$".extraConfig = '' + locations."~ ^/packages/(?<author>[A-Za-z0-9-]+)/(?<pname>[A-Za-z0-9-]+)/(?<version>${semverRegex})\$".extraConfig = '' + auth_basic "Restricted Area"; + auth_basic_user_file ${cfg.htpasswd}; + + proxy_set_header X-User $remote_user; + proxy_set_header X-Author $author; + proxy_set_header X-Package $pname; + proxy_set_header X-Version $version; + proxy_pass_header Server; + + proxy_pass http://127.0.0.1:${toString config.krebs.htgen.elm-packages-proxy.port}; + ''; + + locations."~ ^/packages/(?<author>[A-Za-z0-9-]+)/(?<pname>[A-Za-z0-9-]+)/(?<version>${semverRegex})/(?:zipball|elm.json|endpoint.json)\$".extraConfig = '' set $zipball "${cfg.packageDir}/$author/$pname/$version/zipball"; proxy_set_header X-Author $author; proxy_set_header X-Package $pname; @@ -39,14 +64,14 @@ in { krebs.htgen.elm-packages-proxy = { port = cfg.port; - script = /* sh */ ''(. ${pkgs.writeDash "elm-packages-proxy.sh" '' + script = /* sh */ ''. ${pkgs.writeDash "elm-packages-proxy.sh" '' PATH=${lib.makeBinPath [ pkgs.coreutils pkgs.curl pkgs.findutils pkgs.gnugrep pkgs.jq - pkgs.unzip + pkgs.p7zip ]} export PATH file_response() {( @@ -99,7 +124,7 @@ in { ;; elm.json) if ! test -f "$elmjson"; then - unzip -p "$zipball" \*/elm.json > "$elmjson" + 7z x -so "$zipball" \*/elm.json > "$elmjson" fi file_response 200 OK "$elmjson" 'application/json; charset=UTF-8' exit @@ -119,36 +144,86 @@ in { ;; esac ;; - 'POST /all-packages/since/'*) + 'POST /packages/'*) + + author=$req_x_author + pname=$req_x_package + user=$req_x_user + version=$req_x_version + + zipball=${cfg.packageDir}/$author/$pname/$version/zipball + + if test -e "$zipball"; then + string_response 409 Conflict \ + "package already exists: $author/$pname@$version" \ + text/plain + else + echo "user $user is uploading package $author/$pname@$version" >&2 + mkdir -p "$(dirname "$zipball")" + head -c $req_content_length > "$zipball" + string_response 200 OK \ + "package created: $author/$pname@$version" \ + text/plain + fi + exit + ;; + 'GET /all-packages'|'POST /all-packages') - # TODO only show newest? - my_packages=$( - cd ${cfg.packageDir} - find -mindepth 3 -maxdepth 3 | + response=$(mktemp -t htgen.$$.elm-packages-proxy.all-packages.XXXXXXXX) + trap "rm $response >&2" EXIT + + { + # upstream packages + curl -fsS https://package.elm-lang.org"$Request_URI" + + # private packages + (cd ${cfg.packageDir}; find -mindepth 3 -maxdepth 3) | jq -Rs ' split("\n") | map( select(.!="") | - sub("^\\./(?<author>[^/]+)/(?<pname>[^/]+)/(?<version>[^/]+)$";"\(.author)/\(.pname)@\(.version)") + match("^\\./(?<author>[^/]+)/(?<pname>[^/]+)/(?<version>[^/]+)$").captures | + map({key:.name,value:.string}) | + from_entries + ) | + reduce .[] as $item ({}; + ($item|"\(.author)/\(.pname)") as $name | + . + { "\($name)": ((.[$name] // []) + [$item.version]) } ) ' - ) + } | + jq -cs add > $response - new_upstream_packages=$( + file_response 200 OK "$response" 'application/json; charset=UTF-8' + exit + ;; + 'GET /all-packages/since/'*|'POST /all-packages/since/'*) + + response=$(mktemp -t htgen.$$.elm-packages-proxy.all-packages.XXXXXXXX) + trap "rm $response >&2" EXIT + + { + # upstream packages curl -fsS https://package.elm-lang.org"$Request_URI" - ) - response=$( - jq -n \ - --argjson my_packages "$my_packages" \ - --argjson new_upstream_packages "$new_upstream_packages" \ - '$new_upstream_packages + $my_packages' - ) + # private packages + (cd ${cfg.packageDir}; find -mindepth 3 -maxdepth 3) | + jq -Rs ' + split("\n") | + map( + select(.!="") | + sub("^\\./(?<author>[^/]+)/(?<pname>[^/]+)/(?<version>[^/]+)$";"\(.author)/\(.pname)@\(.version)") + ) | + sort_by(split("@") | [.[0]]+(.[1]|split("."))) | + reverse + ' + } | + jq -cs add > $response - string_response 200 OK "$response" 'application/json; charset=UTF-8' + file_response 200 OK "$response" 'application/json; charset=UTF-8' exit ;; esac - ''})''; + ''}''; }; } diff --git a/tv/2configs/exim-smarthost.nix b/tv/2configs/exim-smarthost.nix index 68fbcd151..4a0dcf616 100644 --- a/tv/2configs/exim-smarthost.nix +++ b/tv/2configs/exim-smarthost.nix @@ -26,7 +26,6 @@ with import <stockholm/lib>; { from = "postmaster@viljetic.de"; to = tv.mail; } # RFC 822 { from = "mirko@viljetic.de"; to = mv-ni.mail; } { from = "tomislav@viljetic.de"; to = tv.mail; } - { from = "tv@destroy.dyn.shackspace.de"; to = tv.mail; } { from = "tv@viljetic.de"; to = tv.mail; } { from = "tv@shackspace.de"; to = tv.mail; } ]; diff --git a/tv/2configs/gitrepos.nix b/tv/2configs/gitrepos.nix index 59090c8e3..991281ede 100644 --- a/tv/2configs/gitrepos.nix +++ b/tv/2configs/gitrepos.nix @@ -83,6 +83,9 @@ let { krops = { cgit.desc = "deployment tools"; }; + mailaids = { + cgit.desc = "Assortment of aids for working with electronic mail"; + }; much = {}; netcup = { cgit.desc = "netcup command line interface"; diff --git a/tv/2configs/hw/x220.nix b/tv/2configs/hw/x220.nix index 61b475537..aadfc6691 100644 --- a/tv/2configs/hw/x220.nix +++ b/tv/2configs/hw/x220.nix @@ -48,9 +48,9 @@ }; services.tlp.enable = true; - services.tlp.extraConfig = '' - START_CHARGE_THRESH_BAT0=80 - ''; + services.tlp.settings = { + START_CHARGE_THRESH_BAT0 = 80; + }; nix = { buildCores = 2; |