nixos/trafficserver: avoid input from derivation
Using builtins.readFile to load upstream defaults is a clever trick, but it's not allowed in restricted evaluation mode: which means it fails on Hydra, for example. Besides - in Nixpkgs - depending on derivation as inputs is considered bad practice and should be avoided.
This commit is contained in:
parent
dc2cebde00
commit
5ca89402ee
@ -1031,7 +1031,7 @@
|
|||||||
./services/web-servers/shellinabox.nix
|
./services/web-servers/shellinabox.nix
|
||||||
./services/web-servers/tomcat.nix
|
./services/web-servers/tomcat.nix
|
||||||
./services/web-servers/traefik.nix
|
./services/web-servers/traefik.nix
|
||||||
./services/web-servers/trafficserver.nix
|
./services/web-servers/trafficserver/default.nix
|
||||||
./services/web-servers/ttyd.nix
|
./services/web-servers/ttyd.nix
|
||||||
./services/web-servers/uwsgi.nix
|
./services/web-servers/uwsgi.nix
|
||||||
./services/web-servers/varnish/default.nix
|
./services/web-servers/varnish/default.nix
|
||||||
|
@ -8,21 +8,9 @@ let
|
|||||||
group = config.users.groups.trafficserver.name;
|
group = config.users.groups.trafficserver.name;
|
||||||
|
|
||||||
getManualUrl = name: "https://docs.trafficserver.apache.org/en/latest/admin-guide/files/${name}.en.html";
|
getManualUrl = name: "https://docs.trafficserver.apache.org/en/latest/admin-guide/files/${name}.en.html";
|
||||||
getConfPath = name: "${pkgs.trafficserver}/etc/trafficserver/${name}";
|
|
||||||
|
|
||||||
yaml = pkgs.formats.yaml { };
|
yaml = pkgs.formats.yaml { };
|
||||||
|
|
||||||
fromYAML = f:
|
|
||||||
let
|
|
||||||
jsonFile = pkgs.runCommand "in.json"
|
|
||||||
{
|
|
||||||
nativeBuildInputs = [ pkgs.remarshal ];
|
|
||||||
} ''
|
|
||||||
yaml2json < "${f}" > "$out"
|
|
||||||
'';
|
|
||||||
in
|
|
||||||
builtins.fromJSON (builtins.readFile jsonFile);
|
|
||||||
|
|
||||||
mkYamlConf = name: cfg:
|
mkYamlConf = name: cfg:
|
||||||
if cfg != null then {
|
if cfg != null then {
|
||||||
"trafficserver/${name}.yaml".source = yaml.generate "${name}.yaml" cfg;
|
"trafficserver/${name}.yaml".source = yaml.generate "${name}.yaml" cfg;
|
||||||
@ -73,7 +61,7 @@ in
|
|||||||
|
|
||||||
ipAllow = mkOption {
|
ipAllow = mkOption {
|
||||||
type = types.nullOr yaml.type;
|
type = types.nullOr yaml.type;
|
||||||
default = fromYAML (getConfPath "ip_allow.yaml");
|
default = builtins.fromJSON (builtins.readFile ./ip_allow.json);
|
||||||
defaultText = "upstream defaults";
|
defaultText = "upstream defaults";
|
||||||
example = literalExample {
|
example = literalExample {
|
||||||
ip_allow = [{
|
ip_allow = [{
|
||||||
@ -94,7 +82,7 @@ in
|
|||||||
|
|
||||||
logging = mkOption {
|
logging = mkOption {
|
||||||
type = types.nullOr yaml.type;
|
type = types.nullOr yaml.type;
|
||||||
default = fromYAML (getConfPath "logging.yaml");
|
default = builtins.fromJSON (builtins.readFile ./logging.json);
|
||||||
defaultText = "upstream defaults";
|
defaultText = "upstream defaults";
|
||||||
example = literalExample { };
|
example = literalExample { };
|
||||||
description = ''
|
description = ''
|
@ -0,0 +1,36 @@
|
|||||||
|
{
|
||||||
|
"ip_allow": [
|
||||||
|
{
|
||||||
|
"apply": "in",
|
||||||
|
"ip_addrs": "127.0.0.1",
|
||||||
|
"action": "allow",
|
||||||
|
"methods": "ALL"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"apply": "in",
|
||||||
|
"ip_addrs": "::1",
|
||||||
|
"action": "allow",
|
||||||
|
"methods": "ALL"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"apply": "in",
|
||||||
|
"ip_addrs": "0/0",
|
||||||
|
"action": "deny",
|
||||||
|
"methods": [
|
||||||
|
"PURGE",
|
||||||
|
"PUSH",
|
||||||
|
"DELETE"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"apply": "in",
|
||||||
|
"ip_addrs": "::/0",
|
||||||
|
"action": "deny",
|
||||||
|
"methods": [
|
||||||
|
"PURGE",
|
||||||
|
"PUSH",
|
||||||
|
"DELETE"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
@ -0,0 +1,37 @@
|
|||||||
|
{
|
||||||
|
"logging": {
|
||||||
|
"formats": [
|
||||||
|
{
|
||||||
|
"name": "welf",
|
||||||
|
"format": "id=firewall time=\"%<cqtd> %<cqtt>\" fw=%<phn> pri=6 proto=%<cqus> duration=%<ttmsf> sent=%<psql> rcvd=%<cqhl> src=%<chi> dst=%<shi> dstname=%<shn> user=%<caun> op=%<cqhm> arg=\"%<cqup>\" result=%<pssc> ref=\"%<{Referer}cqh>\" agent=\"%<{user-agent}cqh>\" cache=%<crc>"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "squid_seconds_only_timestamp",
|
||||||
|
"format": "%<cqts> %<ttms> %<chi> %<crc>/%<pssc> %<psql> %<cqhm> %<cquc> %<caun> %<phr>/%<shn> %<psct>"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "squid",
|
||||||
|
"format": "%<cqtq> %<ttms> %<chi> %<crc>/%<pssc> %<psql> %<cqhm> %<cquc> %<caun> %<phr>/%<shn> %<psct>"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "common",
|
||||||
|
"format": "%<chi> - %<caun> [%<cqtn>] \"%<cqtx>\" %<pssc> %<pscl>"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "extended",
|
||||||
|
"format": "%<chi> - %<caun> [%<cqtn>] \"%<cqtx>\" %<pssc> %<pscl> %<sssc> %<sscl> %<cqcl> %<pqcl> %<cqhl> %<pshl> %<pqhl> %<sshl> %<tts>"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "extended2",
|
||||||
|
"format": "%<chi> - %<caun> [%<cqtn>] \"%<cqtx>\" %<pssc> %<pscl> %<sssc> %<sscl> %<cqcl> %<pqcl> %<cqhl> %<pshl> %<pqhl> %<sshl> %<tts> %<phr> %<cfsc> %<pfsc> %<crc>"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"logs": [
|
||||||
|
{
|
||||||
|
"filename": "squid",
|
||||||
|
"format": "squid",
|
||||||
|
"mode": "binary"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user