diff options
| -rw-r--r-- | Makefile | 28 | ||||
| -rw-r--r-- | container.scm | 38 | ||||
| -rwxr-xr-x | guix-container.sh | 14 | ||||
| -rw-r--r-- | hosts-extra | 2 | ||||
| m--------- | subrepos/hydrilla-website | 0 |
5 files changed, 69 insertions, 13 deletions
@@ -13,9 +13,9 @@ GUIX_COMMIT := a86979b41a49a8fcdaa887970ba594dbba701226 GUIX_TM = $(GUIX) time-machine --commit=$(GUIX_COMMIT) -- -GUIX_LOAD_PATHS = $$( \ - find subrepos/ -mindepth 1 -maxdepth 1 \ - -exec printf '-L %s/guix-module-dir/' {} ';' \ +GUIX_LOAD_PATHS = $$( \ + find subrepos/ -mindepth 1 -maxdepth 1 \ + -exec printf ' -L %s/guix-module-dir/' {} ';' \ ) GUIX_SYS_CONTAINER = $(GUIX_TM) system container $(GUIX_LOAD_PATHS) @@ -24,23 +24,31 @@ GUIX_SHELL = $(GUIX_TM) shell KOSZKO_ORG_WEBSITE_INFO = \ subrepos/koszko-org-website/src/koszko_org_website.egg-info/PKG-INFO +HYDRILLA_WEBSITE_INFO = \ + subrepos/hydrilla-website/src/hydrilla_website.egg-info/PKG-INFO TEST_ROOT_DIR = "/tmp/$$(pwd | sed 's|/|!|g')!!test-root" TEST_WWW_DIR=$(TEST_ROOT_DIR)/var/www TEST_ALL_LOGS_DIR = $(TEST_ROOT_DIR)/var/log TEST_LOG_DIR = $(TEST_ALL_LOGS_DIR)/guix-container +TEST_ETC_DIR = $(TEST_ROOT_DIR)/etc/guix-container all: | container-runner.touchfile log $(KOSZKO_ORG_WEBSITE_INFO): $(MAKE) -C subrepos/koszko-org-website dist +$(HYDRILLA_WEBSITE_INFO): + $(MAKE) -C subrepos/hydrilla-website dist -container-runner: | container.scm $(KOSZKO_ORG_WEBSITE_INFO) +container-runner: | container.scm \ + $(KOSZKO_ORG_WEBSITE_INFO) \ + $(HYDRILLA_WEBSITE_INFO) $(GUIX_SYS_CONTAINER) container.scm -r container-runner touch container-runner.touchfile -container-runner.touchfile: \ - container.scm $(KOSZKO_ORG_WEBSITE_INFO) +container-runner.touchfile: container.scm \ + $(KOSZKO_ORG_WEBSITE_INFO) \ + $(HYDRILLA_WEBSITE_INFO) $(MAKE) clean-runner $(MAKE) container-runner @@ -57,11 +65,17 @@ prepare-test-root: printf ':D\n' > $(TEST_WWW_DIR)/koszko.org/html/index.html @# Prepare replacement `/var/log` mkdir -p $(TEST_ALL_LOGS_DIR) + @# Prepare replacement `/etc` + mkdir --mode=750 -p $(TEST_ETC_DIR)/hydrilla-website + printf 'test non-secret\n' > $(TEST_ETC_DIR)/hydrilla-website/secret.txt + chgrp -R 133 $(TEST_ETC_DIR)/hydrilla-website + chmod 640 $(TEST_ETC_DIR)/hydrilla-website/secret.txt GUIX_CONTAINER_FLAGS = \ -e ./container-runner -p ./pidfile \ -l $(TEST_LOG_DIR) \ - -w $(TEST_WWW_DIR) + -w $(TEST_WWW_DIR) \ + -t $(TEST_ETC_DIR) start-container: guix-container.sh container-runner.touchfile \ prepare-test-root | log diff --git a/container.scm b/container.scm index 584914d..12858b9 100644 --- a/container.scm +++ b/container.scm @@ -6,6 +6,7 @@ (use-modules (gnu)) (use-modules (koszko-org-website)) +(use-modules (hydrilla-website)) (use-package-modules web) (use-service-modules web) (use-service-modules shepherd) @@ -81,6 +82,31 @@ Redirect permanent / http://hydrillabugs.org/ "))) +(define %haketilo-virtualhost + (httpd-virtualhost + "*:80" + (list "\ + ServerName haketilo.koszko.org + ServerAlias www.haketilo.koszko.org + ServerAdmin koszko@koszko.org + + <If \"%{HTTP_HOST} != 'haketilo.koszko.org'\"> + Redirect permanent / http://haketilo.koszko.org/ + </If> + + WSGIScriptReloading On + " + #~(let* ((script-rel "/share/hydrilla-website/wsgi.py") + (wsgi-file (string-append #$hydrilla-website script-rel))) + (format #f + "\ + <Files ~s> + Require all granted + </Files> + WSGIScriptAlias / ~a + " + wsgi-file wsgi-file))))) + (define %wsgi-module (httpd-module (name "wsgi_module") @@ -124,7 +150,14 @@ (operating-system (host-name "koszko") (timezone "Europe/Warsaw") - + (groups (cons* (user-group + ;; The `httpd` group must have an explicit id so that the host + ;; can provide files that are readable by Apache and not + ;; readable by the world. + (name "httpd") + (id 133) + (system? #t)) + %base-groups)) (file-systems (cons (file-system (device (file-system-label "does-not-matter")) (mount-point "/") @@ -139,7 +172,8 @@ (list %koszko-org-virtualhost %koszkonutek-tmp-virtualhost %hydrillabugs-virtualhost - %hachettebugs-virtualhost)) + %hachettebugs-virtualhost + %haketilo-virtualhost)) (service (shepherd-service-type 'dummy-network diff --git a/guix-container.sh b/guix-container.sh index f844b5d..064d4c9 100755 --- a/guix-container.sh +++ b/guix-container.sh @@ -26,20 +26,22 @@ fi PIDFILE=/run/guix-container.pid EXECUTABLE=/usr/local/bin/guix-container -LOG_DIR=/var/log/guix-container WWW_DIR=/var/www +LOG_DIR=/var/log/guix-container +ETC_DIR=/etc/guix-container MAX_CONTAINER_SPINUP_WAIT=60 ACTION="$1" shift OPTIND=1 -while getopts p:e:l:w:s: OPTION_LETTER ; do +while getopts p:e:w:l:t:s: OPTION_LETTER ; do case "$OPTION_LETTER" in p) PIDFILE="$OPTARG" ;; e) EXECUTABLE="$OPTARG" ;; - l) LOG_DIR="$OPTARG" ;; w) WWW_DIR="$OPTARG" ;; + l) LOG_DIR="$OPTARG" ;; + t) ETC_DIR="$OPTARG" ;; s) MAX_CONTAINER_SPINUP_WAIT="$OPTARG" ;; esac done @@ -83,14 +85,18 @@ onexit() { start() { KOSZKO_SIDELOAD_REAL="$WWW_DIR"/koszko.org/html LOG_REAL="$LOG_DIR"/container + ETC_REAL="$ETC_DIR" HTTP_DIR_SHARE_OPT=--share="$KOSZKO_SIDELOAD_REAL"=/srv/http/koszko.org LOG_DIR_SHARE_OPT=--share="$LOG_REAL"=/var/log + ETC_DIR_SHARE_OPT=--share="$ETC_REAL"=/etc mkdir --mode=700 -p "$LOG_DIR" mkdir --mode=700 -p "$LOG_DIR"/container - "$EXECUTABLE" "$HTTP_DIR_SHARE_OPT" "$LOG_DIR_SHARE_OPT" \ + "$EXECUTABLE" "$HTTP_DIR_SHARE_OPT" \ + "$LOG_DIR_SHARE_OPT" \ + "$ETC_DIR_SHARE_OPT" \ >> "$LOG_DIR"/stdout.log 2>> "$LOG_DIR"/stderr.log & GUILE_PID=$! diff --git a/hosts-extra b/hosts-extra index c4c3d1a..f9d1a88 100644 --- a/hosts-extra +++ b/hosts-extra @@ -12,3 +12,5 @@ 10.207.87.2 www.hachettebugs.koszko.org 10.207.87.2 hydrillabugs.koszko.org 10.207.87.2 www.hydrillabugs.koszko.org +10.207.87.2 haketilo.koszko.org +10.207.87.2 www.haketilo.koszko.org diff --git a/subrepos/hydrilla-website b/subrepos/hydrilla-website -Subproject e5d9ee98a548e2b863104e52eb2bc309b133617 +Subproject 2b2c70932bf6ffcd77fbe5f6c59a203299f755a |