nixos/trafficserver: avoid input from derivation
Using builtins.readFile to load upstream defaults is a clever trick, but it's not allowed in restricted evaluation mode: which means it fails on Hydra, for example. Besides - in Nixpkgs - depending on derivation as inputs is considered bad practice and should be avoided.
This commit is contained in:
parent
dc2cebde00
commit
5ca89402ee
4 changed files with 76 additions and 15 deletions
|
@ -1031,7 +1031,7 @@
|
|||
./services/web-servers/shellinabox.nix
|
||||
./services/web-servers/tomcat.nix
|
||||
./services/web-servers/traefik.nix
|
||||
./services/web-servers/trafficserver.nix
|
||||
./services/web-servers/trafficserver/default.nix
|
||||
./services/web-servers/ttyd.nix
|
||||
./services/web-servers/uwsgi.nix
|
||||
./services/web-servers/varnish/default.nix
|
||||
|
|
|
@ -8,21 +8,9 @@ let
|
|||
group = config.users.groups.trafficserver.name;
|
||||
|
||||
getManualUrl = name: "https://docs.trafficserver.apache.org/en/latest/admin-guide/files/${name}.en.html";
|
||||
getConfPath = name: "${pkgs.trafficserver}/etc/trafficserver/${name}";
|
||||
|
||||
yaml = pkgs.formats.yaml { };
|
||||
|
||||
fromYAML = f:
|
||||
let
|
||||
jsonFile = pkgs.runCommand "in.json"
|
||||
{
|
||||
nativeBuildInputs = [ pkgs.remarshal ];
|
||||
} ''
|
||||
yaml2json < "${f}" > "$out"
|
||||
'';
|
||||
in
|
||||
builtins.fromJSON (builtins.readFile jsonFile);
|
||||
|
||||
mkYamlConf = name: cfg:
|
||||
if cfg != null then {
|
||||
"trafficserver/${name}.yaml".source = yaml.generate "${name}.yaml" cfg;
|
||||
|
@ -73,7 +61,7 @@ in
|
|||
|
||||
ipAllow = mkOption {
|
||||
type = types.nullOr yaml.type;
|
||||
default = fromYAML (getConfPath "ip_allow.yaml");
|
||||
default = builtins.fromJSON (builtins.readFile ./ip_allow.json);
|
||||
defaultText = "upstream defaults";
|
||||
example = literalExample {
|
||||
ip_allow = [{
|
||||
|
@ -94,7 +82,7 @@ in
|
|||
|
||||
logging = mkOption {
|
||||
type = types.nullOr yaml.type;
|
||||
default = fromYAML (getConfPath "logging.yaml");
|
||||
default = builtins.fromJSON (builtins.readFile ./logging.json);
|
||||
defaultText = "upstream defaults";
|
||||
example = literalExample { };
|
||||
description = ''
|
|
@ -0,0 +1,36 @@
|
|||
{
|
||||
"ip_allow": [
|
||||
{
|
||||
"apply": "in",
|
||||
"ip_addrs": "127.0.0.1",
|
||||
"action": "allow",
|
||||
"methods": "ALL"
|
||||
},
|
||||
{
|
||||
"apply": "in",
|
||||
"ip_addrs": "::1",
|
||||
"action": "allow",
|
||||
"methods": "ALL"
|
||||
},
|
||||
{
|
||||
"apply": "in",
|
||||
"ip_addrs": "0/0",
|
||||
"action": "deny",
|
||||
"methods": [
|
||||
"PURGE",
|
||||
"PUSH",
|
||||
"DELETE"
|
||||
]
|
||||
},
|
||||
{
|
||||
"apply": "in",
|
||||
"ip_addrs": "::/0",
|
||||
"action": "deny",
|
||||
"methods": [
|
||||
"PURGE",
|
||||
"PUSH",
|
||||
"DELETE"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
|
@ -0,0 +1,37 @@
|
|||
{
|
||||
"logging": {
|
||||
"formats": [
|
||||
{
|
||||
"name": "welf",
|
||||
"format": "id=firewall time=\"%<cqtd> %<cqtt>\" fw=%<phn> pri=6 proto=%<cqus> duration=%<ttmsf> sent=%<psql> rcvd=%<cqhl> src=%<chi> dst=%<shi> dstname=%<shn> user=%<caun> op=%<cqhm> arg=\"%<cqup>\" result=%<pssc> ref=\"%<{Referer}cqh>\" agent=\"%<{user-agent}cqh>\" cache=%<crc>"
|
||||
},
|
||||
{
|
||||
"name": "squid_seconds_only_timestamp",
|
||||
"format": "%<cqts> %<ttms> %<chi> %<crc>/%<pssc> %<psql> %<cqhm> %<cquc> %<caun> %<phr>/%<shn> %<psct>"
|
||||
},
|
||||
{
|
||||
"name": "squid",
|
||||
"format": "%<cqtq> %<ttms> %<chi> %<crc>/%<pssc> %<psql> %<cqhm> %<cquc> %<caun> %<phr>/%<shn> %<psct>"
|
||||
},
|
||||
{
|
||||
"name": "common",
|
||||
"format": "%<chi> - %<caun> [%<cqtn>] \"%<cqtx>\" %<pssc> %<pscl>"
|
||||
},
|
||||
{
|
||||
"name": "extended",
|
||||
"format": "%<chi> - %<caun> [%<cqtn>] \"%<cqtx>\" %<pssc> %<pscl> %<sssc> %<sscl> %<cqcl> %<pqcl> %<cqhl> %<pshl> %<pqhl> %<sshl> %<tts>"
|
||||
},
|
||||
{
|
||||
"name": "extended2",
|
||||
"format": "%<chi> - %<caun> [%<cqtn>] \"%<cqtx>\" %<pssc> %<pscl> %<sssc> %<sscl> %<cqcl> %<pqcl> %<cqhl> %<pshl> %<pqhl> %<sshl> %<tts> %<phr> %<cfsc> %<pfsc> %<crc>"
|
||||
}
|
||||
],
|
||||
"logs": [
|
||||
{
|
||||
"filename": "squid",
|
||||
"format": "squid",
|
||||
"mode": "binary"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
Loading…
Reference in a new issue