174 lines
5.9 KiB
Nix
174 lines
5.9 KiB
Nix
# SPDX-FileCopyrightText: 2022 Gregor Kleen <gregor.kleen@ifi.lmu.de>,Sarah Vaupel <sarah.vaupel@ifi.lmu.de>,Steffen Jost <jost@cip.ifi.lmu.de>,Steffen Jost <jost@tcs.ifi.lmu.de>
|
|
#
|
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
|
|
{ self }: final: prev:
|
|
|
|
with prev.lib;
|
|
|
|
let
|
|
created =
|
|
let
|
|
fromDate = builtins.readFile (prev.runCommand "date" { nativeBuildInputs = with final; [ coreutils ]; } ''
|
|
printf '%s' $(date -Is -d '@${toString self.lastModified}') > $out
|
|
'');
|
|
in if self ? lastModified then fromDate else "1970-01-01T00:00:01Z";
|
|
|
|
mkUniworxDocker = { isDemo }: prev.dockerTools.buildImage {
|
|
name = "uniworx${optionalString isDemo "-demo"}";
|
|
tag =
|
|
let
|
|
versionFile = if isDemo then ./demo-version.json else ./version.json;
|
|
in (builtins.fromJSON (prev.lib.readFile versionFile)).version;
|
|
inherit created;
|
|
|
|
contents = with final; [
|
|
uniworx.uniworx.components.exes.uniworx
|
|
prev.dockerTools.binSh findutils coreutils
|
|
iana-etc
|
|
# for PDF creation with Pandoc and LuaTeX
|
|
#cups # needed for interface with print center -- did not work as intended, requires lpd running
|
|
busybox # should provide a working lpr -- to be tested
|
|
htop
|
|
pdftk # for encrypting pdfs
|
|
#texlive.combined.scheme-medium # too large for container in LMU build environment.
|
|
(texlive.combine {
|
|
inherit (texlive) scheme-basic
|
|
babel-german babel-english booktabs textpos
|
|
enumitem eurosym koma-script parskip xcolor dejavu
|
|
# required fro LuaTeX
|
|
luatexbase lualatex-math unicode-math selnolig
|
|
;
|
|
})
|
|
# just for manual testing within the pod, may be removef for production?
|
|
curl wget netcat openldap
|
|
unixtools.netstat htop gnugrep
|
|
locale
|
|
] ++ optionals isDemo [ postgresql_12 memcached uniworx.uniworx.components.exes.uniworxdb ];
|
|
|
|
runAsRoot = ''
|
|
#!${final.stdenv.shell}
|
|
|
|
${prev.dockerTools.shadowSetup}
|
|
|
|
mkdir -p /var/lib
|
|
|
|
groupadd -r uniworx
|
|
useradd -r -g uniworx -d /var/lib/uniworx -M uniworx --uid 999
|
|
install -d -g uniworx -o uniworx -m 0750 /var/lib/uniworx
|
|
|
|
mkdir -p /var/log
|
|
install -d -g uniworx -o uniworx -m 0755 /var/log/uniworx
|
|
|
|
# just to see how to create directories here
|
|
mkdir -p /testdir
|
|
|
|
${optionalString isDemo ''
|
|
install -d -g uniworx -o uniworx -m 0750 /var/lib/postgres
|
|
|
|
install -d -g uniworx -o uniworx -m 0750 /var/lib/memcached
|
|
|
|
install -d -g uniworx -o uniworx -m 0755 /var/log/postgres
|
|
install -d -g uniworx -o uniworx -m 0755 /var/log/memcached
|
|
|
|
mkdir -p /run
|
|
install -d -g uniworx -o uniworx -m 0755 /run/postgres
|
|
''}
|
|
'';
|
|
|
|
config =
|
|
let
|
|
entrypoint = prev.writeScriptBin "uniworx-entrypoint" ''
|
|
