Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* master: (48 commits) Mathematica: 11.0.1 -> 11.2.0 kbfs: 20170922.f76290 -> 20171004.40555d packer: 1.0.3 -> 1.1.0 libxdg-basedir: 1.0.2 -> 1.2.0 fscrypt: 0.2.1 -> 0.2.2 devtodo: init at 0.1.20 keybase: 1.0.30 -> 1.0.33 elixir: Fix locale problem on NixOS keybase-gui: 1.0.25 -> 1.0.33 terraform: 0.10.2 -> 0.10.7 (#30055) emby: 3.2.32.0 -> 3.2.33.0 sbcl: 1.3.21 -> 1.4.0 ardour: 5.11 -> 5.12 axoloti: fix evaluation axoloti: init at 1.0.12-1 melpa-packages: Add new lean packages fastlane: init at 2.60.1 nixos/traefik: guard example path go-ethereum: 1.7.0 -> 1.7.1 xzgv: 0.9.1 -> 0.9.2 ...
- Loading branch information
Showing
55 changed files
with
1,502 additions
and
296 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,115 @@ | ||
{ config, lib, pkgs, ... }: | ||
|
||
with lib; | ||
|
||
let | ||
cfg = config.services.traefik; | ||
configFile = | ||
if cfg.configFile == null then | ||
pkgs.runCommand "config.toml" { | ||
buildInputs = [ pkgs.remarshal ]; | ||
} '' | ||
remarshal -if json -of toml \ | ||
< ${pkgs.writeText "config.json" (builtins.toJSON cfg.configOptions)} \ | ||
> $out | ||
'' | ||
else cfg.configFile; | ||
|
||
in { | ||
options.services.traefik = { | ||
enable = mkEnableOption "Traefik web server"; | ||
|
||
configFile = mkOption { | ||
default = null; | ||
example = literalExample "/path/to/config.toml"; | ||
type = types.nullOr types.path; | ||
description = '' | ||
Path to verbatim traefik.toml to use. | ||
(Using that option has precedence over <literal>configOptions</literal>) | ||
''; | ||
}; | ||
|
||
configOptions = mkOption { | ||
description = '' | ||
Config for Traefik. | ||
''; | ||
type = types.attrs; | ||
default = { | ||
defaultEntryPoints = ["http"]; | ||
entryPoints.http.address = ":80"; | ||
}; | ||
example = { | ||
defaultEntrypoints = [ "http" ]; | ||
web.address = ":8080"; | ||
entryPoints.http.address = ":80"; | ||
|
||
file = {}; | ||
frontends = { | ||
frontend1 = { | ||
backend = "backend1"; | ||
routes.test_1.rule = "Host:localhost"; | ||
}; | ||
}; | ||
backends.backend1 = { | ||
servers.server1.url = "http://localhost:8000"; | ||
}; | ||
}; | ||
}; | ||
|
||
dataDir = mkOption { | ||
default = "/var/lib/traefik"; | ||
type = types.path; | ||
description = '' | ||
Location for any persistent data traefik creates, ie. acme | ||
''; | ||
}; | ||
|
||
package = mkOption { | ||
default = pkgs.traefik; | ||
defaultText = "pkgs.traefik"; | ||
type = types.package; | ||
description = "Traefik package to use."; | ||
}; | ||
}; | ||
|
||
config = mkIf cfg.enable { | ||
systemd.services.traefik = { | ||
description = "Traefik web server"; | ||
after = [ "network-online.target" ]; | ||
wantedBy = [ "multi-user.target" ]; | ||
serviceConfig = { | ||
PermissionsStartOnly = true; | ||
ExecStart = ''${cfg.package.bin}/bin/traefik --configfile=${configFile}''; | ||
ExecStartPre = [ | ||
''${pkgs.coreutils}/bin/mkdir -p "${cfg.dataDir}"'' | ||
''${pkgs.coreutils}/bin/chmod 700 "${cfg.dataDir}"'' | ||
