From 43fa47bce661fc788b68adf35de5f5e42960ca32 Mon Sep 17 00:00:00 2001 From: Matthieu Coudron <886074+teto@users.noreply.github.com> Date: Wed, 16 Aug 2023 23:48:30 +0200 Subject: [PATCH] copying nginx.conf to service --- contrib/nixos-test.nix | 135 ++++++++++++++++++++++------------------- flake.nix | 28 ++++----- 2 files changed, 87 insertions(+), 76 deletions(-) diff --git a/contrib/nixos-test.nix b/contrib/nixos-test.nix index a8649ff..dcd0355 100644 --- a/contrib/nixos-test.nix +++ b/contrib/nixos-test.nix @@ -5,7 +5,8 @@ Look at https://blog.thalheim.io/2023/01/08/how-to-execute-nixos-tests-interacti for how to debug this test */ { - ... + luaEnv + ,... }: let @@ -28,23 +29,23 @@ in { # to be able to test - minio = - { config, pkgs, ... }: { - services.minio = { - enable = true; - # accessKey = s3Login; - # secretKey = s3password; - rootCredentialsFile = "/etc/minio/credentials"; - }; - - # credentialsFile = pkgs.writeTextFile '' - environment.etc."minio/credentials".text = '' - MINIO_ROOT_USER=${s3Login} - MINIO_ROOT_PASSWORD=${s3Password} - ''; - - networking.firewall.enable = false; - }; + # minio = + # { config, pkgs, ... }: { + # services.minio = { + # enable = true; + # # accessKey = s3Login; + # # secretKey = s3password; + # rootCredentialsFile = "/etc/minio/credentials"; + # }; + + # # credentialsFile = pkgs.writeTextFile '' + # environment.etc."minio/credentials".text = '' + # MINIO_ROOT_USER=${s3Login} + # MINIO_ROOT_PASSWORD=${s3Password} + # ''; + + # networking.firewall.enable = false; + # }; postgres = { config, pkgs, ... }: { @@ -87,39 +88,20 @@ in }; - redis = - { config, pkgs, lib, ... }: { - # services.redis.servers."".enable = true; - services.redis.servers.test = { - enable = true; - openFirewall = true; - # passwordFile = "./redis.txt"; - requirePass = "toto"; - settings = { - # port = 0; # conflicts with module one - - # tls-port = 4242; - # tls-cert-file = "${../../data/server.crt}"; - # tls-key-file = "${../../data/server.key}"; - - # disable client authentification - tls-auth-clients = "no"; - }; - }; - - # https://redis.io/topics/config - # https://raw.githubusercontent.com/redis/redis/6.0/redis.conf - # to enable TLS - - - - # users.users = lib.listToAttrs (map (suffix: lib.nameValuePair "member${suffix}" { - # createHome = false; - # description = "A member of the redis${suffix} group"; - # isNormalUser = true; - # extraGroups = [ "redis${suffix}" ]; - # }) ["" "-test"]); - }; + # redis = + # { config, pkgs, lib, ... }: { + # # services.redis.servers."".enable = true; + # services.redis.servers.test = { + # enable = true; + # openFirewall = true; + # # passwordFile = "./redis.txt"; + # requirePass = "toto"; + # settings = { + # # disable client authentification + # tls-auth-clients = "no"; + # }; + # }; + # }; server = { config, pkgs, lib, ... }: { @@ -129,7 +111,7 @@ in # to check .status results pkgs.curl pkgs.jq - pkgs.luaPackages.lapis + # pkgs.luaPackages.lapis # pkgs.nginx pkgs.openresty # pkgs.sassc @@ -144,8 +126,30 @@ in POSTGRESQL_CONNECTION = "user=postgres password= host=postgres dbname=core"; }; - systemd.services.luarocks-site = { - description = "luarocks-ste"; + systemd.services.luarocks-site = let + # /var/lib/onlyoffice/documentserver/sdkjs/{slide/themes,common}/ /var/lib/onlyoffice/documentserver/{fonts,server/FileConverter/bin}/ + # jq moreutils config.services.postgresql.package + # # Allow members of the onlyoffice group to serve files under /var/lib/onlyoffice/documentserver/App_Data + # chmod g+x /var/lib/onlyoffice/documentserver + # cp /run/onlyoffice/config/default.json{,.orig} + onlyoffice-prestart = pkgs.writeShellScript "onlyoffice-prestart" '' + PATH=$PATH:${lib.makeBinPath (with pkgs; [ ])} + umask 077 + mkdir -p /run/luarocks-site/ + cp -r ${./.} /run/luarocks-site + chmod u+w /run/luarocks-site + + ''; + + execLapis = pkgs.writeShellScript "start-lapis" '' + echo "CURRENT DIR: $PWD" + ls -l + ${luaEnv}/bin/lapis serve + ''; + in + + { + description = "luarocks-site"; wantedBy = [ "multi-user.target" ]; path = [ @@ -156,13 +160,20 @@ in serviceConfig = { Environment = [ "POSTGRESQL_CONNECTION='user=postgres password=${postgresPassword} host=postgres dbname=core'" - "AWS_REGION=${s3Region}" - # "AWS_ACCESS_KEY_ID=${s3Login}" - # "AWS_SECRET_ACCESS_KEY=${s3Password}" + # "AWS_REGION=${s3Region}" ]; # TODO it should have access to nginx - ExecStart = "${pkgs.luaPackages.lapis}/bin/lapis serve"; + ExecStartPre = [ onlyoffice-prestart ]; + # WorkingDirectory = "${prl-tools}/bin"; + + # + ExecStart = execLapis; + RuntimeDirectory = "luarocks-site"; + ProtectHome = true; + # https://www.freedesktop.org/software/systemd/man/systemd.unit.html#Specifiers + WorkingDirectory = "%t/luarocks-site"; + }; }; @@ -181,21 +192,23 @@ in # inherit (nodes.machine.config.services) redis; # in # with subtest("All user permissions are set according to the ensureClauses attr"): + # redis.wait_for_unit("redis-test", timeout=60) + # minio.wait_for_unit("minio") '' start_all() - minio.wait_for_unit("minio") postgres.wait_for_unit("postgresql") - redis.wait_for_unit("redis-test", timeout=60) # we would need an s3 equivalent to test further ? # we setup POSTGRESQL_CONNECTION to allow the workers to # server.send_monitor_command("hostfwd_add tcp::8081-:8082") - # jinko.forward_port(8082, 8081) server.start_job("luarocks-site") + server.forward_port(8080, 8080) + # server.execute("journalctl") + server.wait_for_unit("luarocks-site") ''; diff --git a/flake.nix b/flake.nix index 5d9462c..461b837 100644 --- a/flake.nix +++ b/flake.nix @@ -16,6 +16,18 @@ inherit system; overlays = [ self.overlays.default ]; }; + # openresty uses luajit so we need lua5.1 + luaEnv = pkgs.lua5_1.withPackages (lp: [ + lp.luaexpat + lp.busted + lp.luarocks + lp.moonscript # provides moonc compiler + lp.lapis + lp.lapis-console + lp.tableshape + # cloudstorage / zipwriter + + ]); in { @@ -28,7 +40,7 @@ # https://nixos.org/manual/nixos/unstable/index.html#sec-calling-nixos-tests integration-tests = pkgs.testers.runNixOSTest ( - import contrib/nixos-test.nix { } + import contrib/nixos-test.nix { inherit luaEnv; } ); }; @@ -38,20 +50,6 @@ # with pkgs; buildInputs = - let - # openresty uses luajit so we need lua5.1 - luaEnv = pkgs.lua5_1.withPackages (lp: [ - lp.luaexpat - lp.busted - lp.luarocks - lp.moonscript # provides moonc compiler - lp.lapis - lp.lapis-console - lp.tableshape - # cloudstorage / zipwriter - - ]); - in [ pkgs.tup # pkgs.lua5_1.pkgs.luarocks