#!${final.zsh}/bin/zsh -xe
|
|
|
|
cTime=$(date -Is)
|
|
|
|
${optionalString isDemo ''
|
|
pgDir=/var/lib/postgres
|
|
pgSockDir=/run/postgres
|
|
pgLogFile=/var/log/postgres/''${cTime}.log
|
|
export PGHOST=''${pgSockDir}
|
|
export PGLOG=''${pgLogFile}
|
|
|
|
pgNew=
|
|
if [[ -n "$(find ''${pgDir} -maxdepth 0 -type d -empty 2>/dev/null)" ]]; then
|
|
pgNew=1
|
|
fi
|
|
|
|
[[ -z "''${pgNew}" ]] || initdb --no-locale --encoding=UTF8 --username postgres --pgdata ''${pgDir}
|
|
pg_ctl start -D ''${pgDir} -l ''${pgLogFile} -w -o "-k ''${pgSockDir} -c listen_addresses= -c hba_file=${postgresHba} -c unix_socket_permissions=0777 -c max_connections=9990 -c shared_preload_libraries=pg_stat_statements -c auto_explain.log_min_duration=100ms"
|
|
[[ -z "''${pgNew}" ]] || psql -f ${postgresSchema} postgres postgres
|
|
|
|
( cd /var/lib/memcached; memcached -p 11212 ) &>/var/log/memcached/''${cTime}.log &
|
|
export SESSION_MEMCACHED_HOST=localhost
|
|
export SESSION_MEMCACHED_PORT=11212
|
|
''}
|
|
|
|
# export LOGDEST=/var/log/uniworx/''${cTime}.log # kubernetes prefers log via stdout
|
|
typeset -a configs
|
|
configs=()
|
|
configDir=''${CONFIG_DIR-/cfg}
|
|
if [[ -d "''${configDir}" ]]; then
|
|
while IFS= read -d $'\0' cfg; do
|
|
configs+=("''${(q)cfg}")
|
|
done < <(find "''${configDir}" \( -name '*.yml' -o -name '*.yaml' \) -print0 | sort -rz)
|
|
fi
|
|
configs+=('${uniworxConfig}')
|
|
cd /var/lib/uniworx
|
|
${optionalString isDemo ''
|
|
[[ -z "''${pgNew}" ]] || uniworxdb -f ''${configs}
|
|
''}
|
|
exec -- uniworx ''${configs}
|
|
'';
|
|
postgresSchema = prev.writeText "schema.sql" ''
|
|
CREATE USER uniworx WITH SUPERUSER;
|
|
CREATE DATABASE uniworx;
|
|
GRANT ALL ON DATABASE uniworx TO uniworx;
|
|
'';
|
|
|
|
postgresHba = prev.writeText "hba_file" ''
|
|
local all all trust
|
|
'';
|
|
uniworxConfig = prev.writeText "uni2work.yml" ''
|
|
port: 8080
|
|
approot: "_env:APPROOT:http://localhost:8080"
|
|
'';
|
|
in {
|
|
Cmd = [ "${entrypoint}/bin/uniworx-entrypoint" ];
|
|
User = "uniworx:uniworx";
|
|
ExposedPorts = {
|
|
"8080/tcp" = {};
|
|
};
|
|
Volumes = {
|
|
"/var/lib/uniworx" = {};
|
|
"/var/log" = {};
|
|
} // optionalAttrs isDemo {
|
|
"/var/lib/postgres" = {};
|
|
};
|
|
};
|
|
};
|
|
in
|
|
{
|
|
ciDocker = prev.dockerTools.buildImageWithNixDb rec {
|
|
name = "uniworx-ci";
|
|
inherit created;
|
|
tag = (builtins.fromJSON (prev.lib.readFile ./ci-version.json)).version;
|
|
fromImage = prev.docker-nixpkgs.nix-unstable;
|
|
|
|
contents = with final; [
|
|
bash coreutils
|
|
minio-client
|
|
xz
|
|
];
|
|
|
|
runAsRoot = ''
|
|
#!${final.stdenv.shell}
|
|
|
|
${final.coreutils}/bin/install -v -m 0777 -d /var/tmp
|
|
'';
|
|
};
|
|
} // mapAttrs (_name: mkUniworxDocker) {
|
|
uniworxDemoDocker = { isDemo = true; };
|
|
uniworxDocker = { isDemo = false; };
|
|
}
|