''${pkgs.coreutils}/bin/chown -R traefik:traefik "${cfg.dataDir}"'' | ||
]; | ||
Type = "simple"; | ||
User = "traefik"; | ||
Group = "traefik"; | ||
Restart = "on-failure"; | ||
StartLimitInterval = 86400; | ||
StartLimitBurst = 5; | ||
AmbientCapabilities = "cap_net_bind_service"; | ||
CapabilityBoundingSet = "cap_net_bind_service"; | ||
NoNewPrivileges = true; | ||
LimitNPROC = 64; | ||
LimitNOFILE = 1048576; | ||
PrivateTmp = true; | ||
PrivateDevices = true; | ||
ProtectHome = true; | ||
ProtectSystem = "full"; | ||
ReadWriteDirectories = cfg.dataDir; | ||
}; | ||
}; | ||
|
||
users.extraUsers.traefik = { | ||
group = "traefik"; | ||
home = cfg.dataDir; | ||
createHome = true; | ||
}; | ||
|
||
users.extraGroups.traefik = {}; | ||
}; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,42 +1,37 @@ | ||
import ./make-test.nix ({ pkgs, ...} : | ||
import ./make-test.nix ({ pkgs, lib, ...}: | ||
let | ||
test = pkgs.writeText "test.sql" '' | ||
CREATE EXTENSION pgcrypto; | ||
CREATE EXTENSION pgjwt; | ||
select sign('{"sub":"1234567890","name":"John Doe","admin":true}', 'secret'); | ||
select * from verify('eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ', 'secret'); | ||
test = with pkgs; runCommand "patch-test" { | ||
nativeBuildInputs = [ pgjwt ]; | ||
} | ||
'' | ||
sed -e '12 i CREATE EXTENSION pgcrypto;\nCREATE EXTENSION pgtap;\nSET search_path TO tap,public;' ${pgjwt.src}/test.sql > $out; | ||
''; | ||
in | ||
{ | ||
with pkgs; { | ||
name = "pgjwt"; | ||
meta = with pkgs.stdenv.lib.maintainers; { | ||
maintainers = [ spinus ]; | ||
meta = with lib.maintainers; { | ||
maintainers = [ spinus willibutz ]; | ||
}; | ||
|
||
nodes = { | ||
master = | ||
{ pkgs, config, ... }: | ||
|
||
{ | ||
services.postgresql = let mypg = pkgs.postgresql95; in { | ||
enable = true; | ||
package = mypg; | ||
extraPlugins =[pkgs.pgjwt]; | ||
initialScript = pkgs.writeText "postgresql-init.sql" | ||
'' | ||
CREATE ROLE postgres WITH superuser login createdb; | ||
''; | ||
}; | ||
master = { pkgs, config, ... }: | ||
{ | ||
services.postgresql = { | ||
enable = true; | ||
extraPlugins = [ pgjwt pgtap ]; | ||
}; | ||
}; | ||
}; | ||
|
||
testScript = '' | ||
testScript = { nodes, ... }: | ||
let | ||
sqlSU = "${nodes.master.config.services.postgresql.superUser}"; | ||
pgProve = "${pkgs.perlPackages.TAPParserSourceHandlerpgTAP}"; | ||
in | ||
'' | ||
startAll; | ||
$master->waitForUnit("postgresql"); | ||
$master->succeed("timeout 10 bash -c 'while ! psql postgres -c \"SELECT 1;\";do sleep 1;done;'"); | ||
$master->succeed("cat ${test} | psql postgres"); | ||
# I can't make original test working :[ | ||
# $master->succeed("${pkgs.perlPackages.TAPParserSourceHandlerpgTAP}/bin/pg_prove -d postgres ${pkgs.pgjwt.src}/test.sql"); | ||
$master->copyFileFromHost("${test}","/tmp/test.sql"); | ||
$master->succeed("${pkgs.sudo}/bin/sudo -u ${sqlSU} PGOPTIONS=--search_path=tap,public ${pgProve}/bin/pg_prove -d postgres -v -f /tmp/test.sql"); | ||
''; | ||
}) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.